Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32/zperm Combofix Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 repeat3988

repeat3988

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 20 August 2014 - 09:30 PM

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-16 23:55    --------    d-----w-    c:\windows\system32\appmgmt
2014-08-16 23:55 . 2014-08-16 23:55    --------    d-----w-    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    c:\program files\Enigma Software Group
2014-08-16 22:45 . 2014-08-18 03:38    --------    d-----w-    c:\users\repeat\AppData\Roaming\Lavasoft
2014-08-16 22:41 . 2014-08-16 22:41    --------    d-----w-    c:\program files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\programdata\Lavasoft
2014-08-16 14:35 . 2014-08-16 14:35    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-08-16 14:35 . 2014-08-16 14:35    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 00:38 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-16 00:38 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-16 00:38 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-16 00:38 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-16 00:38 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 00:38 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-15 23:45 . 2014-07-16 03:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-15 23:45 . 2014-07-16 02:46    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-15 23:43 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-08-15 23:43 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-15 23:43 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-15 23:43 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-10 01:54 . 2014-08-10 01:55    --------    d-----w-    c:\users\repeat\AppData\Local\Take On Helicopters
2014-08-08 21:00 . 2014-08-21 02:28    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\programdata\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-08-04 15:48 . 2014-08-04 15:48    --------    d-----w-    c:\users\repeat\AppData\Local\Slopey.com
2014-08-04 15:48 . 2014-08-10 20:21    --------    d-----w-    c:\program files (x86)\Slopey's ED BPC
2014-08-03 23:37 . 2014-08-16 22:46    --------    d-----w-    c:\programdata\Tunngle
2014-08-03 23:37 . 2014-08-09 06:43    --------    d-----w-    c:\users\repeat\AppData\Roaming\Tunngle
2014-08-03 23:37 . 2014-08-03 23:37    --------    d-----w-    c:\program files (x86)\Tunngle
2014-08-03 23:37 . 2009-09-16 12:02    31232    ----a-w-    c:\windows\system32\drivers\tap0901t.sys
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier Developments
2014-08-02 18:23 . 2014-08-02 18:23    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier_Developments
2014-08-02 18:21 . 2014-08-02 18:21    --------    d-----w-    c:\program files (x86)\Frontier
2014-08-01 16:25 . 2014-08-01 16:25    --------    d-----w-    c:\users\repeat\AppData\Local\Robot Entertainment
2014-07-31 00:27 . 2014-07-02 17:44    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-07-31 00:18 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-26 06:59 . 2014-07-26 06:59    --------    d-----w-    c:\users\repeat\AppData\Local\Chromium
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 00:39 . 2014-03-29 22:55    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-05 01:19    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-03-30 04:21    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-05 01:19    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-03-30 04:21    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-07-08 21:04 . 2014-03-30 05:05    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 21:04 . 2014-03-30 05:05    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 03:32 . 2014-03-31 00:37    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-02 20:48 . 2014-03-30 04:21    75040    ----a-w-    c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    61912    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-30 04:21    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-30 04:21    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-03-30 04:21    17555104    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-03-30 04:21    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-29 17:46    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2014-03-30 04:21    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-03-30 04:21    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-03-30 04:21    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-03-30 04:21    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-03-30 04:21    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-03-30 04:21    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-30 17:43 . 2014-06-30 17:43    152344    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-08 23:06    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 23:06    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-08 23:06    3157504    ----a-w-    c:\windows\system32\win32k.sys
2014-06-17 21:21 . 2014-06-17 21:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 21:07 . 2014-06-17 21:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 21:06 . 2014-06-17 21:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 21:06 . 2014-06-17 21:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 21:06 . 2014-06-17 21:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 21:06 . 2014-06-17 21:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 21:06 . 2014-06-17 21:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-08 23:06    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 23:06    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 23:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 23:06    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-08 23:06    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-08 23:06    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-08 23:06    340992    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-08 23:06    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-08 23:06    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-08 23:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-08 23:06    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-08 23:06    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-08 23:06    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-08 23:06    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-08 23:06    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-08 23:06    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-08 23:06    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-08 23:06    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-01 292848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di SBX Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2012-11-28 976896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 00:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 21:04]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [BU]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-11-01 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-11-01 127616]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - (no file)
AddRemove-Take On Hinds - c:\program files (x86)\Steam\steamapps\common\Take On HelicoptersHinds\DataCacheRemoval.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-20  21:28:49
ComboFix-quarantined-files.txt  2014-08-21 02:28
ComboFix2.txt  2014-08-16 23:41
.
Pre-Run: 55,879,815,168 bytes free
Post-Run: 55,852,937,216 bytes free
.
- - End Of File - - FCB733964DE9A38295BE61EF3A1DA436
A36C5E4F47E84449FF07ED3517B43A31
 



BC AdBot (Login to Remove)

 


#2 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 20 August 2014 - 09:38 PM

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-08-16 23:15 . 2014-08-16 23:15    110080    ----a-r-    c:\users\repeat\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    C:\sh4ldr
2014-08-16 23:15 . 2014-08-16 23:15    --------    d-----w-    c:\program files\Enigma Software Group
2014-08-16 22:45 . 2014-08-16 22:45    --------    d-----w-    c:\users\repeat\AppData\Roaming\Lavasoft
2014-08-16 22:41 . 2014-08-16 22:41    --------    d-----w-    c:\program files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-16 22:40 . 2014-08-16 22:40    --------    d-----w-    c:\programdata\Lavasoft
2014-08-16 14:35 . 2014-08-16 14:35    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-08-16 14:35 . 2014-08-16 14:35    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 00:38 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-16 00:38 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-16 00:38 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-16 00:38 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-16 00:38 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-16 00:38 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 00:38 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-15 23:45 . 2014-07-16 03:23    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-08-15 23:45 . 2014-07-16 02:46    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-08-15 23:43 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-08-15 23:43 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-08-15 23:43 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-15 23:43 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-08-10 01:54 . 2014-08-10 01:55    --------    d-----w-    c:\users\repeat\AppData\Local\Take On Helicopters
2014-08-08 21:00 . 2014-08-16 23:32    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\users\repeat\AppData\Local\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\programdata\LogMeIn
2014-08-08 21:00 . 2014-08-08 21:00    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2014-08-04 15:48 . 2014-08-04 15:48    --------    d-----w-    c:\users\repeat\AppData\Local\Slopey.com
2014-08-04 15:48 . 2014-08-10 20:21    --------    d-----w-    c:\program files (x86)\Slopey's ED BPC
2014-08-03 23:37 . 2014-08-16 22:46    --------    d-----w-    c:\programdata\Tunngle
2014-08-03 23:37 . 2014-08-09 06:43    --------    d-----w-    c:\users\repeat\AppData\Roaming\Tunngle
2014-08-03 23:37 . 2014-08-03 23:37    --------    d-----w-    c:\program files (x86)\Tunngle
2014-08-03 23:37 . 2009-09-16 12:02    31232    ----a-w-    c:\windows\system32\drivers\tap0901t.sys
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 18:39 . 2014-08-02 18:39    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier Developments
2014-08-02 18:23 . 2014-08-02 18:23    --------    d-----w-    c:\users\repeat\AppData\Local\Frontier_Developments
2014-08-02 18:21 . 2014-08-02 18:21    --------    d-----w-    c:\program files (x86)\Frontier
2014-08-01 16:25 . 2014-08-01 16:25    --------    d-----w-    c:\users\repeat\AppData\Local\Robot Entertainment
2014-07-31 00:27 . 2014-07-02 17:44    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-07-31 00:18 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-07-26 06:59 . 2014-07-26 06:59    --------    d-----w-    c:\users\repeat\AppData\Local\Chromium
2014-07-19 02:55 . 2014-07-19 02:55    --------    d-----w-    c:\users\repeat\AppData\Roaming\HeroesAndGeneralsDesktop
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-16 00:39 . 2014-03-29 22:55    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-05 01:19    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-03-30 04:21    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-05 01:19    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-03-30 04:21    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-07-08 21:04 . 2014-03-30 05:05    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 21:04 . 2014-03-30 05:05    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 03:32 . 2014-03-31 00:37    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-07-02 20:48 . 2014-03-30 04:21    75040    ----a-w-    c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    61912    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-03-30 04:21    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-03-30 04:21    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-03-30 04:21    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-03-30 04:21    17555104    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-03-30 04:21    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-03-29 17:46    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 18:55 . 2014-03-30 04:21    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-03-30 04:21    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-03-30 04:21    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-03-30 04:21    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-03-30 04:21    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-03-30 04:21    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-30 17:43 . 2014-06-30 17:43    152344    ----a-w-    c:\windows\system32\drivers\avgdiska.sys
2014-06-18 02:18 . 2014-07-08 23:06    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 23:06    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-08 23:06    3157504    ----a-w-    c:\windows\system32\win32k.sys
2014-06-17 21:21 . 2014-06-17 21:21    235800    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2014-06-17 21:07 . 2014-06-17 21:07    328984    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2014-06-17 21:06 . 2014-06-17 21:06    269080    ----a-w-    c:\windows\system32\drivers\avgtdia.sys
2014-06-17 21:06 . 2014-06-17 21:06    190744    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2014-06-17 21:06 . 2014-06-17 21:06    242968    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 21:06 . 2014-06-17 21:06    123672    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
2014-06-17 21:06 . 2014-06-17 21:06    31512    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2014-06-06 10:10 . 2014-07-08 23:06    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 23:06    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 23:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 23:06    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-05-30 08:08 . 2014-07-08 23:06    210944    ----a-w-    c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-08 23:06    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-08 23:06    340992    ----a-w-    c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-08 23:06    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-08 23:06    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-08 23:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-08 23:06    22016    ----a-w-    c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-08 23:06    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-08 23:06    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-08 23:06    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-08 23:06    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-08 23:06    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-08 23:06    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-08 23:06    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-08 23:06    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2014-05-20 02:44 . 2014-05-27 23:11    1889112    ----a-w-    c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-27 23:11    1541576    ----a-w-    c:\windows\system32\nvdispgenco6433788.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-07-01 292848]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di SBX Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2012-11-28 976896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-11 5187088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 CtHdaSvc;SB Recon3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cthda;SB Recon3D HDAudio;c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 e1rexpress;Intel® PCI Express Network Connection Driver R;c:\windows\system32\DRIVERS\e1r62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1r62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys;c:\windows\SYSNATIVE\Drivers\npusbio_x64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-16 00:16    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-30 21:04]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-23 03:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-11-01 766080]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-11-01 127616]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe" [2014-06-03 7715160]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0214c - c:\users\repeat\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Take On Hinds - c:\program files (x86)\Steam\steamapps\common\Take On HelicoptersHinds\DataCacheRemoval.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-16  18:41:03
ComboFix-quarantined-files.txt  2014-08-16 23:41
.
Pre-Run: 41,463,672,832 bytes free
Post-Run: 42,727,227,392 bytes free
.
- - End Of File - - 177777640FFCB5CB4B683CC9520E4D0C
A36C5E4F47E84449FF07ED3517B43A31
 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 25 August 2014 - 09:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 August 2014 - 10:45 PM

Malwarebytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/26/2014
Scan Time: 10:26:26 PM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: repeat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316011
Time Elapsed: 5 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}, Quarantined, [495007c265164beb3e69a4d24cb638c8],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.InstallCore, C:\Users\repeat\Downloads\FreeFileViewerSetup.exe, Quarantined, [dbbe61681f5cdb5b46b8025ea95b16ea],
PUP.Optional.InstallIQ, C:\Users\repeat\Downloads\coretemp_installer.exe, Quarantined, [26733e8b1566b77f5c0008109c65c43c],

Physical Sectors: 0
(No malicious items detected)


(end)

___________________________________________________________________________________

 

AdwCleaner Log:

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 22:37:59
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : repeat - REPEAT-PC
# Running from : C:\Users\repeat\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default\prefs.js ]


-\\ Google Chrome v37.0.2062.94

[ File : C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6443 octets] - [31/03/2014 21:35:04]
AdwCleaner[R1].txt - [897 octets] - [31/03/2014 21:37:36]
AdwCleaner[R2].txt - [4245 octets] - [16/08/2014 18:27:57]
AdwCleaner[R3].txt - [1508 octets] - [26/08/2014 22:36:44]
AdwCleaner[S0].txt - [6309 octets] - [31/03/2014 21:35:18]
AdwCleaner[S1].txt - [957 octets] - [31/03/2014 21:38:03]
AdwCleaner[S2].txt - [4350 octets] - [16/08/2014 18:28:19]
AdwCleaner[S3].txt - [1435 octets] - [26/08/2014 22:37:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1495 octets] ##########
 

___________________________________________________________________________

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by repeat (administrator) on REPEAT-PC on 26-08-2014 22:40:20
Running from C:\Users\repeat\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-07-01] (Intel Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [976896 2012-11-28] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x337FB39AD04BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: IBM Forms Viewer Helper -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Forms Viewer\4.0\PEhelper.dll (IBM Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\repeat\AppData\Roaming\Mozilla\Firefox\Profiles\kc9p8tu2.default
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-22]
CHR Extension: (Google Drive) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-22]
CHR Extension: (Google Cast) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-05-22]
CHR Extension: (Google Search) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-22]
CHR Extension: (Google Wallet) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-22]
CHR Extension: (Gmail) - C:\Users\repeat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-29] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-03-29] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-03-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-04-15] (Creative Technology Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-13] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2798592 2012-03-19] (Atheros Communications, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-06] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-10-31] (Qualcomm Atheros)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1044760 2013-04-15] (Creative Technology Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R3 e1rexpress; C:\Windows\System32\DRIVERS\e1r62x64.sys [495376 2013-04-05] (Intel Corporation)
R3 npusbio; C:\Windows\System32\Drivers\npusbio_x64.sys [38400 2012-07-09] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-03-30] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 22:40 - 2014-08-26 22:40 - 00017470 _____ () C:\Users\repeat\Desktop\FRST.txt
2014-08-26 22:40 - 2014-08-26 22:40 - 00000000 ____D () C:\FRST
2014-08-26 22:39 - 2014-08-26 22:39 - 02103296 _____ (Farbar) C:\Users\repeat\Desktop\FRST64.exe
2014-08-26 22:39 - 2014-08-26 22:39 - 00001575 _____ () C:\Users\repeat\Desktop\AdwCleaner[S3].txt
2014-08-26 22:35 - 2014-08-26 22:35 - 01364531 _____ () C:\Users\repeat\Downloads\adwcleaner_3.308.exe
2014-08-26 22:33 - 2014-08-26 22:33 - 00001472 _____ () C:\Users\repeat\Desktop\malwarebytes.txt
2014-08-26 22:25 - 2014-08-26 22:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 22:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 22:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-26 22:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-26 22:24 - 2014-08-26 22:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\repeat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-20 21:28 - 2014-08-20 21:28 - 00027897 _____ () C:\ComboFix.txt
2014-08-17 22:38 - 2014-08-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-17 22:37 - 2014-08-17 22:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-17 22:36 - 2014-08-17 22:36 - 01707144 _____ () C:\Users\repeat\Downloads\Adaware_Installer(1).exe
2014-08-16 19:29 - 2014-08-16 19:29 - 00000000 __SHD () C:\Users\repeat\AppData\Local\EmieUserList
2014-08-16 19:29 - 2014-08-16 19:29 - 00000000 __SHD () C:\Users\repeat\AppData\Local\EmieSiteList
2014-08-16 18:55 - 2014-08-16 18:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-16 18:55 - 2014-08-16 18:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-16 18:54 - 2014-08-16 18:54 - 00000000 _____ () C:\autoexec.bat
2014-08-16 18:42 - 2014-08-16 18:42 - 00854417 _____ () C:\Users\repeat\Downloads\SecurityCheck.exe
2014-08-16 18:35 - 2014-08-20 21:28 - 00000000 ____D () C:\Qoobox
2014-08-16 18:35 - 2014-08-20 21:23 - 05572251 ____R (Swearware) C:\Users\repeat\Downloads\ComboFix.exe
2014-08-16 18:35 - 2014-08-16 18:40 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 18:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-16 18:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-16 18:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-16 18:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-16 18:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-16 18:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-16 18:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-16 18:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-16 18:30 - 2014-08-16 18:30 - 01016261 _____ (Thisisu) C:\Users\repeat\Downloads\JRT.exe
2014-08-16 18:30 - 2014-08-16 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 18:28 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 18:27 - 2014-08-16 18:27 - 01361203 _____ () C:\Users\repeat\Downloads\adwcleaner_3.306.exe
2014-08-16 18:15 - 2014-08-16 18:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-16 18:14 - 2014-08-16 18:14 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\repeat\Downloads\SpyHunter-Installer.exe
2014-08-16 17:46 - 2014-08-16 17:46 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-16 17:45 - 2014-08-17 22:38 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Lavasoft
2014-08-16 17:42 - 2014-08-16 17:42 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\LavasoftStatistics
2014-08-16 17:41 - 2014-08-16 17:41 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-16 17:40 - 2014-08-16 17:40 - 01707144 _____ () C:\Users\repeat\Downloads\Adaware_Installer.exe
2014-08-16 17:40 - 2014-08-16 17:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-16 09:35 - 2014-08-16 09:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 09:35 - 2014-08-16 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-15 19:38 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 19:38 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 19:38 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 19:38 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 19:38 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 19:38 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 19:38 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 19:38 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 18:45 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 18:45 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 18:44 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 18:44 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 18:44 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 18:44 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 18:44 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 18:44 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 18:44 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 18:44 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 18:44 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 18:44 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 18:44 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 18:44 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 18:44 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 18:44 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 18:44 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 18:44 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 18:44 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 18:44 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 18:44 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 18:44 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 18:44 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 18:44 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 18:44 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 18:44 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 18:44 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 18:44 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 18:44 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 18:44 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 18:44 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 18:44 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 18:44 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 18:44 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 18:44 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 18:44 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 18:44 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 18:44 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 18:44 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 18:44 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 18:44 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 18:44 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 18:44 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 18:44 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 18:44 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 18:44 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 18:44 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 18:44 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 18:44 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 18:44 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 18:44 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 18:44 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 18:44 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 18:44 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 18:44 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 18:44 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 18:44 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 18:44 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 18:44 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 18:44 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 18:44 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 18:44 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 18:44 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 18:44 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 18:44 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 18:44 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 18:44 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 18:44 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 18:43 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 18:43 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 18:43 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 18:43 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\Users\repeat\Documents\Take On Helicopters
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-09 20:54 - 2014-08-09 20:55 - 00000000 ____D () C:\Users\repeat\AppData\Local\Take On Helicopters
2014-08-08 16:00 - 2014-08-26 22:39 - 00000000 ____D () C:\Users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-08 16:00 - 2014-08-08 16:00 - 08499200 _____ () C:\Users\repeat\Downloads\hamachi.msi
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\Users\repeat\AppData\Local\LogMeIn
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-08 15:33 - 2014-08-08 15:33 - 13952624 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer(2).exe
2014-08-08 15:33 - 2014-08-08 15:33 - 13952624 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer(1).exe
2014-08-04 10:48 - 2014-08-10 15:21 - 00000000 ____D () C:\Program Files (x86)\Slopey's ED BPC
2014-08-04 10:48 - 2014-08-04 10:48 - 30536402 _____ (Slopey) C:\Users\repeat\Downloads\BPC.exe
2014-08-04 10:48 - 2014-08-04 10:48 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slopey's ED BPC
2014-08-04 10:48 - 2014-08-04 10:48 - 00000000 ____D () C:\Users\repeat\AppData\Local\Slopey.com
2014-08-03 18:37 - 2014-08-16 17:46 - 00000000 ____D () C:\ProgramData\Tunngle
2014-08-03 18:37 - 2014-08-09 01:43 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Users\repeat\Documents\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-08-03 18:37 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2014-08-03 18:10 - 2014-08-03 18:10 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\repeat\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-08-03 18:08 - 2014-08-09 19:38 - 00000000 ____D () C:\Users\repeat\Documents\SH5
2014-08-02 13:39 - 2014-08-02 13:39 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 13:39 - 2014-08-02 13:39 - 00000000 ____D () C:\Users\repeat\AppData\Local\Frontier Developments
2014-08-02 13:23 - 2014-08-02 13:23 - 00000000 ____D () C:\Users\repeat\AppData\Local\Frontier_Developments
2014-08-02 13:21 - 2014-08-02 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2014-08-02 13:21 - 2014-08-02 13:21 - 00000000 ____D () C:\Program Files (x86)\Frontier
2014-08-02 13:20 - 2014-08-02 13:20 - 13959248 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer.exe
2014-08-02 13:20 - 2014-08-02 13:20 - 00405000 _____ () C:\Users\repeat\Documents\elite dangerous recept.xps
2014-08-01 11:25 - 2014-08-01 11:26 - 00000000 ____D () C:\Users\repeat\Documents\Shiner
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\repeat\Documents\Robot Entertainment
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\repeat\AppData\Local\Robot Entertainment
2014-08-01 09:14 - 2014-08-01 09:14 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-31 22:47 - 2014-07-31 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 19:27 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-30 19:26 - 2014-07-02 15:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-30 19:26 - 2014-07-02 15:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-07-30 19:26 - 2014-07-02 15:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-30 19:18 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-30 19:18 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-30 19:18 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-30 19:18 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-30 19:18 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-30 19:18 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-30 19:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-30 19:18 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 19:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-28 20:54 - 2014-07-28 20:54 - 00109910 _____ () C:\Users\repeat\Downloads\Attachments_2014728.zip
2014-07-28 20:54 - 2014-07-28 20:54 - 00000000 ____D () C:\Users\repeat\Downloads\Attachments_2014728
2014-07-28 20:54 - 2014-07-28 18:54 - 00009990 _____ () C:\Users\repeat\Downloads\smime.p7s
2014-07-28 19:22 - 2014-07-28 19:22 - 05094356 _____ () C:\Users\repeat\Downloads\sandbox_1_24.zip
2014-07-28 19:22 - 2014-07-28 19:22 - 00000000 ____D () C:\Users\repeat\Downloads\sandbox_1_24
2014-07-27 18:39 - 2014-07-27 18:39 - 00001839 _____ () C:\Users\repeat\Documents\Budget.txt
2014-07-27 16:49 - 2014-08-16 19:59 - 00000596 _____ () C:\Users\repeat\Documents\Gideon Budget.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 22:40 - 2014-08-26 22:40 - 00017470 _____ () C:\Users\repeat\Desktop\FRST.txt
2014-08-26 22:40 - 2014-08-26 22:40 - 00000000 ____D () C:\FRST
2014-08-26 22:39 - 2014-08-26 22:39 - 02103296 _____ (Farbar) C:\Users\repeat\Desktop\FRST64.exe
2014-08-26 22:39 - 2014-08-26 22:39 - 00001575 _____ () C:\Users\repeat\Desktop\AdwCleaner[S3].txt
2014-08-26 22:39 - 2014-08-08 16:00 - 00000000 ____D () C:\Users\repeat\AppData\Local\LogMeIn Hamachi
2014-08-26 22:38 - 2014-05-22 22:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 22:38 - 2014-03-31 21:35 - 00000000 ____D () C:\AdwCleaner
2014-08-26 22:38 - 2014-03-29 23:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-26 22:38 - 2014-03-29 23:11 - 01831191 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 22:38 - 2010-11-20 22:47 - 00205536 _____ () C:\Windows\PFRO.log
2014-08-26 22:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 22:38 - 2009-07-13 23:51 - 00065586 _____ () C:\Windows\setupact.log
2014-08-26 22:38 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 22:38 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 22:35 - 2014-08-26 22:35 - 01364531 _____ () C:\Users\repeat\Downloads\adwcleaner_3.308.exe
2014-08-26 22:33 - 2014-08-26 22:33 - 00001472 _____ () C:\Users\repeat\Desktop\malwarebytes.txt
2014-08-26 22:26 - 2014-08-26 22:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 22:25 - 2014-08-26 22:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-26 22:24 - 2014-08-26 22:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\repeat\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-26 22:14 - 2014-05-22 22:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 22:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-08-26 22:04 - 2014-03-30 00:05 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 20:21 - 2014-03-29 23:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-26 20:19 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 20:15 - 2014-07-07 18:33 - 00000000 ____D () C:\Program Files (x86)\ArmA3Sync
2014-08-26 20:15 - 2014-03-29 14:31 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\TS3Client
2014-08-26 19:48 - 2014-03-29 18:15 - 00000000 ____D () C:\Users\repeat\AppData\Local\Arma 3
2014-08-26 19:44 - 2014-03-29 14:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-24 11:53 - 2014-04-05 08:20 - 00000000 ____D () C:\Users\repeat\AppData\Local\CrashDumps
2014-08-20 21:28 - 2014-08-20 21:28 - 00027897 _____ () C:\ComboFix.txt
2014-08-20 21:28 - 2014-08-16 18:35 - 00000000 ____D () C:\Qoobox
2014-08-20 21:28 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-20 21:23 - 2014-08-16 18:35 - 05572251 ____R (Swearware) C:\Users\repeat\Downloads\ComboFix.exe
2014-08-17 22:38 - 2014-08-17 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-08-17 22:38 - 2014-08-16 17:45 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Lavasoft
2014-08-17 22:37 - 2014-08-17 22:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-08-17 22:36 - 2014-08-17 22:36 - 01707144 _____ () C:\Users\repeat\Downloads\Adaware_Installer(1).exe
2014-08-17 21:25 - 2014-03-29 15:18 - 00000000 ____D () C:\Users\repeat\Documents\My Games
2014-08-17 20:58 - 2014-03-29 23:23 - 00198467 _____ () C:\Windows\DirectX.log
2014-08-17 20:57 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-16 19:59 - 2014-07-27 16:49 - 00000596 _____ () C:\Users\repeat\Documents\Gideon Budget.txt
2014-08-16 19:29 - 2014-08-16 19:29 - 00000000 __SHD () C:\Users\repeat\AppData\Local\EmieUserList
2014-08-16 19:29 - 2014-08-16 19:29 - 00000000 __SHD () C:\Users\repeat\AppData\Local\EmieSiteList
2014-08-16 18:55 - 2014-08-16 18:55 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-16 18:55 - 2014-08-16 18:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-16 18:54 - 2014-08-16 18:54 - 00000000 _____ () C:\autoexec.bat
2014-08-16 18:42 - 2014-08-16 18:42 - 00854417 _____ () C:\Users\repeat\Downloads\SecurityCheck.exe
2014-08-16 18:40 - 2014-08-16 18:35 - 00000000 ____D () C:\Windows\erdnt
2014-08-16 18:30 - 2014-08-16 18:30 - 01016261 _____ (Thisisu) C:\Users\repeat\Downloads\JRT.exe
2014-08-16 18:30 - 2014-08-16 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 18:27 - 2014-08-16 18:27 - 01361203 _____ () C:\Users\repeat\Downloads\adwcleaner_3.306.exe
2014-08-16 18:15 - 2014-08-16 18:15 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-16 18:14 - 2014-08-16 18:14 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\repeat\Downloads\SpyHunter-Installer.exe
2014-08-16 17:46 - 2014-08-16 17:46 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-16 17:46 - 2014-08-03 18:37 - 00000000 ____D () C:\ProgramData\Tunngle
2014-08-16 17:42 - 2014-08-16 17:42 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\LavasoftStatistics
2014-08-16 17:41 - 2014-08-16 17:41 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-16 17:40 - 2014-08-16 17:40 - 01707144 _____ () C:\Users\repeat\Downloads\Adaware_Installer.exe
2014-08-16 17:40 - 2014-08-16 17:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-16 15:36 - 2014-04-30 17:29 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-08-16 13:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 09:36 - 2014-06-24 17:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-16 09:35 - 2014-08-16 09:35 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-16 09:35 - 2014-08-16 09:35 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-16 09:35 - 2014-08-16 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-16 09:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 19:40 - 2014-03-29 17:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 19:39 - 2014-03-29 17:55 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 19:38 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 18:42 - 2014-03-31 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-10 15:21 - 2014-08-04 10:48 - 00000000 ____D () C:\Program Files (x86)\Slopey's ED BPC
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\Users\repeat\Documents\Take On Helicopters
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-09 20:55 - 2014-08-09 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-08-09 20:55 - 2014-08-09 20:54 - 00000000 ____D () C:\Users\repeat\AppData\Local\Take On Helicopters
2014-08-09 19:38 - 2014-08-03 18:08 - 00000000 ____D () C:\Users\repeat\Documents\SH5
2014-08-09 01:43 - 2014-08-03 18:37 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Tunngle
2014-08-08 16:00 - 2014-08-08 16:00 - 08499200 _____ () C:\Users\repeat\Downloads\hamachi.msi
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\Users\repeat\AppData\Local\LogMeIn
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-08 16:00 - 2014-08-08 16:00 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-08-08 15:33 - 2014-08-08 15:33 - 13952624 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer(2).exe
2014-08-08 15:33 - 2014-08-08 15:33 - 13952624 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer(1).exe
2014-08-06 21:06 - 2014-08-15 18:43 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-15 18:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 10:48 - 2014-08-04 10:48 - 30536402 _____ (Slopey) C:\Users\repeat\Downloads\BPC.exe
2014-08-04 10:48 - 2014-08-04 10:48 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slopey's ED BPC
2014-08-04 10:48 - 2014-08-04 10:48 - 00000000 ____D () C:\Users\repeat\AppData\Local\Slopey.com
2014-08-04 10:48 - 2014-03-29 23:15 - 00066808 _____ () C:\Users\repeat\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-03 18:39 - 2009-07-13 23:45 - 00305288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Users\repeat\Documents\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2014-08-03 18:37 - 2014-08-03 18:37 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2014-08-03 18:10 - 2014-08-03 18:10 - 04055968 _____ (Tunngle.net GmbH ) C:\Users\repeat\Downloads\Tunngle_Setup_v4.5.1.4b.exe
2014-08-02 13:39 - 2014-08-02 13:39 - 00000000 ____D () C:\Users\repeat\AppData\Roaming\Frontier Developments
2014-08-02 13:39 - 2014-08-02 13:39 - 00000000 ____D () C:\Users\repeat\AppData\Local\Frontier Developments
2014-08-02 13:23 - 2014-08-02 13:23 - 00000000 ____D () C:\Users\repeat\AppData\Local\Frontier_Developments
2014-08-02 13:21 - 2014-08-02 13:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2014-08-02 13:21 - 2014-08-02 13:21 - 00000000 ____D () C:\Program Files (x86)\Frontier
2014-08-02 13:21 - 2014-03-31 16:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-02 13:20 - 2014-08-02 13:20 - 13959248 _____ (Frontier Developments ) C:\Users\repeat\Downloads\Client-Installer.exe
2014-08-02 13:20 - 2014-08-02 13:20 - 00405000 _____ () C:\Users\repeat\Documents\elite dangerous recept.xps
2014-08-01 11:26 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\repeat\Documents\Shiner
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\repeat\Documents\Robot Entertainment
2014-08-01 11:25 - 2014-08-01 11:25 - 00000000 ____D () C:\Users\repeat\AppData\Local\Robot Entertainment
2014-08-01 09:14 - 2014-08-01 09:14 - 00004162 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 09:14 - 2014-06-24 17:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 09:08 - 2014-03-29 23:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 22:47 - 2014-07-31 22:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 18:41 - 2014-08-15 18:44 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-15 18:44 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-30 19:28 - 2014-03-29 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 19:27 - 2014-03-29 23:21 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 19:27 - 2014-03-29 23:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 19:18 - 2014-03-30 00:12 - 00000000 ____D () C:\Users\repeat\AppData\Local\NVIDIA Corporation
2014-07-28 20:54 - 2014-07-28 20:54 - 00109910 _____ () C:\Users\repeat\Downloads\Attachments_2014728.zip
2014-07-28 20:54 - 2014-07-28 20:54 - 00000000 ____D () C:\Users\repeat\Downloads\Attachments_2014728
2014-07-28 19:22 - 2014-07-28 19:22 - 05094356 _____ () C:\Users\repeat\Downloads\sandbox_1_24.zip
2014-07-28 19:22 - 2014-07-28 19:22 - 00000000 ____D () C:\Users\repeat\Downloads\sandbox_1_24
2014-07-28 18:54 - 2014-07-28 20:54 - 00009990 _____ () C:\Users\repeat\Downloads\smime.p7s
2014-07-27 18:39 - 2014-07-27 18:39 - 00001839 _____ () C:\Users\repeat\Documents\Budget.txt

Some content of TEMP:
====================
C:\Users\repeat\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-20 23:08

==================== End Of Log ============================

 

It's running okay I suppose, just the same as last. It's late here, so I guess I'll update you later if I notice any changes the computer's behavior.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 27 August 2014 - 09:08 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#6 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 27 August 2014 - 10:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by repeat at 2014-08-27 18:58:32 Run:1
Running from C:\Users\repeat\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

End
*****************

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
vToolbarUpdater3.1.0 => Service deleted successfully.
catchme => Service deleted successfully.
cpuz137 => Service deleted successfully.
GPUZ => Service deleted successfully.

==== End of Fixlog ====

 

Seems to be running fine now, except for the random Netwrok 3 wired connection that doesn't really exist.

Thanks!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 28 August 2014 - 07:32 AM

Seems to be running fine now, except for the random Netwrok 3 wired connection that doesn't really exist.

Could just be a remnant item. Forget about it.

If it gives you any problem then you can ask in the Networking forum
http://www.bleepingcomputer.com/forums/forum21.html

How to remove it.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 August 2014 - 12:28 PM

Spoke too soon. Got amessage from AVG while browsing Youtube:

Threat: Virus Found Win32/Zperm [More info]

 

Object name: c:\Windows\Temp\3bf524ad-7016-4c93-923e-8a2e74194e58\tmp00003b1c\tmp00004d5e


Edited by repeat3988, 29 August 2014 - 12:32 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 29 August 2014 - 12:55 PM

Was the file quarantined by AVG?

Check the settings and see if you can stop AVG from advising your when an infected file is quarantined/detected.

How is the computer running?

#10 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 31 August 2014 - 06:20 AM

I have done so. It's running fine, just you know, keeps finding the zperm every once in a while.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 31 August 2014 - 07:41 AM


AVG is working well.
Refer to this article.
http://www.avgthreatlabs.com/virus-and-malware-information/info/win-zperm/

#12 repeat3988

repeat3988
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 01 September 2014 - 08:17 AM

Ok Thanks!


Edited by repeat3988, 01 September 2014 - 10:33 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 01 September 2014 - 10:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users