Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent.Gen C:/Windows/Temp/svchost.exe, Unable to Remove


  • This topic is locked This topic is locked
12 replies to this topic

#1 hendocks

hendocks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 21 September 2014 - 06:28 PM

It seems I got myself into a small predicament. I received this virus due to an accidental ad click (I believe, anyways) and have tried Malwarebytes and adwcleaner to no avail. I've searched the internet for some solutions and found that some people have fixed the problem with something called OTL, but I have yet to use such a method since I don't quite understand how it works.

 

If you need any logs, please explain to me with some detail so that I can provide it. Unfortunately, this is the first virus that's made me scratch my head like such making me inexperienced with receiving help.

 

Not sure if it's something to note, but I also don't know what this virus does. I have yet to run into any problems, but if someone knows what it does, could you please inform me?


Edited by hendocks, 21 September 2014 - 06:30 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 21 September 2014 - 07:16 PM

Hi there,

it's impossible to tell what this malware does based on this information.
Please run a FRST scan for further diagnosis:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 hendocks

hendocks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 21 September 2014 - 09:52 PM

Ok. Scan done and here are the logs. For future reference, my computer is running Windows 8.1 x64. Also, thanks for the reply!

 

From the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by colte_000 (administrator) on SHANIQWA on 21-09-2014 19:49:03
Running from C:\Users\colte_000\Desktop
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Google Inc.) C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Windows\Temp\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-12-03] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify] => C:\Users\colte_000\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify Web Helper] => C:\Users\colte_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-06] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [BitTorrent] => C:\Users\colte_000\AppData\Roaming\BitTorrent\BitTorrent.exe [1274456 2014-09-08] (BitTorrent Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [GoogleChromeAutoLaunch_5694E434D15114E885D845B3B557AC70] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Google Update] => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-23] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [MusicManager] => C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Amazon Music] => C:\Users\colte_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a116a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a117a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {8680657f-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {868065e2-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {cff9dc44-07bb-11e4-bf63-84a6c8a16dae} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {fb4ea843-47bf-11e2-be7e-84a6c8a16dae} - "F:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 158.104.100.1 158.104.100.2 158.104.100.3
 
FireFox:
========
FF ProfilePath: C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\colte_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-05]
FF Extension: Adblock Edge - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-03-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-08-03]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\npgcwloplugin.dll (HP)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Play Music) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-15]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-01-08]
CHR Extension: (AdBlock) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-05-19]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-05-09] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-11-23] ()
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-17] (DT Soft Ltd)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-11-20] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-11-23] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-11-20] (Microsoft Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-11-20] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-11-20] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-12-03] (Synaptics Incorporated)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 19:49 - 2014-09-21 19:49 - 00029496 _____ () C:\Users\colte_000\Desktop\FRST.txt
2014-09-21 19:48 - 2014-09-21 19:49 - 00000000 ____D () C:\FRST
2014-09-21 19:48 - 2014-09-21 19:48 - 00062050 _____ () C:\WINDOWS\temp023423.vbe
2014-09-21 19:47 - 2014-09-21 19:48 - 02105856 _____ (Farbar) C:\Users\colte_000\Desktop\FRST64.exe
2014-09-21 19:44 - 2014-09-21 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-21 16:08 - 2014-09-21 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-19 23:12 - 2014-09-21 16:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-19 23:05 - 2014-09-21 15:29 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-19 23:01 - 2014-09-19 23:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-08 09:50 - 2014-09-08 09:50 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Origin
2014-08-28 22:17 - 2014-08-29 18:24 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-27 11:19 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 19:50 - 2013-01-06 12:14 - 00000000 ____D () C:\Users\colte_000\AppData\Local\PMB Files
2014-09-21 19:50 - 2012-11-11 14:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-21 19:49 - 2014-09-21 19:49 - 00029496 _____ () C:\Users\colte_000\Desktop\FRST.txt
2014-09-21 19:49 - 2014-09-21 19:48 - 00000000 ____D () C:\FRST
2014-09-21 19:48 - 2014-09-21 19:48 - 00062050 _____ () C:\WINDOWS\temp023423.vbe
2014-09-21 19:48 - 2014-09-21 19:47 - 02105856 _____ (Farbar) C:\Users\colte_000\Desktop\FRST64.exe
2014-09-21 19:47 - 2014-05-04 13:21 - 00000000 __RDO () C:\Users\colte_000\SkyDrive
2014-09-21 19:47 - 2013-01-08 17:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 19:46 - 2014-08-03 05:42 - 00000000 ____D () C:\Users\colte_000\AppData\Local\LogMeIn Hamachi
2014-09-21 19:46 - 2014-07-28 00:09 - 00000000 ____D () C:\Temp
2014-09-21 19:46 - 2013-11-20 03:45 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-09-21 19:46 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-21 19:45 - 2013-09-29 20:55 - 00066608 _____ () C:\WINDOWS\PFRO.log
2014-09-21 19:45 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-21 19:45 - 2012-09-12 11:10 - 00000000 ____D () C:\WINDOWS\en
2014-09-21 19:44 - 2014-09-21 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-21 19:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-21 16:26 - 2014-07-23 17:21 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001UA.job
2014-09-21 16:19 - 2012-11-11 20:20 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-221111292-3122164013-3169833314-1001
2014-09-21 16:14 - 2014-08-17 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 16:12 - 2014-09-21 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-21 16:08 - 2014-06-30 20:14 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-21 16:07 - 2014-09-19 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-21 16:06 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-21 16:06 - 2013-01-08 17:11 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 16:05 - 2013-11-20 03:44 - 01910456 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-21 15:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-09-21 15:29 - 2014-09-19 23:05 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-20 21:08 - 2012-11-11 20:12 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26BF87C5-8870-4DBE-8DE4-096D694AD9A8}
2014-09-20 17:25 - 2014-07-23 17:20 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001Core.job
2014-09-20 16:58 - 2014-07-26 22:58 - 00003188 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForcolte_000
2014-09-20 16:58 - 2014-07-26 22:58 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForcolte_000.job
2014-09-20 14:23 - 2012-11-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-19 23:36 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-09-19 23:36 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-19 23:02 - 2014-09-19 23:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-19 13:16 - 2012-11-11 20:10 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Packages
2014-09-19 00:52 - 2014-03-09 23:17 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-09-19 00:33 - 2012-11-15 20:55 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-19 00:33 - 2012-11-12 16:55 - 00000000 ____D () C:\ProgramData\Origin
2014-09-19 00:32 - 2012-09-12 11:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 00:26 - 2013-02-11 15:13 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\BitTorrent
2014-09-19 00:20 - 2012-11-18 02:36 - 00000000 ____D () C:\Users\colte_000\Documents\WB Games
2014-09-19 00:18 - 2012-11-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-18 21:03 - 2013-07-02 21:55 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Skyrim
2014-09-18 20:43 - 2013-09-29 20:51 - 00000000 ____D () C:\WINDOWS\SKB
2014-09-18 11:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-17 16:15 - 2013-09-29 21:04 - 00972696 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-17 16:15 - 2013-03-20 15:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 18:13 - 2012-11-12 12:59 - 00000000 ____D () C:\Users\colte_000\Documents\Electronic Arts
2014-09-16 18:06 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Hero Lab
2014-09-15 12:15 - 2012-12-10 14:51 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-15 12:15 - 2012-11-12 14:22 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-12 12:11 - 2012-11-13 01:38 - 00000000 ____D () C:\Users\colte_000\Documents\My Games
2014-09-11 12:27 - 2014-08-21 14:03 - 00000000 ____D () C:\Users\colte_000\AppData\Local\4A Games
2014-09-11 12:24 - 2012-09-12 11:09 - 00621371 _____ () C:\WINDOWS\DirectX.log
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-11 12:19 - 2014-01-24 14:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer_Inc
2014-09-11 12:19 - 2012-11-30 17:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-10 21:29 - 2014-08-01 21:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-10 21:29 - 2013-11-13 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-09 10:50 - 2012-11-11 14:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-08 21:23 - 2013-01-08 14:07 - 00000000 ____D () C:\Users\colte_000\Documents\School
2014-09-08 17:19 - 2014-07-02 11:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 09:50 - 2014-09-08 09:50 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Origin
2014-09-08 09:50 - 2012-11-12 16:55 - 00000000 ___HD () C:\Users\colte_000\AppData\Roaming\Origin
2014-09-08 00:12 - 2013-10-06 21:38 - 00000901 _____ () C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-08-29 18:24 - 2014-08-28 22:17 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 22:17 - 2013-11-20 03:20 - 00000000 ____D () C:\Users\colte_000
2014-08-28 19:36 - 2012-11-13 17:09 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\.minecraft
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 19:30 - 2014-01-26 16:55 - 00000000 ____D () C:\Program Files\Java
2014-08-28 16:47 - 2014-06-14 22:00 - 00000000 ____D () C:\Users\colte_000\AppData\Local\ftblauncher
2014-08-28 16:47 - 2013-03-21 15:15 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\ftblauncher
2014-08-27 14:00 - 2013-08-22 07:44 - 00508664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-27 13:57 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\Program Files (x86)\Hero Lab
2014-08-23 00:33 - 2013-03-02 13:48 - 00000000 ____D () C:\Users\colte_000\Documents\yWriter Projects
2014-08-22 17:42 - 2014-08-27 11:19 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 01:15 - 2012-12-02 21:01 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\Skype
 
Files to move or delete:
====================
C:\Users\colte_000\AppData\Roaming\Origin\update.vbe
 
 
Some content of TEMP:
====================
C:\Users\colte_000\AppData\Local\Temp\Extract.exe
C:\Users\colte_000\AppData\Local\Temp\GUR4AFB.exe
C:\Users\colte_000\AppData\Local\Temp\GURF58C.exe
C:\Users\colte_000\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.1.exe
C:\Users\colte_000\AppData\Local\Temp\OpenComputersMod-1.3.3.547-native.64.dll
C:\Users\colte_000\AppData\Local\Temp\Quarantine.exe
C:\Users\colte_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\colte_000\AppData\Local\Temp\sonarinst.exe
C:\Users\colte_000\AppData\Local\Temp\SP62765.exe
C:\Users\colte_000\AppData\Local\Temp\SP63065.exe
C:\Users\colte_000\AppData\Local\Temp\SP63340.exe
C:\Users\colte_000\AppData\Local\Temp\SP63599.exe
C:\Users\colte_000\AppData\Local\Temp\SP63752.exe
C:\Users\colte_000\AppData\Local\Temp\sp64126.exe
C:\Users\colte_000\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\colte_000\AppData\Local\Temp\update.exe
C:\Users\colte_000\AppData\Local\Temp\VerizonWirelessSoftwareUpgradeAssistant_1.2.7.exe
C:\Users\colte_000\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\colte_000\AppData\Local\Temp\vlc-2.1.5-win64.exe
C:\Users\colte_000\AppData\Local\Temp\_isD55.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-20 16:39
 
==================== End Of Log ============================
 
 
 
Then from the Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by colte_000 at 2014-09-21 19:50:34
Running from C:\Users\colte_000\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version:  - Overhaul Games)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32241 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
C3 (HKLM-x32\...\{422CA4EC-0570-4392-A174-10B56F5184C0}) (Version: 0.5.2143 - Vivox Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CLANNAD Full Voice 1.5 (HKLM-x32\...\{0283EDE1-D8A9-4F64-A035-5E35B4DD199A}_is1) (Version:  - Visual Art's / Key)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{0DCD0704-E2AB-4e97-96A7-90F146BD8243}) (Version: 2.50.6733.38 - Sony Computer Entertainment Inc.)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{0B79C91F-978F-4C2E-9FE4-D4B567808858}) (Version:  - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.1 - Dolphin Development Team)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Dragon Age Awakening Redesigned (HKCU\...\Dragon Age Awakening Redesigned) (Version:  - )
Dragon Age Awakening Velanna Redesigned© (HKCU\...\Dragon Age Awakening Velanna Redesigned©) (Version:  - )
Dragon Age Redesigned © Morrigan (HKCU\...\Dragon Age Redesigned © Morrigan) (Version:  - )
Dragon Age Redesigned- Leliana's Song (HKCU\...\Dragon Age Redesigned- Leliana's Song) (Version:  - )
Dragon Age Redesigned Oghren© (HKCU\...\Dragon Age Redesigned Oghren©) (Version:  - )
Dragon Age Redesigned©  Zevran (HKCU\...\Dragon Age Redesigned©  Zevran) (Version:  - )
Dragon Age Redesigned© (HKCU\...\Dragon Age Redesigned©) (Version:  - )
Dragon Age Redesigned© Leliana (HKCU\...\Dragon Age Redesigned© Leliana) (Version:  - )
Dragon Age Redesigned© Sten (HKCU\...\Dragon Age Redesigned© Sten) (Version:  - )
Dragon Age Redesigned© Wynne (HKCU\...\Dragon Age Redesigned© Wynne) (Version:  - )
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Full Combat Rebalance v1.6a (HKLM-x32\...\Full Combat Rebalance_is1) (Version: 1.6a - Andrzej Kwiatkowski)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Game Dev Tycoon version 1.3.9 (HKLM-x32\...\{5BBB8682-1335-410F-A79F-8E5611A54BD0}_is1) (Version: 1.3.9 - Greenheart Games Pty. Ltd.)
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Team Garry)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Hero Lab 5.3 (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 5.3 - LWD Technology, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{7DE5085A-3665-40BC-9595-A1A209699137}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.11.0000.1482 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{AD0F3D6D-202A-4BAB-8838-0134531FD3AF}) (Version: 15.5.6.0460 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.9.0.1001 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.10.0.0307 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.236 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.105 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.214 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.236 - LogMeIn, Inc.) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MotioninJoy DS3 driver version 0.6.0005 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.6.0005 - www.motioninjoy.com)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
New Vegas Configator version 1.6 (HKLM-x32\...\New Vegas Configator_is1) (Version: 1.6 - Rudolf Enberg)
New Vegas Enhanced Content Complete (HKLM-x32\...\NVEC Complete) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
OpenMG Secure Module 5.0.00 (x32 Version: 5.0.00.11280 - Sony Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDFCanvas V1.5 (HKLM-x32\...\PDFCanvas V1.5) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Project 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
RaiderZ (HKLM-x32\...\RaiderZ) (Version:  - Perfect World Entertainment)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RStudio (HKLM-x32\...\RStudio) (Version: 0.98.490 - RStudio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scabbard Mod v1.04 (HKLM-x32\...\Scabbard Mod_is1) (Version: 1.04 - Andrzej Kwiatkowski)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup - The SIMS 4  Deluxe Edition ... (HKLM-x32\...\Setup - The SIMS 4  Deluxe Edition ...) (Version: ... - Electronic Arts)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1556.2 - Hi-Rez Studios)
SonicStage 4.3 (HKLM-x32\...\{A0EB195B-5876-48E6-879D-33D4B2102610}) (Version: 4.3 - Sony Corporation)
Sony Noise Reduction Plug-In 2.0h (HKLM-x32\...\{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}) (Version: 2.0.451 - Sony)
Sony Sound Forge 9.0 (HKLM-x32\...\{4AEA9A23-D627-4699-8A0F-FC474308C2E6}) (Version: 9.0.441 - Sony)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spotify (HKCU\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.15.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
tConfig version 0.34.1b (HKLM-x32\...\{224E185A-DCC7-45C5-B04D-77E6CE82D83E}_is1) (Version: 0.34.1b - Surfpup)
Terraria Game Launcher version 3.0 (HKLM-x32\...\Terraria Game Launcher_is1) (Version: 3.0 - Eikester)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
The Yawhg (HKLM-x32\...\Steam App 269030) (Version:  - Damian Sommer)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{3F3A95FF-9F40-4B19-8227-53DF683B4CF9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{3F3A95FF-9F40-4B19-8227-53DF683B4CF9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EE35EB6C-7768-433F-B9A0-73C97699A08C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{EE35EB6C-7768-433F-B9A0-73C97699A08C}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01923A0F-BA34-4A75-8D43-97F536E44D95}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01923A0F-BA34-4A75-8D43-97F536E44D95}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{6D8F4981-88A1-4386-8B3C-A51021FD8395}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
Verizon Software Upgrade Assistant (x32 Version: 14.07.0101 - Motorola Mobility) Hidden
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{A3070098-A41D-42D9-B6D3-2EF15285E719}) (Version: 2.14.0605 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Upgrade Assistant for Motorola (HKLM-x32\...\{9BEDD987-AC68-44D2-8803-EC0650F6C43F}) (Version: 1.2.7 - Motorola Mobility)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warface Launcher (Beta) (HKLM-x32\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)
yWriter5 (HKLM-x32\...\yWriter5_is1) (Version:  - Spacejock Software)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-221111292-3122164013-3169833314-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-221111292-3122164013-3169833314-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-221111292-3122164013-3169833314-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
19-09-2014 07:21:14 Removed Bastion
20-09-2014 06:10:48 Before MRootkit
20-09-2014 07:24:10 Malwarebytes Anti-Rootkit Restore Point
21-09-2014 22:06:35 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04406162-E7FD-4C39-A99F-FABE1EAC5DC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {114FAFAF-268F-4D2A-A69D-BEEEC74C678D} - System32\Tasks\HPCeeScheduleForcolte_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {16B25D5E-08CD-4C11-900C-32A892067A1A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22D86AF0-D21A-4262-86AF-A78AF25CAFA2} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2014-07-01] ()
Task: {27EB423B-DF20-4F81-ACAF-8886377A148A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {2A25E70A-DC24-4E70-9DBA-C27FAD6E62F7} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4196BF63-EE67-4C41-88A2-D33E84FDF7D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {4410BDCF-D3F7-4DAF-95C1-706BBBDE0272} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN369490T0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {466F7EF6-62D7-42F7-91F0-A6E818C7039D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F510A1E-398C-4995-8C85-9AD780DFCF28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {4FF1B1FE-8262-4FAF-B3C6-96F3C133D7AE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {50EFD9ED-04E8-41FF-B8BF-3B0817361773} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN3681902Z => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {5520719E-54C7-431B-A2FF-F7C2E4E1E293} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {5D366B47-7BCE-42F6-A46E-2D33CF59CD02} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {67F14B32-B597-4DF4-A6C9-0BB9430156F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001Core => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD8AAF8-C313-45C7-9CBF-799B087105F5} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2014-07-01] ()
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {7070C05C-39DB-4029-8A1A-24027C52FE4D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {757BD1C1-6D33-4E86-AC3B-BE1F76464C02} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-03] (Synaptics Incorporated)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {82C61C54-6C7C-4A96-BCB0-33EA1F0500CF} - System32\Tasks\Verizon Wireless Upgrade Assistant Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2014-07-01] ()
Task: {8480AA1B-BB26-4707-BCA3-825CBD6AB5F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88ABC549-0760-47D3-8188-E1784355A8AB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8CFA3C19-5ED3-408F-AA4E-7D1DC763B175} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-13] (Microsoft Corporation)
Task: {9336C673-8850-4325-850F-3758603CF8CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A8513FAC-4C88-4805-B3D9-6F1F9A2EA62A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN32Q1PJ4P => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {B5555631-8F87-49F5-992E-36AD2FF3A7A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C04FB512-CD11-4598-B662-2B8C2DBE6162} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C1F99EF4-6603-43F3-AD41-59EFDC033455} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CA42DD6C-DFAB-4523-8943-05367C11679F} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D5DE1598-774A-4A4E-8F6E-BBAA2A9F1FF3} - System32\Tasks\Origin => C:\Users\colte_000\AppData\Roaming\Origin\update.vbe [2014-09-08] () <==== ATTENTION
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E98D5E12-1A16-4EB4-B0CC-177C563CA60C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {EB2D25FF-9148-45F3-81BD-C5BF1839A5B5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {ED1F1BC5-9246-40BF-9167-74DC3A35C7B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {F22BFFD5-5EE9-47BD-A335-6F49743700E1} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {F5863BD5-6778-4610-B9D7-FC54D93467A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001UA => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-23] (Google Inc.)
Task: {F8EF914A-1EE0-4CE0-ACB3-099940F2F63D} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {FD6EAE22-9F7E-4FA7-A551-242B5F107C0C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN35R1NH3N => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001Core.job => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001UA.job => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForcolte_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2013-01-06 12:14 - 2013-01-06 12:14 - 03093624 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
2014-09-21 19:48 - 2014-09-21 19:48 - 00340158 _____ () C:\Windows\Temp\svchost.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-07 07:31 - 2014-04-07 07:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-05-19 13:22 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-10 14:06 - 2013-12-10 14:06 - 10683392 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-12-10 14:06 - 2013-12-10 14:06 - 07741952 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-12-10 14:06 - 2013-12-10 14:06 - 01681408 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-12-10 14:06 - 2013-12-10 14:06 - 02248192 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-05-15 14:20 - 2014-05-15 14:20 - 00117248 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-05-15 14:20 - 2014-05-15 14:20 - 00231936 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-05-15 14:21 - 2014-05-15 14:21 - 00253440 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-05-15 14:24 - 2014-05-15 14:24 - 00344064 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-12-10 14:06 - 2013-12-10 14:06 - 00026624 _____ () C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-09-13 13:09 - 2014-09-03 20:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 13:09 - 2014-09-03 20:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-13 13:09 - 2014-09-03 20:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 13:09 - 2014-09-03 20:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 13:09 - 2014-09-03 20:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2012-10-26 12:00 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\colte_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\colte_000\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\colte_000\SkyDrive (3).old:ms-properties
AlternateDataStreams: C:\Users\colte_000\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Content Manager Assistant for PlayStation®.lnk"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "Power2GoExpress8"
HKCU\...\StartupApproved\Run: => "Lync"
HKCU\...\StartupApproved\Run: => "BitTorrent"
HKCU\...\StartupApproved\Run: => "Amazon Music"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10431890
 
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10431890
 
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27265
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27265
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13062
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13062
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/20/2014 09:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msfeedssync.exe, version: 11.0.9600.16384, time stamp: 0x5215f4d2
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x0000000000036c20
Faulting process id: 0x1ff4
Faulting application start time: 0xmsfeedssync.exe0
Faulting application path: msfeedssync.exe1
Faulting module path: msfeedssync.exe2
Report Id: msfeedssync.exe3
Faulting package full name: msfeedssync.exe4
Faulting package-relative application ID: msfeedssync.exe5
 
 
System errors:
=============
Error: (09/21/2014 07:45:25 PM) (Source: NETwNe64) (EventID: 5006) (User: )
Description: Intel® Centrino® Wireless-N 2230 : The version number is incorrect for this driver.
 
Error: (09/21/2014 07:45:24 PM) (Source: NETwNe64) (EventID: 5001) (User: )
Description: Intel® Centrino® Wireless-N 2230 : Could not allocate the resources necessary for operation.
 
Error: (09/21/2014 04:14:52 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: SHANIQWA)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-221111292-3122164013-3169833314-1001-0-ntuser.dat
 
Error: (09/21/2014 04:14:31 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: SHANIQWA)
Description: 0x8000002a116\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-221111292-3122164013-3169833314-1001-0-ntuser.dat
 
Error: (09/21/2014 04:12:31 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (09/21/2014 04:12:31 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/21/2014 04:12:02 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/21/2014 04:12:02 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/21/2014 04:11:32 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/21/2014 04:09:28 PM) (Source: DCOM) (EventID: 10005) (User: SHANIQWA)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10431890
 
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10431890
 
Error: (09/21/2014 07:42:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27265
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27265
 
Error: (09/21/2014 04:48:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13062
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13062
 
Error: (09/21/2014 04:48:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/20/2014 09:08:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msfeedssync.exe11.0.9600.163845215f4d2ntdll.dll6.3.9600.1711453649e73c00000050000000000036c201ff401cfd551a556fa5fC:\Windows\system32\msfeedssync.exeC:\WINDOWS\SYSTEM32\ntdll.dllf70d3d5a-4144-11e4-bf90-84a6c8a16dae
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-20 17:26:09.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.850
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-09-20 17:26:09.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 17%
Total physical RAM: 12177.27 MB
Available physical RAM: 10071.24 MB
Total Pagefile: 14033.27 MB
Available Pagefile: 11628.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:903.06 GB) (Free:408.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.34 GB) (Free:3.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 22 September 2014 - 04:09 AM

Ok, please do the following:


Step 1

Please download this attached Attached File  fixlist.txt   398bytes   9 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 hendocks

hendocks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 22 September 2014 - 02:27 PM

Done and done.

 

From Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2014 01
Ran by colte_000 at 2014-09-22 12:08:54 Run:1
Running from C:\Users\colte_000\Desktop\Virus Poppers\FRST64
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
2014-09-21 19:48 - 2014-09-21 19:48 - 00062050 _____ () C:\WINDOWS\temp023423.vbe
Task: {D5DE1598-774A-4A4E-8F6E-BBAA2A9F1FF3} - System32\Tasks\Origin => C:\Users\colte_000\AppData\Roaming\Origin\update.vbe [2014-09-08] () <==== ATTENTION
2014-09-08 09:50 - 2012-11-12 16:55 - 00000000 ___HD () C:\Users\colte_000\AppData\Roaming\Origin
C:\Windows\Temp\svchost.exe
EmptyTemp:
 
*****************
 
Processes closed successfully.
"C:\WINDOWS\temp023423.vbe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D5DE1598-774A-4A4E-8F6E-BBAA2A9F1FF3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5DE1598-774A-4A4E-8F6E-BBAA2A9F1FF3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\Users\colte_000\AppData\Roaming\Origin => Moved successfully.
C:\Windows\Temp\svchost.exe => Moved successfully.
EmptyTemp: => Removed 5.6 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
From FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by colte_000 (administrator) on SHANIQWA on 22-09-2014 12:24:55
Running from C:\Users\colte_000\Desktop\Virus Poppers\FRST64
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-12-03] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify] => C:\Users\colte_000\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify Web Helper] => C:\Users\colte_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-06] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [BitTorrent] => C:\Users\colte_000\AppData\Roaming\BitTorrent\BitTorrent.exe [1274456 2014-09-08] (BitTorrent Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [GoogleChromeAutoLaunch_5694E434D15114E885D845B3B557AC70] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Google Update] => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-23] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [MusicManager] => C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Amazon Music] => C:\Users\colte_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a116a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a117a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {8680657f-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {868065e2-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {cff9dc44-07bb-11e4-bf63-84a6c8a16dae} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {fb4ea843-47bf-11e2-be7e-84a6c8a16dae} - "F:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 158.104.100.1 158.104.100.2 158.104.100.3
 
FireFox:
========
FF ProfilePath: C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\colte_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-05]
FF Extension: Adblock Edge - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-03-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-08-03]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\npgcwloplugin.dll (HP)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Play Music) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-15]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-01-08]
CHR Extension: (AdBlock) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-05-19]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-05-09] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-11-23] ()
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-17] (DT Soft Ltd)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-11-20] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-11-23] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-11-20] (Microsoft Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-11-20] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-11-20] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-12-03] (Synaptics Incorporated)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 19:48 - 2014-09-22 12:25 - 00000000 ____D () C:\FRST
2014-09-21 19:44 - 2014-09-21 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-21 16:08 - 2014-09-21 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-19 23:12 - 2014-09-21 16:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-19 23:05 - 2014-09-22 12:23 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-19 23:01 - 2014-09-19 23:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-28 22:17 - 2014-08-29 18:24 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-27 11:19 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-22 12:26 - 2014-07-23 17:21 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001UA.job
2014-09-22 12:25 - 2014-09-21 19:48 - 00000000 ____D () C:\FRST
2014-09-22 12:25 - 2013-01-06 12:14 - 00000000 ____D () C:\Users\colte_000\AppData\Local\PMB Files
2014-09-22 12:24 - 2014-05-04 13:21 - 00000000 __RDO () C:\Users\colte_000\SkyDrive
2014-09-22 12:24 - 2013-01-08 17:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 12:23 - 2014-09-19 23:05 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-22 12:22 - 2014-08-03 05:42 - 00000000 ____D () C:\Users\colte_000\AppData\Local\LogMeIn Hamachi
2014-09-22 12:22 - 2014-07-28 00:09 - 00000000 ____D () C:\Temp
2014-09-22 12:22 - 2013-11-20 03:45 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-09-22 12:22 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-22 12:21 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-22 12:15 - 2012-11-11 20:20 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-221111292-3122164013-3169833314-1001
2014-09-22 12:06 - 2013-01-08 17:11 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 12:04 - 2013-11-20 03:44 - 01927065 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-22 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-22 11:50 - 2012-11-11 14:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-21 21:48 - 2012-11-11 20:12 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26BF87C5-8870-4DBE-8DE4-096D694AD9A8}
2014-09-21 19:59 - 2012-11-11 20:10 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Packages
2014-09-21 19:45 - 2013-09-29 20:55 - 00066608 _____ () C:\WINDOWS\PFRO.log
2014-09-21 19:45 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-21 19:45 - 2012-09-12 11:10 - 00000000 ____D () C:\WINDOWS\en
2014-09-21 19:44 - 2014-09-21 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-21 16:14 - 2014-08-17 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 16:12 - 2014-09-21 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-21 16:08 - 2014-06-30 20:14 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-21 16:07 - 2014-09-19 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-21 15:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-09-20 17:25 - 2014-07-23 17:20 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001Core.job
2014-09-20 16:58 - 2014-07-26 22:58 - 00003188 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForcolte_000
2014-09-20 16:58 - 2014-07-26 22:58 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForcolte_000.job
2014-09-20 14:23 - 2012-11-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-19 23:36 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-09-19 23:36 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-19 23:02 - 2014-09-19 23:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-19 00:52 - 2014-03-09 23:17 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-09-19 00:33 - 2012-11-15 20:55 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-19 00:33 - 2012-11-12 16:55 - 00000000 ____D () C:\ProgramData\Origin
2014-09-19 00:32 - 2012-09-12 11:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 00:26 - 2013-02-11 15:13 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\BitTorrent
2014-09-19 00:20 - 2012-11-18 02:36 - 00000000 ____D () C:\Users\colte_000\Documents\WB Games
2014-09-19 00:18 - 2012-11-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-18 21:03 - 2013-07-02 21:55 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Skyrim
2014-09-18 20:43 - 2013-09-29 20:51 - 00000000 ____D () C:\WINDOWS\SKB
2014-09-18 11:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-17 16:15 - 2013-09-29 21:04 - 00972696 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-17 16:15 - 2013-03-20 15:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 18:13 - 2012-11-12 12:59 - 00000000 ____D () C:\Users\colte_000\Documents\Electronic Arts
2014-09-16 18:06 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Hero Lab
2014-09-15 12:15 - 2012-12-10 14:51 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-15 12:15 - 2012-11-12 14:22 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-12 12:11 - 2012-11-13 01:38 - 00000000 ____D () C:\Users\colte_000\Documents\My Games
2014-09-11 12:27 - 2014-08-21 14:03 - 00000000 ____D () C:\Users\colte_000\AppData\Local\4A Games
2014-09-11 12:24 - 2012-09-12 11:09 - 00621371 _____ () C:\WINDOWS\DirectX.log
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-11 12:19 - 2014-01-24 14:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer_Inc
2014-09-11 12:19 - 2012-11-30 17:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-10 21:29 - 2014-08-01 21:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-10 21:29 - 2013-11-13 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-09 10:50 - 2012-11-11 14:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-08 21:23 - 2013-01-08 14:07 - 00000000 ____D () C:\Users\colte_000\Documents\School
2014-09-08 17:19 - 2014-07-02 11:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 00:12 - 2013-10-06 21:38 - 00000901 _____ () C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-08-29 18:24 - 2014-08-28 22:17 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 22:17 - 2013-11-20 03:20 - 00000000 ____D () C:\Users\colte_000
2014-08-28 19:36 - 2012-11-13 17:09 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\.minecraft
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 19:30 - 2014-01-26 16:55 - 00000000 ____D () C:\Program Files\Java
2014-08-28 16:47 - 2014-06-14 22:00 - 00000000 ____D () C:\Users\colte_000\AppData\Local\ftblauncher
2014-08-28 16:47 - 2013-03-21 15:15 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\ftblauncher
2014-08-27 14:00 - 2013-08-22 07:44 - 00508664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-27 13:57 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\Program Files (x86)\Hero Lab
2014-08-23 00:33 - 2013-03-02 13:48 - 00000000 ____D () C:\Users\colte_000\Documents\yWriter Projects
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-22 12:15
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 22 September 2014 - 02:36 PM

Does Malwarebytes now still detect this threat (and isn't able to remove it) that you mentioned at the beginning?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 hendocks

hendocks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 22 September 2014 - 10:08 PM

OK, here's the log content. Also, Malwarebytes no longer detects Trojan.Agent.Gen, but ESET did find two other trojan programs (but not Trojan.Agent.Gen). However, I doubt it is really gone due to having disappeared before and reviving. I'll probably perform more scans over the course of the next couple of days. Anyways...

 

ESET log.txt:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=094e3756ffcf3c468d91f80eb906f927
# engine=20247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-23 02:59:49
# local_time=2014-09-22 07:59:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 14899510 0 0
# scanned=570587
# found=2
# cleaned=0
# scan_time=25231
sh=4A49B1D3206A0C7806EB909505B141CC8A46D217 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CF trojan" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
sh=4A49B1D3206A0C7806EB909505B141CC8A46D217 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.CF trojan" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe"

Edited by hendocks, 22 September 2014 - 10:09 PM.


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 23 September 2014 - 03:47 PM

I doubt it is really gone due to having disappeared before and reviving

Malware doesn't just revive out of nothing. Malwarebytes just hasn't deleted it entirely.


Step 1

Please download this attached Attached File  fixlist.txt   159bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.
q

#9 hendocks

hendocks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 24 September 2014 - 01:38 AM

Malware doesn't just revive out of nothing. Malwarebytes just hasn't deleted it entirely.

 

Well yes. Naturally. I guess it was just a poor choice of words.

 

Anyways, from Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by colte_000 at 2014-09-23 23:30:39 Run:2
Running from C:\Users\colte_000\Desktop\Virus Poppers\FRST64
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin
EmptyTemp:
 
*****************
 
Processes closed successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin => Moved successfully.
EmptyTemp: => Removed 140 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Then from FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by colte_000 (administrator) on SHANIQWA on 23-09-2014 23:33:55
Running from C:\Users\colte_000\Desktop\Virus Poppers\FRST64
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-12-03] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3802448 2014-09-04] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify] => C:\Users\colte_000\AppData\Roaming\Spotify\Spotify.exe [7880664 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Spotify Web Helper] => C:\Users\colte_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576 2012-11-12] (Spotify Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-06] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [BitTorrent] => C:\Users\colte_000\AppData\Roaming\BitTorrent\BitTorrent.exe [1274456 2014-09-08] (BitTorrent Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [GoogleChromeAutoLaunch_5694E434D15114E885D845B3B557AC70] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-03] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Google Update] => C:\Users\colte_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-23] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [MusicManager] => C:\Users\colte_000\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Amazon Music] => C:\Users\colte_000\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a116a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {5e3a117a-eb89-11e3-bf5a-84a6c8a16dae} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {8680657f-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {868065e2-15f7-11e4-bf73-84a6c8a16dae} - "F:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {cff9dc44-07bb-11e4-bf63-84a6c8a16dae} - "G:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-221111292-3122164013-3169833314-1001\...\MountPoints2: {fb4ea843-47bf-11e2-be7e-84a6c8a16dae} - "F:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\colte_000\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 158.104.100.1 158.104.100.2 158.104.100.3
 
FireFox:
========
FF ProfilePath: C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\colte_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\colte_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-05]
FF Extension: Adblock Edge - C:\Users\colte_000\AppData\Roaming\Mozilla\Firefox\Profiles\ox46grvu.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-03-05]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-08-03]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Simple Pass) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\npgcwloplugin.dll (HP)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (Google Play Music) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-06-15]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-01-08]
CHR Extension: (AdBlock) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-25]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-05-19]
CHR Extension: (Website Logon) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaaieiajnhcnimjgfmjpccjmmfkploci [2013-01-14]
CHR Extension: (Google Wallet) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\colte_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-13] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-08-08] (LogMeIn, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-05] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 vmms; C:\Windows\system32\vmms.exe [13401600 2014-05-09] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-20] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-11-23] ()
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-17] (DT Soft Ltd)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-07-21] (LogMeIn Inc.)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-11-20] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-11-23] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-11-20] (Microsoft Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-04-17] (Intel Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-11-20] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-11-20] (Microsoft Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-12-03] (Synaptics Incorporated)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-05-27] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-23 20:12 - 2014-09-23 20:12 - 00000000 _____ () C:\WINDOWS\Minidump\092314-296515-01.dmp
2014-09-22 21:09 - 2014-09-22 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-22 12:54 - 2014-09-22 12:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 19:48 - 2014-09-23 23:34 - 00000000 ____D () C:\FRST
2014-09-21 16:08 - 2014-09-21 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-19 23:12 - 2014-09-21 16:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-19 23:05 - 2014-09-22 12:38 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-19 23:01 - 2014-09-19 23:02 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-08-28 22:17 - 2014-08-29 18:24 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-27 11:19 - 2014-08-22 17:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-23 23:34 - 2014-09-21 19:48 - 00000000 ____D () C:\FRST
2014-09-23 23:34 - 2013-01-06 12:14 - 00000000 ____D () C:\Users\colte_000\AppData\Local\PMB Files
2014-09-23 23:33 - 2014-05-04 13:21 - 00000000 ___DO () C:\Users\colte_000\SkyDrive
2014-09-23 23:32 - 2014-08-03 05:42 - 00000000 ____D () C:\Users\colte_000\AppData\Local\LogMeIn Hamachi
2014-09-23 23:32 - 2014-07-28 00:09 - 00000000 ____D () C:\Temp
2014-09-23 23:32 - 2013-11-20 03:45 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso
2014-09-23 23:32 - 2013-01-08 17:11 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 23:31 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-23 23:31 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-23 23:26 - 2014-07-23 17:21 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001UA.job
2014-09-23 23:23 - 2012-11-11 20:20 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-221111292-3122164013-3169833314-1001
2014-09-23 23:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-23 20:12 - 2014-09-23 20:12 - 00000000 _____ () C:\WINDOWS\Minidump\092314-296515-01.dmp
2014-09-23 20:12 - 2014-02-02 22:54 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-23 20:08 - 2013-02-01 15:12 - 693261767 _____ () C:\WINDOWS\MEMORY.DMP
2014-09-23 19:11 - 2013-01-08 17:11 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 18:49 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Hero Lab
2014-09-23 18:21 - 2013-11-20 03:44 - 02011422 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-23 18:04 - 2012-11-11 20:12 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26BF87C5-8870-4DBE-8DE4-096D694AD9A8}
2014-09-23 13:11 - 2012-11-11 20:10 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Packages
2014-09-23 12:50 - 2012-11-11 14:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-23 10:49 - 2013-09-29 21:04 - 00972696 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-23 10:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-23 09:47 - 2014-08-17 22:17 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 21:09 - 2014-09-22 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-22 21:02 - 2012-11-11 13:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-22 17:25 - 2014-07-23 17:20 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-221111292-3122164013-3169833314-1001Core.job
2014-09-22 16:11 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-22 12:54 - 2014-09-22 12:54 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-22 12:38 - 2014-09-19 23:05 - 00000000 ____D () C:\Users\colte_000\Desktop\Virus Poppers
2014-09-22 12:31 - 2012-11-12 14:22 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-22 12:30 - 2012-12-10 14:51 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-21 23:42 - 2012-11-11 20:42 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-21 19:45 - 2013-09-29 20:55 - 00066608 _____ () C:\WINDOWS\PFRO.log
2014-09-21 19:45 - 2012-09-12 11:10 - 00000000 ____D () C:\WINDOWS\en
2014-09-21 16:12 - 2014-09-21 16:08 - 00000000 ____D () C:\AdwCleaner
2014-09-21 16:08 - 2014-06-30 20:14 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-21 16:07 - 2014-09-19 23:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-21 15:40 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\SchCache
2014-09-20 16:58 - 2014-07-26 22:58 - 00003188 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForcolte_000
2014-09-20 16:58 - 2014-07-26 22:58 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForcolte_000.job
2014-09-19 23:36 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-09-19 23:02 - 2014-09-19 23:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\colte_000\Downloads\mbar-1.07.0.1012.exe
2014-09-19 00:52 - 2014-03-09 23:17 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-09-19 00:33 - 2012-11-15 20:55 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-19 00:33 - 2012-11-12 16:55 - 00000000 ____D () C:\ProgramData\Origin
2014-09-19 00:32 - 2012-09-12 11:02 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-19 00:26 - 2013-02-11 15:13 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\BitTorrent
2014-09-19 00:20 - 2012-11-18 02:36 - 00000000 ____D () C:\Users\colte_000\Documents\WB Games
2014-09-19 00:18 - 2012-11-12 16:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-09-18 21:03 - 2014-07-02 11:23 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-09-18 21:03 - 2013-07-02 21:55 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Skyrim
2014-09-18 20:43 - 2013-09-29 20:51 - 00000000 ____D () C:\WINDOWS\SKB
2014-09-18 11:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-17 16:15 - 2013-03-20 15:33 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 18:13 - 2012-11-12 12:59 - 00000000 ____D () C:\Users\colte_000\Documents\Electronic Arts
2014-09-12 12:11 - 2012-11-13 01:38 - 00000000 ____D () C:\Users\colte_000\Documents\My Games
2014-09-11 12:27 - 2014-08-21 14:03 - 00000000 ____D () C:\Users\colte_000\AppData\Local\4A Games
2014-09-11 12:24 - 2012-09-12 11:09 - 00621371 _____ () C:\WINDOWS\DirectX.log
2014-09-11 12:19 - 2014-09-11 12:19 - 00002062 _____ () C:\Users\Public\Desktop\Razer Cortex.lnk
2014-09-11 12:19 - 2014-01-24 14:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer_Inc
2014-09-11 12:19 - 2012-11-30 17:41 - 00000000 ____D () C:\Users\colte_000\AppData\Local\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-09-11 12:19 - 2012-11-30 17:11 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-09-10 21:29 - 2014-09-10 21:29 - 00000938 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-09-10 21:29 - 2014-08-01 21:23 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-09-10 21:29 - 2013-11-13 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-09-09 10:50 - 2012-11-11 14:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 10:09 - 2014-09-09 10:09 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-08 21:23 - 2013-01-08 14:07 - 00000000 ____D () C:\Users\colte_000\Documents\School
2014-09-08 17:19 - 2014-07-02 11:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 00:12 - 2013-10-06 21:38 - 00000901 _____ () C:\Users\colte_000\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-08-29 18:24 - 2014-08-28 22:17 - 00000123 _____ () C:\Users\colte_000\.atl.properties
2014-08-28 22:17 - 2013-11-20 03:20 - 00000000 ____D () C:\Users\colte_000
2014-08-28 19:36 - 2012-11-13 17:09 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\.minecraft
2014-08-28 19:30 - 2014-08-28 19:30 - 00319912 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-08-28 19:30 - 2014-08-28 19:30 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-08-28 19:30 - 2014-08-28 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-28 19:30 - 2014-01-26 16:55 - 00000000 ____D () C:\Program Files\Java
2014-08-28 16:47 - 2014-06-14 22:00 - 00000000 ____D () C:\Users\colte_000\AppData\Local\ftblauncher
2014-08-28 16:47 - 2013-03-21 15:15 - 00000000 ____D () C:\Users\colte_000\AppData\Roaming\ftblauncher
2014-08-27 14:00 - 2013-08-22 07:44 - 00508664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-27 13:57 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-25 13:39 - 2014-08-25 13:39 - 00001012 _____ () C:\Users\Public\Desktop\Hero Lab.lnk
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hero Lab
2014-08-25 13:39 - 2014-03-20 15:11 - 00000000 ____D () C:\Program Files (x86)\Hero Lab
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-22 21:39
 
==================== End Of Log ============================


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 24 September 2014 - 08:03 AM

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Mozilla Firefox 28.0 (x86 en-US)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 hendocks

hendocks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 AM

Posted 24 September 2014 - 03:51 PM

Thanks a ton!



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 24 September 2014 - 04:08 PM

You're welcome.
Take care.

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:02 PM

Posted 24 September 2014 - 04:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users