Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd.exe prosess running when no cmd window is up, slows computer down.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Vengurd

Vengurd

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 26 August 2014 - 08:22 PM

 Hi there, I just got done reading the preparation post, so lets see if I get this right first time.

 

 The tools I have already: Malwarebytes Pro, Rkill, BitDefender Total Security 2014, CCleaner, Iobit Uninstaller, Defraggler.

I have not used any of these since I detected I might have a problem, but I have them and am willing to do what is needed.

 

 The issue started up roughly two weeks ago. Everytime I restart my system, my machine runs extremely slowly until I open up Windows Task Manager then find and close the cmd host process (I believe that is what the description says). After which the machine operates as expected. I have spent the first week scanning with the standard tools, Malwarebytes, bitdefender, etc. I've even run Rkill a number of times to make sure my permissions are all set, and it reports no problems.

 

 

 I hope I have provided some information (sorry I'm so vague, I really don't know as much as I'd like to!), but either way, I have the attach.txt attached as I'm supposed to!

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 30 August 2014 - 07:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 30 August 2014 - 08:54 AM

Hello Nasdaq, thank you for helping me. Just did as you asked, so far the computer runs no differently than before, here are the text files.

Also, would you rather I add them in the code format, or do you just want the raw text? For now, I'll post without any formatting until you say otherwise.

 

 

The AdwCleaner.txt -

 

# AdwCleaner v3.308 - Report created 30/08/2014 at 08:28:40
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Isaiah - JERIN-CAL
# Running from : C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Isaiah\AppData\Local\apn
File Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\foxydeal.sqlite
File Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\searchplugins\aol-web-search.xml
File Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.surf.date", "8");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "4");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "8");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Line Deleted : user_pref("aol_toolbar.surf.month", "140");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "2694");
Line Deleted : user_pref("aol_toolbar.surf.total", "5336");
Line Deleted : user_pref("aol_toolbar.surf.week", "115");
Line Deleted : user_pref("aol_toolbar.surf.year", "5270");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v

[ File : C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?cc=us&lang=en&charset=utf-8&qp=+&hpn=Home&hpa=Home&hps=Home&hpr=Home&qt={searchTerms}&search=
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [6466 octets] - [30/08/2014 08:23:00]
AdwCleaner[S0].txt - [6118 octets] - [30/08/2014 08:28:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6178 octets] ##########
 

 

 

 

 

The FRST.txt

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by Isaiah (administrator) on JERIN-CAL on 30-08-2014 08:42:40
Running from C:\Users\Isaiah\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Oracle Corporation) C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1580360 2014-08-25] (Bitdefender)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-08-25] (Bitdefender)
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc)
HKU\S-1-5-21-2869987883-205968704-1330587030-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe [771584 2013-11-25] (Oracle Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: __SafeBox1 -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox2 -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox3 -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: __SafeBox4 -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {1EABE305-EE57-4491-B2A5-30393E9DA13D} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {491C440D-305E-0124-0099-0F3E390C7E87} -> C:\Windows\SysWOW64\clbccatq.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: MP3 Rocket Downloader -> {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default
FF Homepage: file:///C:/Users/Isaiah/Desktop/Page Resources/F Page.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Isaiah\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> D:\Games\BYOND\bin\npbyond.dll (BYOND)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Isaiah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @us-w1.rockmelt.com/RockMelt Update;version=8 -> C:\Users\Isaiah\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Isaiah\AppData\Roaming\mozilla\plugins\npbyond.dll (BYOND)
FF Plugin ProgramFiles/Appdata: C:\Users\Isaiah\AppData\Roaming\mozilla\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Domain Details - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2012-05-23]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-05-23]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-03-27]
FF Extension: Facebook Disconnect - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\facebook@disconnect.me.xpi [2012-05-23]
FF Extension: Google Disconnect - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\google@disconnect.me.xpi [2014-03-27]
FF Extension: ExHentai Easy 2 - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-04-18]
FF Extension: Twitter Disconnect - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\twitter@disconnect.me.xpi [2014-03-27]
FF Extension: NoScript - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-10]
FF Extension: Adblock Plus - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-23]
FF Extension: Greasemonkey - C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-07-21]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-07-21]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HomePage: Default -> file:///C:/Users/Isaiah/Desktop/Page%20Resources/F%20Page.html
CHR DefaultSearchURL: Default -> https://docs.google.com/offline/backgroundshell#ouid=u56c90da4fda6bcba
CHR Plugin: (Yahoo Application State Plugin) - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
CHR Plugin: (Raidcall plugin) - C:\Users\Isaiah\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
CHR Plugin: (BYOND stub plugin for Mozilla) - D:\Games\BYOND\bin\npbyond.dll (BYOND)
CHR Plugin: (RockMelt Update) - C:\Users\Isaiah\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
CHR Profile: C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs Offline Background Page) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (YouTube) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-23]
CHR Extension: (Flash Master) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacfnookefkldifaigjdedpophfjkjeh [2014-08-15]
CHR Extension: (My IP address) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2014-04-23]
CHR Extension: (Adblock Plus) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-23]
CHR Extension: (Google Search) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-23]
CHR Extension: (Bitdefender Wallet) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-07-21]
CHR Extension: (Pandora) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-04-23]
CHR Extension: (IP-Address) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghlojgpiinfelppegaabbiphgomaidml [2014-04-23]
CHR Extension: (ScriptBlock) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-06-01]
CHR Extension: (Allow Right-Click) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-04-23]
CHR Extension: (Spell Checker for Chrome) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2014-04-23]
CHR Extension: (RadioEnhancer) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfijnebfkjdclmcedinoknekamigckii [2014-07-23]
CHR Extension: (FVD Downloader) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Pandora Audio Ad Remover) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhodhemilmjleephoimbfhoajnglghf [2014-07-23]
CHR Extension: (Gmail) - C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-23]
CHR StartMenuInternet: Google Chrome - C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-08-25] (Bitdefender)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-07-14] () [File not signed]
S4 Ds3Service; C:\Program Files\Scarlet Crush Productions XInput\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-03-28] (SurfRight B.V.)
S4 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
S2 Jerin Cal; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14265 2014-08-22] () [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-14] ()
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-08-25] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-26] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-25] (BitDefender)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-01] (Disc Soft Ltd)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
R3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-26] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-17] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-25] (BitDefender S.R.L.)
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 08:40 - 2014-08-30 08:43 - 00024018 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-30 08:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-30 08:22 - 2014-08-30 08:28 - 00000000 ____D () C:\AdwCleaner
2014-08-30 08:13 - 2014-08-30 08:13 - 00001711 _____ () C:\Users\Isaiah\Documents\Bleeping Computer Instructions.txt
2014-08-30 08:12 - 2014-08-30 08:12 - 02103808 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-30 08:11 - 2014-08-30 08:11 - 00000011 _____ () C:\Users\Isaiah\Documents\Battletech place.txt
2014-08-30 08:10 - 2014-08-30 08:10 - 01364531 _____ () C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe
2014-08-28 21:43 - 2014-08-28 21:43 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 21:43 - 2014-08-28 21:43 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-08-28 01:37 - 2014-08-28 01:38 - 39493382 _____ () C:\Users\Isaiah\Downloads\megamek-0.38.0-windows.zip
2014-08-28 01:14 - 2014-08-28 01:15 - 06220854 _____ () C:\Users\Isaiah\Downloads\imag.bmp
2014-08-28 00:50 - 2014-08-29 09:46 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\HexChat
2014-08-28 00:49 - 2014-08-28 01:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\enchant
2014-08-28 00:49 - 2014-08-28 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-08-28 00:48 - 2014-08-28 00:49 - 00000000 ____D () C:\Program Files\HexChat
2014-08-28 00:39 - 2014-08-28 00:40 - 17730379 _____ (HexChat ) C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe
2014-08-28 00:37 - 2014-08-28 00:37 - 07578076 _____ (HexChat ) C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe
2014-08-27 08:05 - 2014-08-27 08:05 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Red Alert 3
2014-08-27 05:25 - 2014-08-27 05:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-26 20:05 - 2014-08-26 20:05 - 00021335 _____ () C:\Users\Isaiah\Desktop\dds.txt
2014-08-26 20:05 - 2014-08-26 20:05 - 00009099 _____ () C:\Users\Isaiah\Desktop\attach.txt
2014-08-26 20:01 - 2014-08-26 20:01 - 00688992 ____R (Swearware) C:\Users\Isaiah\Desktop\dds.com
2014-08-26 19:15 - 2014-08-30 08:42 - 00000000 ____D () C:\FRST
2014-08-23 01:31 - 2014-08-30 08:30 - 00001612 _____ () C:\Windows\PFRO.log
2014-08-22 22:02 - 2014-08-22 22:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\MySQL
2014-08-22 21:39 - 2014-08-22 21:39 - 00003666 _____ () C:\Windows\System32\Tasks\MySQLNotifierTask
2014-08-22 21:38 - 2014-08-22 22:02 - 00000000 ____D () C:\Program Files\MySQL
2014-08-22 21:28 - 2014-08-22 22:02 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-08-22 21:28 - 2014-08-22 21:38 - 00000000 ____D () C:\ProgramData\MySQL
2014-08-20 20:17 - 2014-08-20 21:13 - 00000000 ____D () C:\Users\Isaiah\Documents\GarrysMod
2014-08-20 19:31 - 2014-08-20 19:31 - 336173759 _____ () C:\Users\Isaiah\Downloads\Quinspiracy_Compilation.rar
2014-08-20 13:09 - 2014-08-20 13:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-20 10:55 - 2014-08-20 10:55 - 00000000 ____D () C:\Users\Isaiah\Documents\FreeCol
2014-08-18 11:20 - 2014-08-18 11:20 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\Gibraltar
2014-08-15 17:49 - 2014-08-17 13:51 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\DarknessII
2014-08-15 16:51 - 2014-08-30 08:31 - 00001994 _____ () C:\Windows\setupact.log
2014-08-15 16:51 - 2014-08-15 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 14:11 - 2014-08-28 21:40 - 00103553 _____ () C:\Windows\DirectX.log
2014-08-15 14:10 - 2014-08-15 14:10 - 00000797 _____ () C:\Users\Public\Desktop\Europa Universalis IV.lnk
2014-08-15 14:06 - 2014-08-15 14:06 - 00000218 _____ () C:\Users\Isaiah\AppData\Local\recently-used.xbel
2014-08-14 12:19 - 2014-08-14 12:19 - 00004440 _____ () C:\Users\Isaiah\Documents\cc_20140814_121911.reg
2014-08-14 12:19 - 2014-08-14 12:19 - 00000784 _____ () C:\Users\Isaiah\Documents\cc_20140814_121926.reg
2014-08-14 12:15 - 2014-08-14 12:15 - 00206004 _____ () C:\Users\Isaiah\Documents\cc_20140814_121550.reg
2014-08-08 12:07 - 2014-08-08 12:07 - 00016975 _____ () C:\Users\Isaiah\Documents\Space Stuffs Story.odt
2014-08-05 14:22 - 2014-08-05 14:22 - 00000000 ____D () C:\Users\Isaiah\Documents\Black & White 2
2014-08-01 22:44 - 2014-08-01 22:44 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\java

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-30 08:43 - 2014-08-30 08:40 - 00024018 _____ () C:\Users\Isaiah\Downloads\FRST.txt
2014-08-30 08:42 - 2014-08-26 19:15 - 00000000 ____D () C:\FRST
2014-08-30 08:38 - 2009-07-14 00:13 - 00797822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 08:33 - 2012-05-02 12:42 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Raptr
2014-08-30 08:31 - 2014-08-15 16:51 - 00001994 _____ () C:\Windows\setupact.log
2014-08-30 08:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 08:30 - 2014-08-23 01:31 - 00001612 _____ () C:\Windows\PFRO.log
2014-08-30 08:30 - 2009-07-13 23:45 - 00355032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 08:28 - 2014-08-30 08:22 - 00000000 ____D () C:\AdwCleaner
2014-08-30 08:13 - 2014-08-30 08:13 - 00001711 _____ () C:\Users\Isaiah\Documents\Bleeping Computer Instructions.txt
2014-08-30 08:13 - 2012-03-20 17:18 - 02014969 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 08:12 - 2014-08-30 08:12 - 02103808 _____ (Farbar) C:\Users\Isaiah\Downloads\FRST64.exe
2014-08-30 08:11 - 2014-08-30 08:11 - 00000011 _____ () C:\Users\Isaiah\Documents\Battletech place.txt
2014-08-30 08:11 - 2012-08-15 03:18 - 00000000 ____D () C:\Users\Isaiah\Calibre Library
2014-08-30 08:10 - 2014-08-30 08:10 - 01364531 _____ () C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe
2014-08-30 08:08 - 2012-03-20 19:44 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Skype
2014-08-30 07:57 - 2014-03-15 18:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 07:49 - 2009-07-13 23:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-30 07:49 - 2009-07-13 23:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-30 06:18 - 2014-07-30 19:53 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-29 21:11 - 2014-03-03 19:00 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA6EBC5E-F49F-4820-A0B4-A491E0F817DD}
2014-08-29 09:46 - 2014-08-28 00:50 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\HexChat
2014-08-29 09:27 - 2014-03-29 10:16 - 00000000 ____D () C:\Users\Isaiah\Downloads\Pics
2014-08-29 02:53 - 2012-04-16 00:00 - 00000000 ____D () C:\ProgramData\Origin
2014-08-28 21:43 - 2014-08-28 21:43 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-28 21:43 - 2014-08-28 21:43 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-08-28 21:43 - 2012-04-14 22:14 - 00000000 ____D () C:\Users\Isaiah\Documents\My Games
2014-08-28 21:40 - 2014-08-15 14:11 - 00103553 _____ () C:\Windows\DirectX.log
2014-08-28 21:40 - 2012-03-22 14:39 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\CrashDumps
2014-08-28 06:48 - 2012-04-16 00:00 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-28 01:38 - 2014-08-28 01:37 - 39493382 _____ () C:\Users\Isaiah\Downloads\megamek-0.38.0-windows.zip
2014-08-28 01:15 - 2014-08-28 01:14 - 06220854 _____ () C:\Users\Isaiah\Downloads\imag.bmp
2014-08-28 01:02 - 2014-08-28 00:49 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\enchant
2014-08-28 00:49 - 2014-08-28 00:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2014-08-28 00:49 - 2014-08-28 00:48 - 00000000 ____D () C:\Program Files\HexChat
2014-08-28 00:49 - 2013-04-23 16:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-28 00:40 - 2014-08-28 00:39 - 17730379 _____ (HexChat ) C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe
2014-08-28 00:37 - 2014-08-28 00:37 - 07578076 _____ (HexChat ) C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe
2014-08-27 08:05 - 2014-08-27 08:05 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Red Alert 3
2014-08-27 05:25 - 2014-08-27 05:25 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-26 21:23 - 2014-06-01 18:43 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\ftblauncher
2014-08-26 20:05 - 2014-08-26 20:05 - 00021335 _____ () C:\Users\Isaiah\Desktop\dds.txt
2014-08-26 20:05 - 2014-08-26 20:05 - 00009099 _____ () C:\Users\Isaiah\Desktop\attach.txt
2014-08-26 20:01 - 2014-08-26 20:01 - 00688992 ____R (Swearware) C:\Users\Isaiah\Desktop\dds.com
2014-08-26 15:30 - 2012-12-06 10:24 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\.minecraft
2014-08-26 15:27 - 2014-07-22 10:32 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\foobar2000
2014-08-25 10:07 - 2014-07-21 15:06 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-08-25 10:07 - 2014-07-21 15:06 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-08-25 10:06 - 2014-07-21 15:03 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-08-23 18:53 - 2012-12-28 23:56 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\ftblauncher
2014-08-23 01:48 - 2013-10-17 18:02 - 00000485 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-23 01:34 - 2012-05-02 12:42 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-08-23 01:30 - 2013-08-20 12:34 - 00000000 ____D () C:\Users\Isaiah\Desktop\Page Resources
2014-08-22 22:02 - 2014-08-22 22:02 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\MySQL
2014-08-22 22:02 - 2014-08-22 21:38 - 00000000 ____D () C:\Program Files\MySQL
2014-08-22 22:02 - 2014-08-22 21:28 - 00000000 ____D () C:\Program Files (x86)\MySQL
2014-08-22 21:39 - 2014-08-22 21:39 - 00003666 _____ () C:\Windows\System32\Tasks\MySQLNotifierTask
2014-08-22 21:39 - 2014-07-01 11:52 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\Oracle
2014-08-22 21:39 - 2011-02-11 12:15 - 00814028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-22 21:38 - 2014-08-22 21:28 - 00000000 ____D () C:\ProgramData\MySQL
2014-08-20 21:13 - 2014-08-20 20:17 - 00000000 ____D () C:\Users\Isaiah\Documents\GarrysMod
2014-08-20 19:31 - 2014-08-20 19:31 - 336173759 _____ () C:\Users\Isaiah\Downloads\Quinspiracy_Compilation.rar
2014-08-20 13:12 - 2012-03-20 23:33 - 00000000 ____D () C:\Program Files\Java
2014-08-20 13:09 - 2014-08-20 13:09 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-20 13:09 - 2014-08-20 13:09 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-08-20 12:44 - 2013-04-19 16:24 - 00000000 ____D () C:\Python27
2014-08-20 10:55 - 2014-08-20 10:55 - 00000000 ____D () C:\Users\Isaiah\Documents\FreeCol
2014-08-19 15:01 - 2014-03-15 18:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-19 15:01 - 2012-04-04 15:50 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-19 15:01 - 2012-01-24 20:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-18 11:20 - 2014-08-18 11:20 - 00000000 ____D () C:\Users\Isaiah\AppData\Local\Gibraltar
2014-08-17 13:51 - 2014-08-15 17:49 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\DarknessII
2014-08-15 16:51 - 2014-08-15 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 16:25 - 2012-03-22 02:12 - 00000000 ____D () C:\Users\Isaiah\Documents\Torrents
2014-08-15 16:23 - 2012-03-22 02:12 - 00000000 ____D () C:\Users\Isaiah\Documents\Deluge
2014-08-15 14:10 - 2014-08-15 14:10 - 00000797 _____ () C:\Users\Public\Desktop\Europa Universalis IV.lnk
2014-08-15 14:08 - 2012-03-22 04:51 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\DAEMON Tools Lite
2014-08-15 14:06 - 2014-08-15 14:06 - 00000218 _____ () C:\Users\Isaiah\AppData\Local\recently-used.xbel
2014-08-14 12:21 - 2012-11-02 22:58 - 00000000 ____D () C:\Users\Isaiah\Desktop\Protection
2014-08-14 12:20 - 2014-07-22 10:42 - 00004528 _____ () C:\Users\Isaiah\Desktop\Rkill.txt
2014-08-14 12:19 - 2014-08-14 12:19 - 00004440 _____ () C:\Users\Isaiah\Documents\cc_20140814_121911.reg
2014-08-14 12:19 - 2014-08-14 12:19 - 00000784 _____ () C:\Users\Isaiah\Documents\cc_20140814_121926.reg
2014-08-14 12:15 - 2014-08-14 12:15 - 00206004 _____ () C:\Users\Isaiah\Documents\cc_20140814_121550.reg
2014-08-14 12:11 - 2012-03-21 02:00 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 11:39 - 2014-04-05 23:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-10 19:42 - 2014-04-06 14:39 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\SpaceEngineers
2014-08-08 12:07 - 2014-08-08 12:07 - 00016975 _____ () C:\Users\Isaiah\Documents\Space Stuffs Story.odt
2014-08-07 07:12 - 2012-01-24 20:05 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 09:37 - 2012-09-25 04:00 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2014-08-06 09:37 - 2012-09-25 04:00 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2014-08-06 09:37 - 2012-09-25 04:00 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2014-08-06 09:37 - 2012-09-25 04:00 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2014-08-05 14:22 - 2014-08-05 14:22 - 00000000 ____D () C:\Users\Isaiah\Documents\Black & White 2
2014-08-05 14:12 - 2012-01-24 20:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-03 12:56 - 2012-10-10 18:06 - 00000000 ____D () C:\Users\Isaiah\Documents\Paradox Interactive
2014-08-03 12:36 - 2013-11-18 20:05 - 00000000 ____D () C:\Games
2014-08-03 09:53 - 2013-10-16 03:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-02 23:19 - 2012-04-28 21:20 - 00000000 ___RD () C:\Users\Isaiah\Desktop\#Games
2014-08-02 23:14 - 2014-06-30 18:59 - 00000000 ____D () C:\Users\Isaiah\Downloads\Skyrim
2014-08-01 22:44 - 2014-08-01 22:44 - 00000000 ____D () C:\Users\Isaiah\AppData\Roaming\java
2014-08-01 22:20 - 2014-06-04 20:51 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000UA1cec6c2f4af660c.job
2014-08-01 22:20 - 2014-06-04 20:51 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000Core1cec6c2f1ee3fe9.job
2014-08-01 22:18 - 2012-05-14 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Isaiah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 08:41

==================== End Of Log ============================

 

 

 

 

 

The Addition.txt -

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2014
Ran by Isaiah at 2014-08-30 08:43:29
Running from C:\Users\Isaiah\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
Alien Swarm - SDK (HKLM-x32\...\Steam App 640) (Version:  - Valve)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Beamdog)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Banished (HKLM-x32\...\GOGPACKBANISHED_is1) (Version: 2.0.0.3 - GOG.com)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.12.0.958 - Bitdefender)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Black & White® 2 Battle of the Gods (HKLM-x32\...\{10631C28-62E5-477C-9B40-40C5EA8219BE}) (Version: 1.00.0000 - Lionhead Studios)
BYOND (HKLM-x32\...\BYOND) (Version: 504.1234 - BYOND)
calibre 64bit (HKLM\...\{04837B39-5F32-426D-A16A-7CE949E82D6D}) (Version: 1.44.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 26.0.0.2 - COMODO)
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version:  - ConTEXT Project Ltd)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Don't Starve Mod Tools (HKLM-x32\...\Steam App 245850) (Version:  - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dynasty Warriors 8 Xtreme Legends (HKLM-x32\...\Dynasty Warriors 8 Xtreme Legends_is1) (Version:  - )
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 1.7.1.0 - )
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version:  - Paradox Development Studio)
Europa Universalis IV (HKLM-x32\...\Europa Universalis IV_is1) (Version:  - Paradox Interactive)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
For The Glory (HKLM-x32\...\Steam App 42810) (Version:  - Crystal Empire Games)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Hearts of Iron III - Their Finest Hour version 4.02 (HKLM-x32\...\{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1) (Version: 4.02 - Paradox Interactive)
Hearts of Iron III Gold (HKLM-x32\...\{ACBE6747-6FC1-48DB-8E5D-E81EFCB1EC72}) (Version: 2.03.00.0 - Paradox Interactive)
Hearts of Iron III: For the Motherland Version 3.05 (HKLM-x32\...\Hearts of Iron III: For the Motherland_is1) (Version: 3.05 - Paradox Interactive)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.1 - HexChat)
HHD Software Free Hex Editor 3.10 (HKLM-x32\...\{96DB0658-F44A-4899-BBD3-29261B18AE93}) (Version: 3.10.0.0000 - HHD Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.10.2466 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
Killing Floor SDK (HKLM-x32\...\Steam App 1260) (Version:  - Tripwire Interactive)
Left 4 Dead 2 Authoring Tools (HKLM-x32\...\Steam App 563) (Version:  - Valve)
Left 4 Dead Authoring Tools (HKLM-x32\...\Steam App 513) (Version:  - Valve)
LibreOffice 4.1 Help Pack (English (United States)) (HKLM-x32\...\{53ECAFB6-CD08-4FD4-8B89-A25F18171C93}) (Version: 4.1.3.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Livestream Procaster (HKLM-x32\...\{2515EAA9-AE9F-4F0A-8301-B40034838B8A}) (Version: 20.3.0 - Procaster)
Lua for Windows 5.1.4-46 (HKLM-x32\...\Lua_is1) (Version: 5.1.4.46 - The Lua for Windows Project and Lua and Tecgraf, PUC-Rio)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DirectX SDK (March 2008) (HKLM-x32\...\{92DF1607-ABCD-4511-8095-2436D94E952C}) (Version: 9.22.1284 - Microsoft® Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: 6.3.8 PRO - MP3 Rocket Inc)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{E8528562-D612-4331-8A5B-57532D89716B}) (Version: 5.1.31 - Oracle Corporation)
MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle)
MySQL Connector Python v1.2.2 for Python v2.7 (HKLM-x32\...\{EAA63D41-085C-4E85-B2CC-9B60467BF27C}) (Version: 1.2.2 - Oracle)
MySQL Connector Python v1.2.2 for Python v3.3 (HKLM-x32\...\{345018CB-60E7-4CC9-8DBA-6E908B8882E8}) (Version: 1.2.2 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{4E2AAB30-1E42-4ACA-B1A9-3AE8629D0C89}) (Version: 6.1.5 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{64B38518-F700-4494-B42C-F8A86732C10B}) (Version: 5.6.20 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{D84FD9D9-C894-4235-B18A-637BBDF4047C}) (Version: 1.3.7.0 - Oracle Corporation)
MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle)
MySQL Server 5.6 (HKLM\...\{54254A43-B0F1-4316-AD03-1FA01BFEF7B9}) (Version: 5.6.20 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{AD74E509-A826-4C30-93C3-73E2DFE271F2}) (Version: 1.4.3 - Oracle Corporation)
MySQL Workbench 6.1 CE (HKLM-x32\...\{AD95295B-0279-43B6-A873-F12A1D1CD146}) (Version: 6.1.7 - Oracle Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.8 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 Authoring Tools - Beta (HKLM-x32\...\Steam App 629) (Version:  - Valve)
Python 2.7 comtypes-0.6.2 (HKLM-x32\...\comtypes-py2.7) (Version:  - )
Python 2.7 pywin32-218 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
Python 3.3.0 (64-bit) (HKLM\...\{290329c4-a276-3aec-b633-9f5a39d8dd96}) (Version: 3.3.150 - Python Software Foundation)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.4-1.0.12786.82 - raidcall.com)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD)
RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0 beta r2081 - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Red Orchestra 2 SDK (HKLM-x32\...\Steam App 104310) (Version:  - )
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RockMelt (HKCU\...\RockMelt) (Version: 0.16.91.483 - RockMelt, Inc.)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.6.1 - Rockstar Games)
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 13-1112-2033 - Peter L Jones)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sleipnir Version 4.3.6 (HKLM-x32\...\FenrirSleipnirV3_is1) (Version: 4.3.6 - Fenrir Inc.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
Source SDK Base 2013 Singleplayer (HKLM-x32\...\Steam App 243730) (Version:  - )
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Space Hack (HKLM-x32\...\Steam App 315260) (Version:  - Rebelmind)
Speccy (HKLM\...\Speccy) (Version: 1.22 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.0.0.16117 - Blizzard Entertainment)
StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1 (HKLM-x32\...\U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1) (Version: 1 - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 2 (HKLM-x32\...\Steam App 40960) (Version:  - FireFly Studios)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TES Construction Set (HKLM-x32\...\{605333A6-963F-480C-A358-1301CAA6CFF6}) (Version:  - )
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.109 - Electronic Arts)
The Sims Medieval Pirates and Nobles (HKLM-x32\...\{0CC21836-A5D6-4641-B4AE-6FA01D021E41}) (Version: 2.0.109 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Walking Dead 400 Days (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWQ=_is1) (Version: 1 - )
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Two Worlds Control Panel 1.0.7 (HKLM-x32\...\{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}) (Version: 1.0.7 - Inside Operations)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unreal Development Kit (HKLM-x32\...\Steam App 13260) (Version:  - Epic Games)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A1188CD2-9C9F-11E2-B88F-F04DA23A5C58}) (Version: 12.0.563 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinSCP 5.5.2 (HKLM-x32\...\winscp3_is1) (Version: 5.5.2 - Martin Prikryl)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2869987883-205968704-1330587030-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2869987883-205968704-1330587030-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Isaiah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

18-06-2012 21:55:52 Windows Update
19-06-2012 09:07:26 Windows Update
22-06-2012 09:55:07 Windows Update
26-06-2012 09:55:14 Windows Update
27-08-2014 13:04:17 Installed DirectX
28-08-2014 05:49:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
29-08-2014 02:40:01 Installed DirectX 9.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-08-14 12:21 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1C2F55B4-8196-44E6-BD92-BAD6D1635EA9} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {2A2554EA-7B9F-4FD0-AAB2-294050F1C4A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000UA1cec6c2f4af660c => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {82797B1C-7C4D-4D8F-ADA1-84A756BD1FF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-19] (Adobe Systems Incorporated)
Task: {869733BA-9DB2-4EC5-A6ED-BC36948A13D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000Core1cec6c2f1ee3fe9 => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20] (Google Inc.)
Task: {A20C67D5-7ADF-400C-B1DE-8867A2A36E63} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {A29D55B8-E89E-4268-B4D1-98F56A6DC7F4} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {DC9CF777-645B-48E6-B727-0705FEEA2D1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DFFD1ED6-9E42-46B7-8A93-FBB03BAB4649} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000Core1cec6c2f1ee3fe9.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000UA1cec6c2f4af660c.job => C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-25 10:07 - 2014-08-25 10:07 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-07-21 15:07 - 2014-07-11 17:30 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-07-21 15:06 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2014-07-24 02:51 - 2014-07-24 02:51 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpbr.mdl
2014-07-24 02:51 - 2014-07-24 02:51 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpdsp.mdl
2014-07-24 02:51 - 2014-07-24 02:51 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttpph.mdl
2014-07-24 02:51 - 2014-07-24 02:51 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00047_002\ashttprbl.mdl
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-06-28 00:56 - 2007-09-02 15:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-04-09 22:55 - 2014-04-14 20:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-21 15:06 - 2013-03-25 16:16 - 01117920 _____ () C:\Program Files\Bitdefender\Bitdefender SafeBox\System.Data.SQLite.dll
2012-06-28 00:56 - 2007-09-02 15:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Isaiah\Desktop\dds.com:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: a2AntiMalware => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD_RAIDXpert => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Desura Install Service => 3
MSCONFIG\Services: Ds3Service => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: IceDragonUpdater => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^Isaiah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Assistant.lnk => C:\Windows\pss\Game Assistant.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A076ADD001B14D65CB3B537125C => "c:\users\isaiah\appdata\local\google\chrome\application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_A076ADD001B14D65CB3B537125C703EF => "C:\Users\Isaiah\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: NvBackend => c:\program files (x86)\nvidia corporation\update core\nvbackend.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RockMelt Update => "C:\Users\Isaiah\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "c:\program files\microsoft xbox 360 accessories\xboxstat.exe" silentrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2014 08:31:22 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (08/30/2014 08:31:14 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/30/2014 08:16:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (08/30/2014 08:16:55 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (08/30/2014 07:34:23 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/30/2014 06:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/30/2014 05:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/30/2014 04:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/30/2014 03:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005

Error: (08/30/2014 02:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005


System errors:
=============
Error: (08/30/2014 08:31:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Jerin Cal service failed to start due to the following error:
%%1053

Error: (08/30/2014 08:31:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Jerin Cal service to connect.

Error: (08/30/2014 08:16:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Jerin Cal service failed to start due to the following error:
%%1053

Error: (08/30/2014 08:16:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Jerin Cal service to connect.

Error: (08/29/2014 09:34:21 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (08/28/2014 08:34:17 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (08/28/2014 06:30:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/28/2014 06:30:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/27/2014 08:34:13 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

Error: (08/26/2014 08:34:10 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}


Microsoft Office Sessions:
=========================
Error: (08/30/2014 08:31:22 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (08/30/2014 08:31:14 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (08/30/2014 08:16:55 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (08/30/2014 08:16:55 AM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting

Error: (08/30/2014 07:34:23 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (08/30/2014 06:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (08/30/2014 05:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (08/30/2014 04:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (08/30/2014 03:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005

Error: (08/30/2014 02:34:22 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005


CodeIntegrity Errors:
===================================
  Date: 2013-03-10 18:26:26.842
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-03-10 18:26:26.803
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-8100 Eight-Core Processor
Percentage of memory in use: 24%
Total physical RAM: 10014.89 MB
Available physical RAM: 7576.3 MB
Total Pagefile: 20027.96 MB
Available Pagefile: 17693.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Jerin Cal) (Fixed) (Total:1845.55 GB) (Free:1036.22 GB) NTFS
Drive d: (Pera Cal) (Fixed) (Total:465.56 GB) (Free:339.09 GB) NTFS
Drive e: (Megan) (Fixed) (Total:455.35 GB) (Free:406.63 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (FACTORY_IMAGE) (Fixed) (Total:10.31 GB) (Free:1.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive m: () (Removable) (Total:7.26 GB) (Free:7.23 GB) FAT32
Drive n: (WD Unlocker) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF
Drive p: (HP_RECOVERY) (Fixed) (Total:17 GB) (Free:2.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.7 GB) (Disk ID: 0DD7D98D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: E5E627E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1845.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 42CA08B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7.3 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)

==================== End Of Log ============================

 

 

 

Waiting for further instructions.

 

EDIT: I don't do toolbars. I don't do amazon and I almost compulsively scan for PUPs on a monthly basis (yes, I do slip quite a bit on that schedule). :/ I thought I was doing good.


Edited by Vengurd, 30 August 2014 - 08:57 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 30 August 2014 - 10:48 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: Adobe PDF Link Helper -> {491C440D-305E-0124-0099-0F3E390C7E87} -> C:\Windows\SysWOW64\clbccatq.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Isaiah\Desktop\dds.com:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe:BDU

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 30 August 2014 - 12:50 PM

So far there isn't too much difference. There is some slight improvement in load times all around.

 

 

 

Fixlog -

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-08-2014
Ran by Isaiah at 2014-08-30 12:21:08 Run:1
Running from C:\Users\Isaiah\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: Adobe PDF Link Helper -> {491C440D-305E-0124-0099-0F3E390C7E87} -> C:\Windows\SysWOW64\clbccatq.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Isaiah\Desktop\dds.com:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe:BDU
AlternateDataStreams: C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe:BDU

End
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{491C440D-305E-0124-0099-0F3E390C7E87}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{491C440D-305E-0124-0099-0F3E390C7E87}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
"C:\Users\Isaiah\Desktop\dds.com" => ":BDU" ADS not found.
C:\Users\Isaiah\Downloads\adwcleaner_3.308.exe => ":BDU" ADS removed successfully.
C:\Users\Isaiah\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\Isaiah\Downloads\HexChat 2.10.1 x64.exe => ":BDU" ADS removed successfully.
C:\Users\Isaiah\Downloads\HexChat Spelling Dictionaries r2.exe => ":BDU" ADS removed successfully.

==== End of Fixlog ====

 

 

 

SecurityCheck -





 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2015 vsserv.exe  
 Bitdefender Bitdefender 2015 bdagent.exe  
 Bitdefender Bitdefender 2015 bdwtxag.exe  
 Bitdefender Bitdefender 2015 Antispam32 bdwtxapps.exe
 Bitdefender Bitdefender 2015 updatesrv.exe  
 Bitdefender Bitdefender SafeBox safeboxservice.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Edited by Vengurd, 30 August 2014 - 12:52 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 30 August 2014 - 12:51 PM

Looking good.

Is your computer problem still persisting?

#7 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 30 August 2014 - 01:24 PM

So far things seem a bit better, though looking in the processes the cmd.exe is still running with no window. Description is Windows Command Processor. Until recently, I've never had that process running, the file location is inside the SysWOW64 folder, which until recently I hadn't seen anything about.

Closing the process just see's it reopenned at a later time, when the process is running all of my programs slow down, some of which even crash when before this process started showing up didn't.

The short version of it: Before this process started up randomly, had just fine load times, could run some demanding programs. After this process started up randomly, most programs struggle to run until the process is ended, which then sneaks back after a while.

EDIT: Super short, it appears to be persisting.


Edited by Vengurd, 30 August 2014 - 01:25 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 31 August 2014 - 07:13 AM

I've never had that process running, the file location is inside the SysWOW64 folder

Is the file cmd.exe or some other file?
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#9 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 05 September 2014 - 11:02 AM

Hi there. My apologies for the long wait. I got pretty ill. Here's the file as requested.

 

At first the process was showing itself as a cmd.exe process out of the sysWOW64 folder, ending the process did nothing but speed up the computer.

However, now it reports itself as a cmd.3xe process and fires off a few conhost processes that eat up more of my processing power.

Me not thinking, I ran ComboFix and jumped in the shower, hopped out, looked at the txt file generated and closed it without thinking. I was unable to find the file so I ran combofix again, which at the end of the process told me where to find the file. So not sure if that'll affect things, the first file said something about deleted files, this one doesn't.

 

 

 

ComboFix 14-09-05.01 - Isaiah 09/05/2014  10:42:51.3.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.10015.6128 [GMT -5:00]
Running from: c:\users\Isaiah\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-05 to 2014-09-05  )))))))))))))))))))))))))))))))
.
.
2014-09-05 15:50 . 2014-09-05 15:50    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-09-05 15:50 . 2014-09-05 15:50    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-01 17:42 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-09-01 17:42 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-09-01 17:42 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-09-01 17:42 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-09-01 17:42 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-09-01 17:42 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-09-01 17:41 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-09-01 17:41 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-09-01 17:39 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-01 16:13 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-08-30 13:24 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-30 13:22 . 2014-08-30 13:28    --------    d-----w-    C:\AdwCleaner
2014-08-29 02:43 . 2014-08-29 02:43    --------    d-----w-    c:\programdata\Age of Empires 3
2014-08-28 05:50 . 2014-09-02 22:26    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\HexChat
2014-08-28 05:49 . 2014-08-28 06:02    --------    d-----w-    c:\users\Isaiah\AppData\Local\enchant
2014-08-28 05:48 . 2014-08-28 05:49    --------    d-----w-    c:\program files\HexChat
2014-08-27 13:05 . 2014-08-27 13:05    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\Red Alert 3
2014-08-27 00:15 . 2014-08-30 17:21    --------    d-----w-    C:\FRST
2014-08-23 03:02 . 2014-08-23 03:02    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\MySQL
2014-08-23 02:38 . 2014-08-23 03:02    --------    d-----w-    c:\program files\MySQL
2014-08-23 02:28 . 2014-08-23 03:02    --------    d-----w-    c:\program files (x86)\MySQL
2014-08-23 02:28 . 2014-08-23 02:38    --------    d-----w-    c:\programdata\MySQL
2014-08-20 18:09 . 2014-08-20 18:09    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-08-20 18:09 . 2014-08-20 18:09    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-08-20 18:09 . 2014-08-20 18:09    189352    ----a-w-    c:\windows\system32\java.exe
2014-08-20 18:09 . 2014-08-20 18:09    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-18 16:20 . 2014-08-18 16:20    --------    d-----w-    c:\users\Isaiah\AppData\Local\Gibraltar
2014-08-15 22:49 . 2014-08-17 18:51    --------    d-----w-    c:\users\Isaiah\AppData\Roaming\DarknessII
2014-08-07 12:12 . 2014-08-07 12:12    --------    d-----w-    c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-25 15:07 . 2014-07-21 20:06    647752    ----a-w-    c:\windows\system32\drivers\avckf.sys
2014-08-25 15:07 . 2014-07-21 20:06    1260120    ----a-w-    c:\windows\system32\drivers\avc3.sys
2014-08-25 15:06 . 2014-07-21 20:03    419616    ----a-w-    c:\windows\system32\drivers\trufos.sys
2014-08-19 20:01 . 2012-04-04 20:50    699568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-19 20:01 . 2012-01-25 01:11    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-06 14:37 . 2012-09-25 09:00    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-08-06 14:37 . 2012-09-25 09:00    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-08-06 14:37 . 2012-09-25 09:00    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-08-06 14:37 . 2012-09-25 09:00    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-08-01 04:41 . 2012-03-24 06:26    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-21 20:37 . 2014-07-21 20:37    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin32.dll
2014-07-02 03:09 . 2014-07-18 08:04    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D43122AD-2E8D-43F0-A0CD-848E8BE02E1F}\mpengine.dll
2014-06-30 21:03 . 2014-06-30 21:03    2454016    ----a-w-    c:\windows\SysWow64\python27.dll
2014-06-20 01:14 . 2014-06-20 01:14    901848    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2014-06-20 01:14 . 2014-06-20 01:14    73800    ----a-w-    c:\windows\system32\RtNicProp64.dll
2014-06-20 01:14 . 2012-01-25 00:48    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2014-06-20 00:02 . 2014-04-17 08:05    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\erdnt\cache64\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-04-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-04-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\erdnt\cache86\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2014-08-25 815088]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-05-08 2993376]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.5\MySqlNotifier.exe" [2013-11-25 771584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Jerin Cal;Jerin Cal;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini Jerin Cal;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini Jerin Cal [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 a2AntiMalware;Emsisoft Anti-Malware 8.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
R4 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R4 Ds3Service;SCP DS3 Service;c:\program files\Scarlet Crush Productions XInput\ScpService.exe;c:\program files\Scarlet Crush Productions XInput\ScpService.exe [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R4 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x]
R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:01]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000Core1cec6c2f1ee3fe9.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 00:05]
.
2014-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2869987883-205968704-1330587030-1000UA1cec6c2f4af660c.job
- c:\users\Isaiah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-21 00:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-22 15:54    2471744    ----a-w-    c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-08-25 15:07    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-08-25 15:07    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-08-25 15:07    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-08-25 15:07    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-08-24 37888]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2350880]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2014-08-25 1580360]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\qzp5igf6.default\
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Isaiah/Desktop/Page Resources/F Page.html
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Jerin Cal]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" Jerin Cal"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2869987883-205968704-1330587030-1000\Software\SecuROM\License information*]
"datasecu"=hex:03,e6,a5,a6,e9,5a,f6,0f,3b,92,75,4b,e1,c0,43,c4,6c,60,47,b6,19,
   3f,4c,d3,73,82,35,aa,5f,aa,8c,ae,6d,8d,3d,f5,c8,06,62,bf,23,b2,c2,03,00,74,\
"rkeysecu"=hex:93,e9,aa,49,36,c4,0a,98,3f,03,7e,e7,94,84,c0,18
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-05  10:53:45
ComboFix-quarantined-files.txt  2014-09-05 15:53
ComboFix2.txt  2014-09-05 15:15
ComboFix3.txt  2013-03-10 23:53
.
Pre-Run: 1,089,075,326,976 bytes free
Post-Run: 1,088,983,478,272 bytes free
.
- - End Of File - - 9FD4B8149897DCB6E8F5FA75082CEEDF
 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 06 September 2014 - 07:24 AM

As the issue been fixed?

#11 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 06 September 2014 - 12:18 PM

Well, loading times and such are very much better, so whatever that did, it helped.

 

I still have the cmd.exe *32 process randomly popping up. Opening file location takes me to the cmd.exe in the SysWOW64 folder. Is that indicative of anything? Or am I just being overly worried here?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 07 September 2014 - 06:56 AM

Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    cmd.exe

    :regfind
    cmd.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#13 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 07 September 2014 - 09:50 AM

Hi there. Ran into a bit of a problem. When running the systemlook tool, I went into the other room and made a fresh pot of coffee and returned to find a blue screen with a constant hum. Snapped a picture with my cell. Quality isn't all that great but it captures most of the relevant data (I hope).

 

 Restarted the machine and the tool worked, here's the file, will attach image of blue screen. File is apparently too large. If I uploaded the image via imgur or other host site, would I be able to link it here or is that a no-no?

 

 

 

 

 

 

 

 

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:37 on 07/09/2014 by Isaiah
Administrator - Elevation successful

========== filefind ==========

Searching for "cmd.exe"
C:\Windows\System32\cmd.exe    --a---- 345088 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 5746BD7E255DD6A8AFA06F7C42C1BA41
C:\Windows\SysWOW64\cmd.exe    --a---- 302592 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] AD7B9C14083B52BC532FBA5948342B98
C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe    --a---- 345088 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 5746BD7E255DD6A8AFA06F7C42C1BA41
C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe    --a---- 302592 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] AD7B9C14083B52BC532FBA5948342B98

========== regfind ==========

Searching for "cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\cmd.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\runas\command]
@="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\runas\command]
@="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
"StubPath"="C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
@="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
@="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}]
"AppName"="cmd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAG.EXE]
@="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE]
@="C:\Program Files\Internet Explorer\IEDIAGCMD.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\EH-Tcp]
"InitialProgram"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\EH-Tcp]
"InitialProgram"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"ComSpec"="%SystemRoot%\system32\cmd.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\EH-Tcp]
"InitialProgram"="cmd.exe"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe"="Virtual Command Shell 9014006604090000"
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Windows\system32\cmd.exe"="Virtual Command Shell 9014006604090000"

-= EOF =-



#14 Vengurd

Vengurd
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:01 AM

Posted 14 September 2014 - 07:53 PM

Since it's been seven days, shall I assume there is no more help to be had?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:01 AM

Posted 15 September 2014 - 07:38 AM

I'm sorry I lost track of your topic.

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users