Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COM SURROGATE and false browser virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 DGKacey

DGKacey

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 29 August 2014 - 10:03 PM

New here! I have been getting annoying pop ups and the COM SURROGATE thing. Ran a DDS scan output as follows:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16384  BrowserJavaVersion: 10.65.2
Run by ericb_000 at 20:54:33 on 2014-08-29
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3673.1654 [GMT -6:00]
.
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\Taskmgr.exe
C:\Windows\system32\taskhostex.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\syswow64\backgroundTaskHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1388690372&from=wpm0102&uid=ST320LT020-9YG142_W044BYAJXXXXW044BYAJ&q={searchTerms}
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\ericb_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Pinger] "C:\Program Files (x86)\Pinger\Pinger.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [Viber] "C:\Users\ericb_000\AppData\Local\Viber\Viber.exe"
uRun: [Spotify] "C:\Users\ericb_000\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [VinylVoice] C:\Windows\System32\rundll32.exe "C:\Users\ericb_000\AppData\Local\VinylVoice\VinylVoice.dll",DllRegisterServer
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE}\053435D27457563747 : DHCPNameServer = 10.10.0.210
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE}\25564644F6C6078696E62313 : DHCPNameServer = 66.232.206.251 66.232.206.252 192.168.1.1
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE}\7457563747 : DHCPNameServer = 10.10.0.210
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE}\84F4D454D223346323 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F15166CF-01C1-47A2-B1AB-FB3F0C7178EE}\E45445745414258303 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = www.google.com
x64-mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1388690372&from=wpm0102&uid=ST320LT020-9YG142_W044BYAJXXXXW044BYAJ&q={searchTerms}
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-ExplorerRun: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe"
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 10.0.0.2 prod.cloud.rockstargames.com
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-9-23 55856]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-1-20 115472]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-9-12 98472]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-23 21152]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-12 690832]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\Drivers\teamviewervpn.sys [2014-1-25 35112]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-12 57000]
S1 {75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t;{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t;C:\Windows\System32\Drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t.sys [2014-5-22 55224]
S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
S3 IOMap;IOMap;C:\Windows\System32\Drivers\IOMap64.sys [2014-2-23 24824]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== Created Last 30 ================
.
2014-08-29 21:38:58 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2CA2FBC-4CE5-4225-80E6-41C5EE7AE60B}\offreg.dll
2014-08-29 21:30:14 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2CA2FBC-4CE5-4225-80E6-41C5EE7AE60B}\mpengine.dll
2014-08-25 23:40:33 -------- d-----w- C:\Program Files (x86)\Truck Dismount
2014-08-25 01:47:21 -------- d-----w- C:\Users\ericb_000\AppData\Local\VinylVoice
2014-08-24 19:16:10 -------- d-----w- C:\Users\ericb_000\AppData\Local\Unity
2014-08-20 18:59:45 262312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-11 22:05:52 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-11 22:04:02 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-11 22:04:02 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-11 22:04:02 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-11 22:04:02 -------- d-----w- C:\ProgramData\Malwarebytes
2014-08-11 22:04:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 20:57:44 -------- d-----w- C:\Users\ericb_000\AppData\Roaming\Omliab
2014-08-03 01:53:59 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 22:16:11 -------- d-----w- C:\ProgramData\SCARM
2014-08-01 22:15:49 -------- d-----w- C:\Program Files (x86)\SCARM
2014-08-01 20:58:21 -------- d-----w- C:\Users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 20:57:55 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2014-08-01 20:57:36 -------- d-----w- C:\Program Files (x86)\Open Rails
.
==================== Find3M  ====================
.
2014-07-23 02:58:09 687 ----a-w- C:\awh5B58.tmp
2014-07-20 02:16:09 687 ----a-w- C:\awh1430.tmp
2014-07-14 23:37:15 687 ----a-w- C:\awh38FA.tmp
2014-07-14 03:59:18 687 ----a-w- C:\awh6CC6.tmp
2014-07-13 18:48:44 687 ----a-w- C:\awh3043.tmp
2014-07-12 04:07:31 687 ----a-w- C:\awh28E3.tmp
2014-07-11 22:22:30 687 ----a-w- C:\awhEBF9.tmp
2014-07-08 21:02:34 687 ----a-w- C:\awh7ABE.tmp
2014-07-06 05:17:51 687 ----a-w- C:\awhE.tmp
2014-07-01 10:02:37 687 ----a-w- C:\awhBDFE.tmp
2014-06-26 22:49:45 687 ----a-w- C:\awh5070.tmp
2014-06-26 19:42:38 687 ----a-w- C:\awh6D87.tmp
2014-06-23 23:04:46 687 ----a-w- C:\awhCB98.tmp
2014-06-20 03:23:20 687 ----a-w- C:\awhD08D.tmp
.
============= FINISH: 21:02:02.81 ===============
 


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 30 August 2014 - 04:56 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 DGKacey

DGKacey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 August 2014 - 12:56 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by ericb_000 (administrator) on YOUNGDERP on 30-08-2014 11:43:17
Running from C:\Users\ericb_000\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Google Inc.) C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
(Google Inc.) C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM-x32\...\Run: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] => C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe [193584 2014-05-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] => C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe [193584 2014-05-13] ( ())
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Google Update] => C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-15] (Google Inc.)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Spotify Web Helper] => C:\Users\ericb_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Pinger] => "C:\Program Files (x86)\Pinger\Pinger.exe"
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Viber] => "C:\Users\ericb_000\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Spotify] => C:\Users\ericb_000\AppData\Roaming\Spotify\spotify.exe [6621752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [VinylVoice] => C:\Windows\system32\rundll32.exe "C:\Users\ericb_000\AppData\Local\VinylVoice\VinylVoice.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?type=sc&ts=1384055718&from=kdl2&uid=ST320LT020-9YG142_W044BYAJXXXXW044BYAJ
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 10.0.0.2 prod.cloud.rockstargames.com
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\ericb_000\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Profile: C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-25]
CHR Extension: (reddit companion) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Adblock Plus) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Profile: C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-15]
CHR Extension: (Google Search) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-15]
CHR Extension: (No Name) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kepfgejmidkmoiimkfdjocdjhbcpmlmg [2013-12-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-15]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ERICB_~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1099248 2011-02-17] (Sonic Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S1 {75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t; C:\Windows\System32\drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t.sys [55224 2014-04-24] (StdLib)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 LgBttPort; \SystemRoot\system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; \SystemRoot\System32\drivers\lgbtbs64.sys [X]
S3 LGVMODEM; \SystemRoot\system32\DRIVERS\lgvmdm64.sys [X]
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 11:43 - 2014-08-30 11:45 - 00019054 _____ () C:\Users\ericb_000\Downloads\FRST.txt
2014-08-30 11:43 - 2014-08-30 11:43 - 00000000 ____D () C:\FRST
2014-08-30 11:42 - 2014-08-30 11:42 - 02103808 _____ (Farbar) C:\Users\ericb_000\Downloads\FRST64.exe
2014-08-29 21:02 - 2014-08-29 21:02 - 00013090 _____ () C:\Users\ericb_000\Desktop\dds.txt
2014-08-29 21:02 - 2014-08-29 21:02 - 00006288 _____ () C:\Users\ericb_000\Desktop\attach.txt
2014-08-29 20:53 - 2014-08-29 20:53 - 00688992 ____R (Swearware) C:\Users\ericb_000\Downloads\dds.com
2014-08-25 17:41 - 2014-08-25 17:41 - 00001080 _____ () C:\Users\ericb_000\Desktop\truckdismount - Shortcut.lnk
2014-08-25 17:40 - 2014-08-25 17:40 - 02150786 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101 (1).exe
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Truck Dismount
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kiuasturvat
2014-08-25 17:15 - 2014-08-25 17:17 - 02324656 _____ () C:\Users\ericb_000\Downloads\Kiuasturvat051.zip
2014-08-25 17:14 - 2014-08-25 17:17 - 00731194 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101.exe
2014-08-25 14:58 - 2014-08-25 14:58 - 00279808 _____ () C:\Windows\Minidump\082514-36129-01.dmp
2014-08-25 13:50 - 2014-08-25 13:50 - 00279808 _____ () C:\Windows\Minidump\082514-41714-01.dmp
2014-08-24 19:47 - 2014-08-24 19:47 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\VinylVoice
2014-08-24 18:16 - 2014-08-24 18:16 - 00279808 _____ () C:\Windows\Minidump\082414-34164-01.dmp
2014-08-24 16:36 - 2014-08-25 17:03 - 00000000 ____D () C:\Users\ericb_000\Documents\SCARM
2014-08-24 13:26 - 2014-08-24 13:27 - 00279808 _____ () C:\Windows\Minidump\082414-43571-01.dmp
2014-08-24 13:16 - 2014-08-29 19:57 - 00000237 _____ () C:\Users\ericb_000\BullseyeCoverageError.txt
2014-08-24 13:16 - 2014-08-29 19:57 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Unity
2014-08-24 13:12 - 2014-08-24 13:13 - 01202032 _____ (Unity Technologies ApS) C:\Users\ericb_000\Downloads\UnityWebPlayer.exe
2014-08-23 17:43 - 2014-08-23 17:44 - 42945846 _____ () C:\Users\ericb_000\Downloads\KSOS_v4081_Pack_4.zip
2014-08-21 12:31 - 2014-08-21 12:31 - 00279808 _____ () C:\Windows\Minidump\082114-33025-01.dmp
2014-08-21 11:40 - 2014-08-21 11:41 - 00279808 _____ () C:\Windows\Minidump\082114-54491-01.dmp
2014-08-21 11:20 - 2014-08-21 11:21 - 00279808 _____ () C:\Windows\Minidump\082114-44585-01.dmp
2014-08-19 21:57 - 2014-08-19 21:58 - 00279808 _____ () C:\Windows\Minidump\081914-33961-01.dmp
2014-08-19 11:46 - 2014-08-19 11:47 - 00279808 _____ () C:\Windows\Minidump\081914-72868-01.dmp
2014-08-19 10:18 - 2014-08-19 10:18 - 00279808 _____ () C:\Windows\Minidump\081914-38766-01.dmp
2014-08-16 21:34 - 2014-08-16 21:35 - 98623484 _____ () C:\Users\ericb_000\Downloads\KSOS_v311hf.zip
2014-08-16 19:07 - 2014-08-16 19:08 - 00279808 _____ () C:\Windows\Minidump\081614-45692-01.dmp
2014-08-16 18:59 - 2014-08-16 18:59 - 00279808 _____ () C:\Windows\Minidump\081614-35490-01.dmp
2014-08-15 20:16 - 2014-08-15 20:17 - 00279808 _____ () C:\Windows\Minidump\081514-47252-01.dmp
2014-08-15 14:17 - 2014-08-15 14:17 - 00279808 _____ () C:\Windows\Minidump\081514-32869-01.dmp
2014-08-13 21:11 - 2014-08-13 21:11 - 00515792 _____ () C:\Windows\Minidump\081314-33914-01.dmp
2014-08-12 11:40 - 2014-08-12 11:40 - 00279808 _____ () C:\Windows\Minidump\081214-37970-01.dmp
2014-08-11 16:05 - 2014-08-27 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 16:05 - 2014-08-11 16:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 16:05 - 2014-08-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 16:04 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 16:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 15:52 - 2014-08-11 16:02 - 00002382 _____ () C:\Users\ericb_000\Desktop\Rkill.txt
2014-08-11 14:57 - 2014-08-13 13:04 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Omliab
2014-08-11 14:56 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-09 14:48 - 2014-08-09 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-08-07 11:38 - 2014-08-07 11:39 - 00000000 ____D () C:\Users\ericb_000\Desktop\Win
2014-08-03 17:32 - 2014-08-03 17:32 - 00000783 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-08-03 17:32 - 2014-08-03 17:32 - 00000775 _____ () C:\Users\ericb_000\Desktop\Toribash.lnk
2014-08-03 11:42 - 2014-08-03 11:42 - 00279808 _____ () C:\Windows\Minidump\080314-40622-01.dmp
2014-08-02 19:54 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-02 19:53 - 2014-08-02 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-02 19:53 - 2014-08-02 19:53 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-02 19:53 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-02 19:53 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-02 19:53 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 16:16 - 2014-08-25 18:37 - 00000000 ____D () C:\ProgramData\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000969 _____ () C:\Users\Public\Desktop\SCARM.lnk
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\Program Files (x86)\SCARM
2014-08-01 15:34 - 2014-08-01 15:34 - 00000001 _____ () C:\Users\ericb_000\Desktop\Microsoft.Train.Simulator - RELOADED.iso
2014-08-01 14:58 - 2014-08-01 14:58 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00001032 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 11:45 - 2014-08-30 11:43 - 00019054 _____ () C:\Users\ericb_000\Downloads\FRST.txt
2014-08-30 11:43 - 2014-08-30 11:43 - 00000000 ____D () C:\FRST
2014-08-30 11:42 - 2014-08-30 11:42 - 02103808 _____ (Farbar) C:\Users\ericb_000\Downloads\FRST64.exe
2014-08-30 11:39 - 2014-04-06 10:48 - 00000000 ___RD () C:\Users\ericb_000\Google Drive
2014-08-30 11:38 - 2014-04-06 10:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 11:38 - 2013-12-15 19:39 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-30 11:38 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-29 23:33 - 2013-09-15 15:10 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Spotify
2014-08-29 23:02 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-29 23:01 - 2014-04-06 10:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-29 22:52 - 2013-09-15 14:13 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001UA.job
2014-08-29 22:37 - 2013-12-06 17:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-29 22:36 - 2013-09-15 15:10 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Spotify
2014-08-29 21:52 - 2013-09-15 14:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001Core.job
2014-08-29 21:02 - 2014-08-29 21:02 - 00013090 _____ () C:\Users\ericb_000\Desktop\dds.txt
2014-08-29 21:02 - 2014-08-29 21:02 - 00006288 _____ () C:\Users\ericb_000\Desktop\attach.txt
2014-08-29 20:53 - 2014-08-29 20:53 - 00688992 ____R (Swearware) C:\Users\ericb_000\Downloads\dds.com
2014-08-29 20:07 - 2013-09-15 13:22 - 00000000 ____D () C:\Users\ericb_000
2014-08-29 20:07 - 2012-07-25 23:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-08-29 19:57 - 2014-08-24 13:16 - 00000237 _____ () C:\Users\ericb_000\BullseyeCoverageError.txt
2014-08-29 19:57 - 2014-08-24 13:16 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Unity
2014-08-28 16:52 - 2012-08-01 19:20 - 00075822 _____ () C:\Windows\PFRO.log
2014-08-27 19:23 - 2014-01-24 17:06 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Skype
2014-08-27 18:06 - 2014-08-11 16:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 18:37 - 2014-08-01 16:16 - 00000000 ____D () C:\ProgramData\SCARM
2014-08-25 17:41 - 2014-08-25 17:41 - 00001080 _____ () C:\Users\ericb_000\Desktop\truckdismount - Shortcut.lnk
2014-08-25 17:40 - 2014-08-25 17:40 - 02150786 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101 (1).exe
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Truck Dismount
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kiuasturvat
2014-08-25 17:17 - 2014-08-25 17:15 - 02324656 _____ () C:\Users\ericb_000\Downloads\Kiuasturvat051.zip
2014-08-25 17:17 - 2014-08-25 17:14 - 00731194 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101.exe
2014-08-25 17:03 - 2014-08-24 16:36 - 00000000 ____D () C:\Users\ericb_000\Documents\SCARM
2014-08-25 14:58 - 2014-08-25 14:58 - 00279808 _____ () C:\Windows\Minidump\082514-36129-01.dmp
2014-08-25 14:58 - 2013-09-24 06:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 13:50 - 2014-08-25 13:50 - 00279808 _____ () C:\Windows\Minidump\082514-41714-01.dmp
2014-08-24 19:47 - 2014-08-24 19:47 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\VinylVoice
2014-08-24 18:16 - 2014-08-24 18:16 - 00279808 _____ () C:\Windows\Minidump\082414-34164-01.dmp
2014-08-24 13:27 - 2014-08-24 13:26 - 00279808 _____ () C:\Windows\Minidump\082414-43571-01.dmp
2014-08-24 13:13 - 2014-08-24 13:12 - 01202032 _____ (Unity Technologies ApS) C:\Users\ericb_000\Downloads\UnityWebPlayer.exe
2014-08-23 17:44 - 2014-08-23 17:43 - 42945846 _____ () C:\Users\ericb_000\Downloads\KSOS_v4081_Pack_4.zip
2014-08-21 12:31 - 2014-08-21 12:31 - 00279808 _____ () C:\Windows\Minidump\082114-33025-01.dmp
2014-08-21 11:41 - 2014-08-21 11:40 - 00279808 _____ () C:\Windows\Minidump\082114-54491-01.dmp
2014-08-21 11:21 - 2014-08-21 11:20 - 00279808 _____ () C:\Windows\Minidump\082114-44585-01.dmp
2014-08-21 00:03 - 2014-04-06 10:45 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 21:58 - 2014-08-19 21:57 - 00279808 _____ () C:\Windows\Minidump\081914-33961-01.dmp
2014-08-19 11:47 - 2014-08-19 11:46 - 00279808 _____ () C:\Windows\Minidump\081914-72868-01.dmp
2014-08-19 10:18 - 2014-08-19 10:18 - 00279808 _____ () C:\Windows\Minidump\081914-38766-01.dmp
2014-08-17 14:16 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 14:07 - 2014-07-28 17:33 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kerbal Space Program
2014-08-17 12:49 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\Resources
2014-08-17 12:25 - 2013-12-06 09:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 21:35 - 2014-08-16 21:34 - 98623484 _____ () C:\Users\ericb_000\Downloads\KSOS_v311hf.zip
2014-08-16 19:08 - 2014-08-16 19:07 - 00279808 _____ () C:\Windows\Minidump\081614-45692-01.dmp
2014-08-16 18:59 - 2014-08-16 18:59 - 00279808 _____ () C:\Windows\Minidump\081614-35490-01.dmp
2014-08-15 20:17 - 2014-08-15 20:16 - 00279808 _____ () C:\Windows\Minidump\081514-47252-01.dmp
2014-08-15 18:56 - 2013-09-15 14:57 - 00002556 _____ () C:\Users\ericb_000\Desktop\Google Chrome.lnk
2014-08-15 14:17 - 2014-08-15 14:17 - 00279808 _____ () C:\Windows\Minidump\081514-32869-01.dmp
2014-08-13 21:11 - 2014-08-13 21:11 - 00515792 _____ () C:\Windows\Minidump\081314-33914-01.dmp
2014-08-13 13:13 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\schemas
2014-08-13 13:04 - 2014-08-11 14:57 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Omliab
2014-08-12 11:40 - 2014-08-12 11:40 - 00279808 _____ () C:\Windows\Minidump\081214-37970-01.dmp
2014-08-11 17:17 - 2014-04-11 14:38 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-08-11 17:17 - 2014-01-02 13:19 - 00000000 ____D () C:\ProgramData\WPM
2014-08-11 17:17 - 2013-12-06 12:55 - 00000000 ____D () C:\ProgramData\Conduit
2014-08-11 17:17 - 2013-12-06 12:54 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\CRE
2014-08-11 17:17 - 2013-11-09 21:56 - 00000000 ____D () C:\ProgramData\eSafe
2014-08-11 16:05 - 2014-08-11 16:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 16:05 - 2014-08-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 16:02 - 2014-08-11 15:52 - 00002382 _____ () C:\Users\ericb_000\Desktop\Rkill.txt
2014-08-11 14:56 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-09 14:48 - 2014-08-09 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-08-09 14:48 - 2014-04-06 10:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-07 11:39 - 2014-08-07 11:38 - 00000000 ____D () C:\Users\ericb_000\Desktop\Win
2014-08-04 22:12 - 2012-08-02 01:04 - 00799196 _____ () C:\Windows\system32\perfh00C.dat
2014-08-04 22:12 - 2012-08-02 01:04 - 00155218 _____ () C:\Windows\system32\perfc00C.dat
2014-08-04 22:12 - 2012-07-26 01:28 - 01793362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 17:32 - 2014-08-03 17:32 - 00000783 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-08-03 17:32 - 2014-08-03 17:32 - 00000775 _____ () C:\Users\ericb_000\Desktop\Toribash.lnk
2014-08-03 17:30 - 2014-04-29 15:48 - 00000000 ____D () C:\Games
2014-08-03 11:42 - 2014-08-03 11:42 - 00279808 _____ () C:\Windows\Minidump\080314-40622-01.dmp
2014-08-03 11:40 - 2014-07-28 16:12 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\uTorrent
2014-08-02 19:54 - 2014-08-02 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-02 19:53 - 2014-08-02 19:53 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-02 19:53 - 2013-09-15 15:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 16:15 - 2014-08-01 16:15 - 00000969 _____ () C:\Users\Public\Desktop\SCARM.lnk
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\Program Files (x86)\SCARM
2014-08-01 15:34 - 2014-08-01 15:34 - 00000001 _____ () C:\Users\ericb_000\Desktop\Microsoft.Train.Simulator - RELOADED.iso
2014-08-01 14:58 - 2014-08-01 14:58 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00001032 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
Some content of TEMP:
====================
C:\Users\ericb_000\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\ericb_000\AppData\Local\Temp\iylissu.dll
C:\Users\ericb_000\AppData\Local\Temp\qpioiuv.dll
C:\Users\ericb_000\AppData\Local\Temp\rlnswgu.dll
C:\Users\ericb_000\AppData\Local\Temp\rnhanhf.dll
C:\Users\ericb_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\ericb_000\AppData\Local\Temp\smgrode.dll
C:\Users\ericb_000\AppData\Local\Temp\Tsu94478A96.dll
C:\Users\ericb_000\AppData\Local\Temp\wmfdist.exe
C:\Users\ericb_000\AppData\Local\Temp\zwzrqdp.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-26 12:49
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-08-2014
Ran by ericb_000 at 2014-08-30 11:50:02
Running from C:\Users\ericb_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32691 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{74CEB968-8452-C76B-8BAE-C5B291399639}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.1 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.4 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Ellipse (HKLM-x32\...\{C680054D-6CF2-4272-9775-5400A244A1D2}) (Version: 1.0.403 - MxS Elite)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Horizon v2.7.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
IceChat 7.70 (Build 20101031) (HKLM-x32\...\IceChat_is1) (Version: 7.70 - IceChat Networks)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open Rails version pre-v1.0 (HKLM-x32\...\{94E15E08-869D-4B69-B8D7-8C82075CB51C} ; Generat~67F3DAC8_is1) (Version: pre-v1.0 - Open Rails)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Portal: First Slice (HKLM-x32\...\Steam App 410) (Version:  - Valve)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.40 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Red Crab Cube Timer (HKLM-x32\...\{81CBD7F8-2200-4D61-8C4A-EAE922344120}) (Version: 1.0.3 - Red Crab Software)
Rigs of Rods - Rigs of Rods 0.4.0.7 - ${DESCRIPTION} (HKLM-x32\...\Rigs of Rods Rigs of Rods 0.4.0.7) (Version: "${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}" - "Rigs of Rods")
Rigs of Rods 0.38.67 (HKLM-x32\...\Rigs of Rods 0.38.67) (Version: 0.38.67 - Rigs of Rods Team)
ROBLOX Player for ericb_000 (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Game Capture (HKLM-x32\...\{BA7DBD3F-34B7-4872-860E-89E5B6AFA6AC}) (Version: 1.0 - Roxio)
Roxio Game Capture (x32 Version: 1.0.076 - Roxio) Hidden
ROXIO GAMECAP (HKLM-x32\...\{D774CBF9-D44D-41BD-9AAB-5E59C1791AFF}) (Version: 1.06.0000 - ROXIO)
Roxio GAMECAP (x32 Version: 1.01.0000 - Roxio) Hidden
SCARM 0.9.24 beta (HKLM-x32\...\{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1) (Version: 0.9.24 - Milen Peev)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Truck Dismount (remove only) (HKLM-x32\...\Rekkaturvat) (Version:  - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4201427427-2032694663-1442213182-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4201427427-2032694663-1442213182-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4201427427-2032694663-1442213182-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4201427427-2032694663-1442213182-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4201427427-2032694663-1442213182-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
30-08-2014 02:02:13 Removed LG United Mobile Driver
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 23:26 - 2014-04-11 14:54 - 00000861 ____A C:\Windows\system32\Drivers\etc\hosts
10.0.0.2 prod.cloud.rockstargames.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C83F954-CA8F-4827-9E00-5E16F604FA36} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-04] (ASUS)
Task: {124CF2BB-1C17-4A0A-900B-1695B5BADE00} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001UA => C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23569A52-721C-47BF-84F0-C501D803EC5B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001Core => C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2A64A5C9-833E-4D0A-9AD4-0E719361B31A} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {351F1475-3F6C-4817-BF42-E8AB127D9217} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4201427427-2032694663-1442213182-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {452C32FB-1F15-4D31-9A91-963A34865918} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {53684B72-DF22-45F7-93A0-8B22219DDE33} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {60E6318A-1655-4FD3-842A-1A8260463296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {687C4A54-4B10-4939-947C-5C3A90889A17} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4201427427-2032694663-1442213182-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {72DFF389-D41F-434F-90AC-AE3D6A92108C} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A827D7A5-88EA-4474-9129-851D578BB23C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {B2E9974C-7A05-4C1F-8F6C-FECF4C2B9A49} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-06-22] (ASUS)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {DD5D25C1-880D-4867-AD6E-59455319C21A} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED49722B-8EC9-4D58-AD30-F59182544E99} - System32\Tasks\{D7A3E9DE-9990-4152-8AEC-8DC8C6ED115B} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {F0940202-3091-4809-86BE-043E5CCEEAD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {F6839E52-7E8F-484F-BC28-6D0B1E57A43E} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001Core.job => C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001UA.job => C:\Users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-04 11:34 - 2012-08-04 11:34 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-08-30 11:38 - 2014-08-30 11:38 - 00098816 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32api.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00110080 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\pywintypes27.dll
2014-08-30 11:38 - 2014-08-30 11:38 - 00364544 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\pythoncom27.dll
2014-08-30 11:38 - 2014-08-30 11:38 - 00045568 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_socket.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 01160704 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_ssl.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00320512 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32com.shell.shell.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00713216 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_hashlib.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 01175040 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._core_.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00805888 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._gdi_.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00811008 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._windows_.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 01062400 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._controls_.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00735232 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._misc_.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00128512 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_elementtree.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00127488 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\pyexpat.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00557056 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\pysqlite2._sqlite.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00007168 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\hashobjs_ext.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00087552 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_ctypes.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00119808 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32file.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00108544 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32security.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00018432 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32event.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00038912 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32inet.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00070656 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._html2.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00167936 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32gui.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00011264 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32crypt.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00027136 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\_multiprocessing.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00686080 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\unicodedata.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00122368 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._wizard.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00010240 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\select.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00024064 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32pipe.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00025600 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32pdh.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00525640 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\windows._lib_cacheinvalidation.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00035840 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32process.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00017408 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32profile.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00022528 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\win32ts.pyd
2014-08-30 11:38 - 2014-08-30 11:38 - 00078336 _____ () C:\Users\ericb_000\AppData\Local\Temp\_MEI28762\wx._animate.pyd
2014-08-24 19:47 - 2014-08-24 19:47 - 00294912 _____ () C:\Users\ericb_000\AppData\Local\VinylVoice\VinylVoice.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 00718152 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\libglesv2.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 00126280 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\libegl.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 08537928 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\pdf.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 00353096 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 01732936 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\ffmpegsumo.dll
2014-08-24 19:53 - 2014-08-24 19:53 - 14669128 _____ () C:\Users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-08-15 18:56 - 2014-08-06 21:20 - 00718152 _____ () C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-15 18:56 - 2014-08-06 21:20 - 00126280 _____ () C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-15 18:56 - 2014-08-06 21:20 - 08537928 _____ () C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-15 18:56 - 2014-08-06 21:20 - 00353096 _____ () C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-15 18:56 - 2014-08-06 21:20 - 01732936 _____ () C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "pcreg"
HKLM\...\StartupApproved\Run32: => "pcreg"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "pcreg"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2014 11:38:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/29/2014 08:20:03 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (5484) An attempt to open the file "C:\Users\ericb_000\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/29/2014 08:08:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/29/2014 08:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x03af0a94
Faulting process id: 0x1080
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5
 
Error: (08/29/2014 08:05:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (08/29/2014 07:39:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/28/2014 04:52:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/27/2014 07:27:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/27/2014 07:25:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOUNGDERP)
Description: Activation of app Fingersoft.HillClimbRacing_r6rtpscs7gwyg!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/27/2014 07:10:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOUNGDERP)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (08/30/2014 11:38:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (08/30/2014 11:38:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The pcregservice Service service failed to start due to the following error: 
%%2
 
Error: (08/30/2014 11:37:35 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\system32\drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b
 
Error: (08/30/2014 11:38:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:28:37 PM on ‎8/‎29/‎2014 was unexpected.
 
Error: (08/29/2014 08:56:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ATKGFNEX Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/29/2014 08:30:49 PM) (Source: DCOM) (EventID: 10010) (User: YOUNGDERP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/29/2014 08:30:07 PM) (Source: DCOM) (EventID: 10010) (User: YOUNGDERP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/29/2014 08:29:30 PM) (Source: DCOM) (EventID: 10010) (User: YOUNGDERP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/29/2014 08:27:52 PM) (Source: DCOM) (EventID: 10010) (User: YOUNGDERP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/29/2014 08:15:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (08/30/2014 11:38:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/29/2014 08:20:03 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex5484C:\Users\ericb_000\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (08/29/2014 08:08:44 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/29/2014 08:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: powershell.exe6.2.9200.1638450109cceunknown0.0.0.000000000c000000503af0a94108001cfc3f6d93ef5d1C:\Windows\syswow64\windowspowershell\v1.0\powershell.exeunknown1e91e412-2fea-11e4-bf55-3085a92abafe
 
Error: (08/29/2014 08:05:30 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
   at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
   at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
   at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
   at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
   at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
   at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
   at System.Management.Automation.Cmdlet.DoProcessRecord()
   at System.Management.Automation.CommandProcessor.ProcessRecord()
   at System.Management.Automation.CommandProcessorBase.DoExecute()
   at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
   at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
   at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
   at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
   at System.Management.Automation.DlrScriptCommandProcessor.Complete()
   at System.Management.Automation.CommandProcessorBase.DoComplete()
   at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
   at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
   at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
   at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()
 
Error: (08/29/2014 07:39:57 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/28/2014 04:52:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/27/2014 07:27:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/27/2014 07:25:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOUNGDERP)
Description: Fingersoft.HillClimbRacing_r6rtpscs7gwyg!App-2144927141
 
Error: (08/27/2014 07:10:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOUNGDERP)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 3673.34 MB
Available physical RAM: 1755.7 MB
Total Pagefile: 7385.34 MB
Available Pagefile: 5075.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:111.42 GB) (Free:6.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:157.85 GB) (Free:118.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F05DB9F1)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 30 August 2014 - 01:09 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 DGKacey

DGKacey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 August 2014 - 06:30 PM

ComboFix 14-08-29.03 - ericb_000 08/30/2014  12:43:27.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.3673.2526 [GMT -6:00]
Running from: c:\users\ericb_000\Desktop\ComboFix.exe
AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\livestream
c:\program files (x86)\livestream\Broadcaster\grabber.xml
c:\program files (x86)\livestream\Broadcaster\grabber_ui.xml
c:\program files (x86)\livestream\Broadcaster\grabprofdb.xml
c:\program files (x86)\MediaBuzzV1
c:\program files (x86)\MediaPlayerV1
c:\program files (x86)\MediaViewerV1
c:\program files (x86)\MediaViewV1
c:\program files (x86)\MediaWatchV1
c:\program files (x86)\RichMediaViewV1
c:\programdata\SetStretch.exe
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_ctypes.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_elementtree.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_hashlib.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_multiprocessing.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_socket.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\_ssl.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\hashobjs_ext.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\pyexpat.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\pysqlite2._sqlite.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\python27.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\pythoncom27.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\PyWinTypes27.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\select.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\unicodedata.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32api.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32com.shell.shell.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32crypt.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32event.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32file.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32gui.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32inet.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32pdh.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32pipe.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32process.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32profile.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32security.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\win32ts.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\windows._lib_cacheinvalidation.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._animate.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._controls_.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._core_.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._gdi_.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._html2.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._misc_.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._windows_.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wx._wizard.pyd
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxbase294u_net_vc90.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxbase294u_vc90.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxmsw294u_adv_vc90.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxmsw294u_core_vc90.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxmsw294u_html_vc90.dll
c:\users\ERICB_~1\AppData\Local\Temp\_MEI28762\wxmsw294u_webview_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_ctypes.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_elementtree.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_hashlib.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_multiprocessing.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_socket.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\_ssl.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\hashobjs_ext.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\pyexpat.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\pysqlite2._sqlite.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\python27.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\pythoncom27.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\PyWinTypes27.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\select.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\unicodedata.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32api.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32com.shell.shell.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32crypt.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32event.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32file.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32gui.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32inet.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32pdh.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32pipe.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32process.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32profile.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32security.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\win32ts.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\windows._lib_cacheinvalidation.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._animate.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._controls_.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._core_.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._gdi_.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._html2.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._misc_.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._windows_.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wx._wizard.pyd
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxbase294u_net_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxbase294u_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxmsw294u_adv_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxmsw294u_core_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxmsw294u_html_vc90.dll
c:\users\ericb_000\AppData\Local\Temp\_MEI28762\wxmsw294u_webview_vc90.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\System32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-28 to 2014-08-30  )))))))))))))))))))))))))))))))
.
.
2014-08-30 19:22 . 2014-08-30 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-30 19:22 . 2014-08-30 19:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-30 17:43 . 2014-08-30 17:54 -------- d-----w- C:\FRST
2014-08-29 21:30 . 2013-07-02 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2CA2FBC-4CE5-4225-80E6-41C5EE7AE60B}\mpengine.dll
2014-08-25 23:40 . 2014-08-25 23:40 -------- d-----w- c:\program files (x86)\Truck Dismount
2014-08-25 01:47 . 2014-08-25 01:47 -------- d-----w- c:\users\ericb_000\AppData\Local\VinylVoice
2014-08-24 19:16 . 2014-08-30 01:57 -------- d-----w- c:\users\ericb_000\AppData\Local\Unity
2014-08-20 18:59 . 2014-08-20 18:59 262312 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-11 22:05 . 2014-08-28 00:06 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-11 22:04 . 2014-08-11 22:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-11 22:04 . 2014-08-11 22:04 -------- d-----w- c:\programdata\Malwarebytes
2014-08-11 22:04 . 2014-05-12 13:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-11 22:04 . 2014-05-12 13:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-11 22:04 . 2014-05-12 13:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-11 20:57 . 2014-08-13 19:04 -------- d-----w- c:\users\ericb_000\AppData\Roaming\Omliab
2014-08-03 01:54 . 2014-08-03 01:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-03 01:53 . 2014-07-11 09:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 22:16 . 2014-08-26 00:37 -------- d-----w- c:\programdata\SCARM
2014-08-01 22:15 . 2014-08-01 22:15 -------- d-----w- c:\program files (x86)\SCARM
2014-08-01 20:58 . 2014-08-01 20:58 -------- d-----w- c:\users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 20:57 . 2014-08-01 20:57 -------- d-----w- c:\program files (x86)\Microsoft XNA
2014-08-01 20:57 . 2014-08-01 20:57 -------- d-----w- c:\program files (x86)\Open Rails
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 05:18 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-23 02:58 . 2014-07-23 02:58 687 ----a-w- C:\awh5B58.tmp
2014-07-20 02:16 . 2014-07-20 02:16 687 ----a-w- C:\awh1430.tmp
2014-07-14 23:37 . 2014-07-14 23:37 687 ----a-w- C:\awh38FA.tmp
2014-07-14 03:59 . 2014-07-14 03:59 687 ----a-w- C:\awh6CC6.tmp
2014-07-13 18:48 . 2014-07-13 18:48 687 ----a-w- C:\awh3043.tmp
2014-07-12 04:07 . 2014-07-12 04:07 687 ----a-w- C:\awh28E3.tmp
2014-07-11 22:22 . 2014-07-11 22:22 687 ----a-w- C:\awhEBF9.tmp
2014-07-08 21:02 . 2014-07-08 21:02 687 ----a-w- C:\awh7ABE.tmp
2014-07-06 05:17 . 2014-07-06 05:17 687 ----a-w- C:\awhE.tmp
2014-07-01 10:02 . 2014-07-01 10:02 687 ----a-w- C:\awhBDFE.tmp
2014-06-26 22:49 . 2014-06-26 22:49 687 ----a-w- C:\awh5070.tmp
2014-06-26 19:42 . 2014-06-26 19:42 687 ----a-w- C:\awh6D87.tmp
2014-06-23 23:04 . 2014-06-23 23:04 687 ----a-w- C:\awhCB98.tmp
2014-06-20 03:23 . 2014-06-20 03:23 687 ----a-w- C:\awhD08D.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\ericb_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
"Spotify"="c:\users\ericb_000\AppData\Roaming\Spotify\spotify.exe" [2014-08-26 6621752]
"VinylVoice"="c:\users\ericb_000\AppData\Local\VinylVoice\VinylVoice.dll" [2014-08-25 294912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-01-21 811792]
"{ccc35603-e7d6-6b9a-32cf-a5031f62183a}"="c:\programdata\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe" [2014-05-13 193584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-9-12 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 {75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t;{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t;c:\windows\system32\drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t.sys;c:\windows\SYSNATIVE\drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\System32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\System32\drivers\lgbtbs64.sys;c:\windows\SYSNATIVE\drivers\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 RoxMediaDBGame1X;RoxMediaDBGame1X;c:\program files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe;c:\program files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 17:37]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06 16:44]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-06 16:44]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001Core.job
- c:\users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15 20:12]
.
2014-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001UA.job
- c:\users\ericb_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15 20:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 16:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 16:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 16:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 16:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 16:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-13 12936848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:Tabs
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1388690372&from=wpm0102&uid=ST320LT020-9YG142_W044BYAJXXXXW044BYAJ&q={searchTerms}
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Pinger - c:\program files (x86)\Pinger\Pinger.exe
Wow6432Node-HKCU-Run-pcreg - c:\program files\pcreg\service.exe
Wow6432Node-HKCU-Run-Viber - c:\users\ericb_000\AppData\Local\Viber\Viber.exe
Wow6432Node-HKLM-Run-pcreg - c:\program files\pcreg\service.exe
Toolbar-Locked - (no file)
HKLM-Run-pcreg - c:\program files\pcreg\service.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
c:\users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
c:\users\ericb_000\AppData\LocalLow\SupporterSync\CalculatorHiggs\browser.exe
.
**************************************************************************
.
Completion time: 2014-08-30  17:21:19 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-30 23:21
.
Pre-Run: 6,742,859,776 bytes free
Post-Run: 9,495,920,640 bytes free
.
- - End Of File - - 74A76C6782991A0385BC83F8374566AC
5FB38429D5D77768867C76DCBDB35194
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 30 August 2014 - 07:02 PM

Ok, one malware is gone, there are 2 more to go:


Step 1

Please download this attached Attached File  fixlist.txt   928bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 DGKacey

DGKacey
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:26 AM

Posted 30 August 2014 - 09:03 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-08-2014
Ran by ericb_000 at 2014-08-30 18:41:38 Run:1
Running from C:\Users\ericb_000\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: taskkill /f /t /im rundll32.exe
HKLM-x32\...\Run: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] => C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe [193584 2014-05-13] ()
HKLM\...\Policies\Explorer\Run: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] => C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe [193584 2014-05-13] ( ())
C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [VinylVoice] => C:\Windows\system32\rundll32.exe "C:\Users\ericb_000\AppData\Local\VinylVoice\VinylVoice.dll",DllRegisterServer <===== ATTENTION
C:\Users\ericb_000\AppData\Local\VinylVoice
C:\Users\ericb_000\AppData\LocalLow\SupporterSync
C:\Users\ericb_000\AppData\Roaming\Omliab
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
 
*****************
 
 
=========  taskkill /f /t /im rundll32.exe =========
 
SUCCESS: The process with PID 5996 (child process of PID 1496) has been terminated.
SUCCESS: The process with PID 4888 (child process of PID 1496) has been terminated.
SUCCESS: The process with PID 432 (child process of PID 1496) has been terminated.
SUCCESS: The process with PID 3464 (child process of PID 3348) has been terminated.
SUCCESS: The process with PID 1496 (child process of PID 3348) has been terminated.
SUCCESS: The process with PID 3348 (child process of PID 3192) has been terminated.
SUCCESS: The process with PID 3192 (child process of PID 340) has been terminated.
 
========= End of CMD: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\{ccc35603-e7d6-6b9a-32cf-a5031f62183a} => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\{ccc35603-e7d6-6b9a-32cf-a5031f62183a} => Value not found.
 
"C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}" directory move:
 
Could not move "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}" directory. => Scheduled to move on reboot.
 
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\Software\Microsoft\Windows\CurrentVersion\Run\\VinylVoice => value deleted successfully.
C:\Users\ericb_000\AppData\Local\VinylVoice => Moved successfully.
C:\Users\ericb_000\AppData\LocalLow\SupporterSync => Moved successfully.
C:\Users\ericb_000\AppData\Roaming\Omliab => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
EmptyTemp: => Removed 10.3 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-08-30 19:32:29)<=
 
C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe => Is moved successfully.
C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a} => Is moved successfully.
 
==== End of Fixlog ====
 
# AdwCleaner v3.308 - Report created 30/08/2014 at 19:40:31
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : ericb_000 - YOUNGDERP
# Running from : C:\Users\ericb_000\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : {75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\VideoPlayerV3
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\ericb_000\AppData\Local\Conduit
Folder Deleted : C:\Users\ericb_000\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\ericb_000\AppData\Local\WhiteListing
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\{75edaf6c-4dcf-4f61-a079-f7488c24b3d9}t.sys
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
Task Deleted : PC Speed Maximizer Schedule
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\ericb_000\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\ericb_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\ericb_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\ericb_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3316751
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13352EEC-8C24-45FF-8571-29FA9377D755}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C99B148-E8D5-447C-898B-9E4ABEDD9377}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D436CD-636B-4815-8A65-9EF7069B85B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8CE5F275-2F5E-4CE5-9213-C8BF49D7E4F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0994774-C162-4795-8AEB-52C776216264}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C07474D6-CAE5-474D-9583-E147ACFFFAEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5AA6C60-2955-4948-AFB2-5AEFEB431C13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDF1FAFC-29FA-427D-A21D-F78218460ECF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E17D179F-E095-408C-8F4E-2CBF87395547}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EACF3F45-6E3A-45FF-9F0B-4829DE87F37A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc speed maximizer
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\Bench
Key Deleted : HKLM\SOFTWARE\Conduit
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16384
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 
-\\ Google Chrome v
 
[ File : C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Deleted [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
 
*************************
 
AdwCleaner[R0].txt - [7648 octets] - [30/08/2014 19:37:49]
AdwCleaner[S0].txt - [6518 octets] - [30/08/2014 19:40:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6578 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2014
Ran by ericb_000 (administrator) on YOUNGDERP on 30-08-2014 19:50:22
Running from C:\Users\ericb_000\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll 
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Spotify Web Helper] => C:\Users\ericb_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [Spotify] => C:\Users\ericb_000\AppData\Roaming\Spotify\spotify.exe [6621752 2014-08-25] (Spotify Ltd)
HKU\S-1-5-21-4201427427-2032694663-1442213182-1001\...\Run: [{ccc35603-e7d6-6b9a-32cf-a5031f62183a}] => "C:\ProgramData\Microsoft\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}\{ccc35603-e7d6-6b9a-32cf-a5031f62183a}.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\ericb_000\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 9667A155725F8FBA764FBD0F9B66D2BA5F6F06A5216E1863341425BF0B62B37E
CHR DefaultSearchKeyword: Default -> D36B44CB36215441BB189AECAD281E6E7F2ACD0D3691203CAC689E78B485CF28
CHR DefaultSearchURL: Default -> E4A636DA68BD5A181F409120428DDD5CB75DD3DF335FF6458131184D59D6D3B6
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ericb_000\AppData\Local\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.650.20) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U65) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\ericb_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Roblox Launcher Plugin) - C:\Users\ericb_000\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ( ROBLOX Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll No File
CHR Profile: C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-25]
CHR Extension: (reddit companion) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Adblock Plus) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Profile: C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-15]
CHR Extension: (Google Drive) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-15]
CHR Extension: (YouTube) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-15]
CHR Extension: (Google Search) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-15]
CHR Extension: (No Name) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kepfgejmidkmoiimkfdjocdjhbcpmlmg [2013-12-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\ericb_000\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-15]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ERICB_~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1099248 2011-02-17] (Sonic Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
S2 pcregservice; C:\Program Files\pcreg\pcreg.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [30208 2012-07-25] (Microsoft Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 andnetadb; \SystemRoot\System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; \SystemRoot\system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; \SystemRoot\system32\DRIVERS\lgandnetmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 LgBttPort; \SystemRoot\system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; \SystemRoot\System32\drivers\lgbtbs64.sys [X]
S3 LGVMODEM; \SystemRoot\system32\DRIVERS\lgvmdm64.sys [X]
U0 msahci; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 19:50 - 2014-08-30 19:52 - 00016882 _____ () C:\Users\ericb_000\Downloads\FRST.txt
2014-08-30 19:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-30 19:37 - 2014-08-30 19:41 - 00000000 ____D () C:\AdwCleaner
2014-08-30 18:40 - 2014-08-30 18:40 - 01364531 _____ () C:\Users\ericb_000\Downloads\AdwCleaner.exe
2014-08-30 17:21 - 2014-08-30 17:21 - 00023519 _____ () C:\ComboFix.txt
2014-08-30 12:38 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-30 12:38 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-30 12:38 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-30 12:38 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-30 12:36 - 2014-08-30 17:21 - 00000000 ____D () C:\Qoobox
2014-08-30 12:35 - 2014-08-30 17:15 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 12:32 - 2014-08-30 12:33 - 05576760 ____R (Swearware) C:\Users\ericb_000\Desktop\ComboFix.exe
2014-08-30 11:43 - 2014-08-30 19:50 - 00000000 ____D () C:\FRST
2014-08-30 11:42 - 2014-08-30 11:42 - 02103808 _____ (Farbar) C:\Users\ericb_000\Downloads\FRST64.exe
2014-08-29 21:02 - 2014-08-29 21:02 - 00013090 _____ () C:\Users\ericb_000\Desktop\dds.txt
2014-08-29 21:02 - 2014-08-29 21:02 - 00006288 _____ () C:\Users\ericb_000\Desktop\attach.txt
2014-08-29 20:53 - 2014-08-29 20:53 - 00688992 ____R (Swearware) C:\Users\ericb_000\Downloads\dds.com
2014-08-25 17:41 - 2014-08-25 17:41 - 00001080 _____ () C:\Users\ericb_000\Desktop\truckdismount - Shortcut.lnk
2014-08-25 17:40 - 2014-08-25 17:40 - 02150786 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101 (1).exe
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Truck Dismount
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kiuasturvat
2014-08-25 17:15 - 2014-08-25 17:17 - 02324656 _____ () C:\Users\ericb_000\Downloads\Kiuasturvat051.zip
2014-08-25 17:14 - 2014-08-25 17:17 - 00731194 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101.exe
2014-08-25 14:58 - 2014-08-25 14:58 - 00279808 _____ () C:\Windows\Minidump\082514-36129-01.dmp
2014-08-25 13:50 - 2014-08-25 13:50 - 00279808 _____ () C:\Windows\Minidump\082514-41714-01.dmp
2014-08-24 18:16 - 2014-08-24 18:16 - 00279808 _____ () C:\Windows\Minidump\082414-34164-01.dmp
2014-08-24 16:36 - 2014-08-25 17:03 - 00000000 ____D () C:\Users\ericb_000\Documents\SCARM
2014-08-24 13:26 - 2014-08-24 13:27 - 00279808 _____ () C:\Windows\Minidump\082414-43571-01.dmp
2014-08-24 13:16 - 2014-08-29 19:57 - 00000237 _____ () C:\Users\ericb_000\BullseyeCoverageError.txt
2014-08-24 13:16 - 2014-08-29 19:57 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Unity
2014-08-24 13:12 - 2014-08-24 13:13 - 01202032 _____ (Unity Technologies ApS) C:\Users\ericb_000\Downloads\UnityWebPlayer.exe
2014-08-23 17:43 - 2014-08-23 17:44 - 42945846 _____ () C:\Users\ericb_000\Downloads\KSOS_v4081_Pack_4.zip
2014-08-21 12:31 - 2014-08-21 12:31 - 00279808 _____ () C:\Windows\Minidump\082114-33025-01.dmp
2014-08-21 11:40 - 2014-08-21 11:41 - 00279808 _____ () C:\Windows\Minidump\082114-54491-01.dmp
2014-08-21 11:20 - 2014-08-21 11:21 - 00279808 _____ () C:\Windows\Minidump\082114-44585-01.dmp
2014-08-19 21:57 - 2014-08-19 21:58 - 00279808 _____ () C:\Windows\Minidump\081914-33961-01.dmp
2014-08-19 11:46 - 2014-08-19 11:47 - 00279808 _____ () C:\Windows\Minidump\081914-72868-01.dmp
2014-08-19 10:18 - 2014-08-19 10:18 - 00279808 _____ () C:\Windows\Minidump\081914-38766-01.dmp
2014-08-16 21:34 - 2014-08-16 21:35 - 98623484 _____ () C:\Users\ericb_000\Downloads\KSOS_v311hf.zip
2014-08-16 19:07 - 2014-08-16 19:08 - 00279808 _____ () C:\Windows\Minidump\081614-45692-01.dmp
2014-08-16 18:59 - 2014-08-16 18:59 - 00279808 _____ () C:\Windows\Minidump\081614-35490-01.dmp
2014-08-15 20:16 - 2014-08-15 20:17 - 00279808 _____ () C:\Windows\Minidump\081514-47252-01.dmp
2014-08-15 14:17 - 2014-08-15 14:17 - 00279808 _____ () C:\Windows\Minidump\081514-32869-01.dmp
2014-08-13 21:11 - 2014-08-13 21:11 - 00515792 _____ () C:\Windows\Minidump\081314-33914-01.dmp
2014-08-12 11:40 - 2014-08-12 11:40 - 00279808 _____ () C:\Windows\Minidump\081214-37970-01.dmp
2014-08-11 16:05 - 2014-08-27 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 16:05 - 2014-08-11 16:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 16:05 - 2014-08-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 16:04 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 16:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 15:52 - 2014-08-11 16:02 - 00002382 _____ () C:\Users\ericb_000\Desktop\Rkill.txt
2014-08-11 14:56 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-09 14:48 - 2014-08-09 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-08-07 11:38 - 2014-08-07 11:39 - 00000000 ____D () C:\Users\ericb_000\Desktop\Win
2014-08-03 17:32 - 2014-08-03 17:32 - 00000783 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-08-03 17:32 - 2014-08-03 17:32 - 00000775 _____ () C:\Users\ericb_000\Desktop\Toribash.lnk
2014-08-03 11:42 - 2014-08-03 11:42 - 00279808 _____ () C:\Windows\Minidump\080314-40622-01.dmp
2014-08-02 19:54 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-02 19:53 - 2014-08-02 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-02 19:53 - 2014-08-02 19:53 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-02 19:53 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-02 19:53 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-02 19:53 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 16:16 - 2014-08-25 18:37 - 00000000 ____D () C:\ProgramData\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000969 _____ () C:\Users\Public\Desktop\SCARM.lnk
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\Program Files (x86)\SCARM
2014-08-01 15:34 - 2014-08-01 15:34 - 00000001 _____ () C:\Users\ericb_000\Desktop\Microsoft.Train.Simulator - RELOADED.iso
2014-08-01 14:58 - 2014-08-01 14:58 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00001032 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-30 19:52 - 2014-08-30 19:50 - 00016882 _____ () C:\Users\ericb_000\Downloads\FRST.txt
2014-08-30 19:52 - 2013-09-15 14:13 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001UA.job
2014-08-30 19:51 - 2013-09-15 14:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4201427427-2032694663-1442213182-1001
2014-08-30 19:50 - 2014-08-30 11:43 - 00000000 ____D () C:\FRST
2014-08-30 19:47 - 2014-04-06 10:48 - 00000000 ___RD () C:\Users\ericb_000\Google Drive
2014-08-30 19:46 - 2014-04-06 10:44 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-30 19:45 - 2013-09-15 13:26 - 01714648 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 19:44 - 2013-12-15 19:39 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-08-30 19:44 - 2012-08-01 19:20 - 02194916 _____ () C:\Windows\PFRO.log
2014-08-30 19:44 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-30 19:41 - 2014-08-30 19:37 - 00000000 ____D () C:\AdwCleaner
2014-08-30 19:40 - 2013-09-15 14:57 - 00001311 _____ () C:\Users\ericb_000\Desktop\Google Chrome.lnk
2014-08-30 19:40 - 2013-09-15 14:14 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-30 19:40 - 2013-09-15 14:04 - 00000999 _____ () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-30 19:37 - 2013-12-06 17:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-30 19:26 - 2014-01-29 17:17 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-08-30 19:24 - 2012-07-25 23:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-08-30 19:02 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-30 19:01 - 2014-04-06 10:44 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-30 18:41 - 2012-07-26 02:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-30 18:40 - 2014-08-30 18:40 - 01364531 _____ () C:\Users\ericb_000\Downloads\AdwCleaner.exe
2014-08-30 17:21 - 2014-08-30 17:21 - 00023519 _____ () C:\ComboFix.txt
2014-08-30 17:21 - 2014-08-30 12:36 - 00000000 ____D () C:\Qoobox
2014-08-30 17:21 - 2012-07-25 23:37 - 00000000 __RHD () C:\Users\Default
2014-08-30 17:15 - 2014-08-30 12:35 - 00000000 ____D () C:\Windows\erdnt
2014-08-30 17:10 - 2012-07-25 23:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-30 15:22 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-30 12:33 - 2014-08-30 12:32 - 05576760 ____R (Swearware) C:\Users\ericb_000\Desktop\ComboFix.exe
2014-08-30 11:42 - 2014-08-30 11:42 - 02103808 _____ (Farbar) C:\Users\ericb_000\Downloads\FRST64.exe
2014-08-29 23:33 - 2013-09-15 15:10 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Spotify
2014-08-29 22:36 - 2013-09-15 15:10 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Spotify
2014-08-29 21:52 - 2013-09-15 14:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4201427427-2032694663-1442213182-1001Core.job
2014-08-29 21:02 - 2014-08-29 21:02 - 00013090 _____ () C:\Users\ericb_000\Desktop\dds.txt
2014-08-29 21:02 - 2014-08-29 21:02 - 00006288 _____ () C:\Users\ericb_000\Desktop\attach.txt
2014-08-29 20:53 - 2014-08-29 20:53 - 00688992 ____R (Swearware) C:\Users\ericb_000\Downloads\dds.com
2014-08-29 20:07 - 2013-09-15 13:22 - 00000000 ____D () C:\Users\ericb_000
2014-08-29 19:57 - 2014-08-24 13:16 - 00000237 _____ () C:\Users\ericb_000\BullseyeCoverageError.txt
2014-08-29 19:57 - 2014-08-24 13:16 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\Unity
2014-08-27 19:23 - 2014-01-24 17:06 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Skype
2014-08-27 18:06 - 2014-08-11 16:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 18:37 - 2014-08-01 16:16 - 00000000 ____D () C:\ProgramData\SCARM
2014-08-25 17:41 - 2014-08-25 17:41 - 00001080 _____ () C:\Users\ericb_000\Desktop\truckdismount - Shortcut.lnk
2014-08-25 17:40 - 2014-08-25 17:40 - 02150786 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101 (1).exe
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Truck Dismount
2014-08-25 17:40 - 2014-08-25 17:40 - 00000000 ____D () C:\Program Files (x86)\Truck Dismount
2014-08-25 17:19 - 2014-08-25 17:19 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kiuasturvat
2014-08-25 17:17 - 2014-08-25 17:15 - 02324656 _____ () C:\Users\ericb_000\Downloads\Kiuasturvat051.zip
2014-08-25 17:17 - 2014-08-25 17:14 - 00731194 _____ () C:\Users\ericb_000\Downloads\SetupTruckDismount101.exe
2014-08-25 17:03 - 2014-08-24 16:36 - 00000000 ____D () C:\Users\ericb_000\Documents\SCARM
2014-08-25 14:58 - 2014-08-25 14:58 - 00279808 _____ () C:\Windows\Minidump\082514-36129-01.dmp
2014-08-25 14:58 - 2013-09-24 06:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-25 13:50 - 2014-08-25 13:50 - 00279808 _____ () C:\Windows\Minidump\082514-41714-01.dmp
2014-08-24 18:16 - 2014-08-24 18:16 - 00279808 _____ () C:\Windows\Minidump\082414-34164-01.dmp
2014-08-24 13:27 - 2014-08-24 13:26 - 00279808 _____ () C:\Windows\Minidump\082414-43571-01.dmp
2014-08-24 13:13 - 2014-08-24 13:12 - 01202032 _____ (Unity Technologies ApS) C:\Users\ericb_000\Downloads\UnityWebPlayer.exe
2014-08-23 17:44 - 2014-08-23 17:43 - 42945846 _____ () C:\Users\ericb_000\Downloads\KSOS_v4081_Pack_4.zip
2014-08-21 12:31 - 2014-08-21 12:31 - 00279808 _____ () C:\Windows\Minidump\082114-33025-01.dmp
2014-08-21 11:41 - 2014-08-21 11:40 - 00279808 _____ () C:\Windows\Minidump\082114-54491-01.dmp
2014-08-21 11:21 - 2014-08-21 11:20 - 00279808 _____ () C:\Windows\Minidump\082114-44585-01.dmp
2014-08-21 00:03 - 2014-04-06 10:45 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-21 00:03 - 2014-04-06 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 21:58 - 2014-08-19 21:57 - 00279808 _____ () C:\Windows\Minidump\081914-33961-01.dmp
2014-08-19 11:47 - 2014-08-19 11:46 - 00279808 _____ () C:\Windows\Minidump\081914-72868-01.dmp
2014-08-19 10:18 - 2014-08-19 10:18 - 00279808 _____ () C:\Windows\Minidump\081914-38766-01.dmp
2014-08-17 14:16 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-17 14:07 - 2014-07-28 17:33 - 00000000 ____D () C:\Users\ericb_000\Desktop\Kerbal Space Program
2014-08-17 12:49 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\Resources
2014-08-17 12:25 - 2013-12-06 09:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-16 21:35 - 2014-08-16 21:34 - 98623484 _____ () C:\Users\ericb_000\Downloads\KSOS_v311hf.zip
2014-08-16 19:08 - 2014-08-16 19:07 - 00279808 _____ () C:\Windows\Minidump\081614-45692-01.dmp
2014-08-16 18:59 - 2014-08-16 18:59 - 00279808 _____ () C:\Windows\Minidump\081614-35490-01.dmp
2014-08-15 20:17 - 2014-08-15 20:16 - 00279808 _____ () C:\Windows\Minidump\081514-47252-01.dmp
2014-08-15 14:17 - 2014-08-15 14:17 - 00279808 _____ () C:\Windows\Minidump\081514-32869-01.dmp
2014-08-13 21:11 - 2014-08-13 21:11 - 00515792 _____ () C:\Windows\Minidump\081314-33914-01.dmp
2014-08-13 13:13 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\schemas
2014-08-12 11:40 - 2014-08-12 11:40 - 00279808 _____ () C:\Windows\Minidump\081214-37970-01.dmp
2014-08-11 17:17 - 2013-12-06 12:54 - 00000000 ____D () C:\Users\ericb_000\AppData\Local\CRE
2014-08-11 16:05 - 2014-08-11 16:05 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-11 16:05 - 2014-08-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:04 - 2014-08-11 16:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 16:02 - 2014-08-11 15:52 - 00002382 _____ () C:\Users\ericb_000\Desktop\Rkill.txt
2014-08-11 14:56 - 2014-08-11 14:56 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-08-09 14:48 - 2014-08-09 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-08-09 14:48 - 2014-04-06 10:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-07 11:39 - 2014-08-07 11:38 - 00000000 ____D () C:\Users\ericb_000\Desktop\Win
2014-08-04 22:12 - 2012-08-02 01:04 - 00799196 _____ () C:\Windows\system32\perfh00C.dat
2014-08-04 22:12 - 2012-08-02 01:04 - 00155218 _____ () C:\Windows\system32\perfc00C.dat
2014-08-04 22:12 - 2012-07-26 01:28 - 01793362 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 17:32 - 2014-08-03 17:32 - 00000783 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-08-03 17:32 - 2014-08-03 17:32 - 00000775 _____ () C:\Users\ericb_000\Desktop\Toribash.lnk
2014-08-03 17:30 - 2014-04-29 15:48 - 00000000 ____D () C:\Games
2014-08-03 11:42 - 2014-08-03 11:42 - 00279808 _____ () C:\Windows\Minidump\080314-40622-01.dmp
2014-08-03 11:40 - 2014-07-28 16:12 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\uTorrent
2014-08-02 19:54 - 2014-08-02 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-02 19:53 - 2014-08-02 19:53 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-02 19:53 - 2013-09-15 15:20 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 16:15 - 2014-08-01 16:15 - 00000969 _____ () C:\Users\Public\Desktop\SCARM.lnk
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCARM
2014-08-01 16:15 - 2014-08-01 16:15 - 00000000 ____D () C:\Program Files (x86)\SCARM
2014-08-01 15:34 - 2014-08-01 15:34 - 00000001 _____ () C:\Users\ericb_000\Desktop\Microsoft.Train.Simulator - RELOADED.iso
2014-08-01 14:58 - 2014-08-01 14:58 - 00000000 ____D () C:\Users\ericb_000\AppData\Roaming\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00001032 _____ () C:\Users\Public\Desktop\Open Rails.lnk
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Open Rails
2014-08-01 14:57 - 2014-08-01 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
 
Some content of TEMP:
====================
C:\Users\ericb_000\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-26 12:49
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 31 August 2014 - 04:19 AM

Very good. How is your computer running now? What problems or symptoms are still present (if any)?


Step 1

Please download this attached Attached File  fixlist.txt   581bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 19 September 2014 - 02:38 PM

Do you still need help?

#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 PM

Posted 29 September 2014 - 09:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users