Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

folder.exe, folder.scr virus


  • This topic is locked This topic is locked
42 replies to this topic

#1 rt60man

rt60man

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 10 October 2014 - 01:19 PM

Hi,

 

Think I am infected with what they call folder.exe virus.

For eg. if I have a folder named ADVANCED DESIGN, then a folder named DESIGN.exe is created

 

The virus attacks very randomly, sometimes once in 10 days, sometimes once in 3 days. Rebooting is the only way to postpone the nuisance.

 

In some cases there is also creation of the folder.scr file

 

My system is Win-7 64 bit. with Avast 2014 antivirus installed.

 

Your help is greatly appreciated

Thanks



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 15 October 2014 - 01:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/551514 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:28 AM

Posted 20 October 2014 - 01:25 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 23 October 2014 - 12:09 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496  BrowserJavaVersion: 1.6.0_20
Run by AudioLotus at 22:34:49 on 2014-10-23
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4078.2507 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\crypserv.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\ouc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.in/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [Everyday Auto Backup] C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe /1
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Google Update] "C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -update plugin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{16967578-E082-4DFF-A26E-98856C78FF72} : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\AudioLotus\AppData\Roaming\Mozilla\Firefox\Profiles\y2eurea4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\AudioLotus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: !HIDDEN! 2012-10-01 09:14; mozilla_cc@internetdownloadmanager.com; C:\Users\AudioLotus\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-10-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-10-4 224896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2007-7-10 16472]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-18 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-3-18 427360]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-2 65024]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-4 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-18 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-4 92008]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-4 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DataCardService\HWDeviceService64.exe [2011-3-14 346976]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2011-7-14 145008]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 NiViPxiK;NI-VISA PXI Driver;C:\Windows\System32\drivers\NiViPxiKl.sys [2007-7-19 11872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-16 378984]
R2 UDisk Monitor;UDisk Monitor;C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [2012-8-11 405504]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-28 2656280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2012-3-28 42096]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-21 90112]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2014-3-13 35008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Photon Plus. RunOuc;Photon Plus. OUC;C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [2014-10-21 655712]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2013-8-8 57688]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-17 1432400]
S3 nidimk;nidimk;C:\Windows\System32\drivers\nidimkl.sys [2007-7-12 11872]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2007-7-18 12928]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2007-7-18 12920]
S3 NiViFWK;NI-VISA FireWire Driver;C:\Windows\System32\drivers\NiViFWKl.sys [2007-7-19 11896]
S3 NiViPciK;NI-VISA PCI Driver;C:\Windows\System32\drivers\NiViPciKl.sys [2007-7-19 11872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-6 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-3-28 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys [2012-8-11 120704]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-10-23 02:59:02    11627712    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{693392E4-747F-4CD6-A668-AF589C61B2D7}\mpengine.dll
2014-10-21 13:57:58    --------    d-----w-    C:\Program Files (x86)\Photon Plus
2014-10-21 06:35:36    11627712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-12 15:52:41    --------    d-----w-    C:\Users\AudioLotus\AppData\Local\Skype
2014-10-12 15:52:17    --------    d-----r-    C:\Program Files (x86)\Skype
2014-10-05 06:40:33    --------    d-----w-    C:\Users\AudioLotus\AppData\Roaming\AVAST Software
2014-10-04 07:22:35    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-10-04 07:22:32    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-10-04 07:22:13    43152    ----a-w-    C:\Windows\avastSS.scr
2014-10-04 07:08:51    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-10-04 07:08:48    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-10-02 08:08:16    1188440    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{92B62924-6380-4D75-9FB0-F1DEDA1D4CAB}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-10-04 07:22:18    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-10-04 07:22:17    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-10-04 07:22:15    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-09-22 06:42:39    278152    ------w-    C:\Windows\System32\MpSigStub.exe
1998-10-30 17:51:24    30240    ----a-w-    C:\Program Files (x86)\SETUP.EXE
.
============= FINISH: 22:35:58.86 ===============
 



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 23 October 2014 - 06:14 PM

Greetings rt60man and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 24 October 2014 - 03:38 AM

Hi Gary,
 
Call me Roshan.

Regarding the msinfo32 summary file, I am not finding the attach option anywhere here. How do I attach?

 

Farbar Recover Scan Tool logs are below.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by AudioLotus (administrator) on ROSHAN-7 on 24-10-2014 13:40:10
Running from C:\Users\AudioLotus\Desktop
Loaded Profile: AudioLotus (Available profiles: AudioLotus & Roshan SM)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(LionMax Software) C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nisvcloc.exe
(National Instruments, Inc.) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
() C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2475384 2011-01-16] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-10] (AVAST Software)
HKU\S-1-5-21-3796240357-639066704-744450083-1000\...\Run: [Everyday Auto Backup] => C:\Program Files (x86)\Everyday Auto Backup\AutoBackup.exe [245760 2013-02-21] (LionMax Software)
HKU\S-1-5-21-3796240357-639066704-744450083-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3405208 2011-07-14] (Tonec Inc.)
HKU\S-1-5-21-3796240357-639066704-744450083-1000\...\Run: [Google Update] => C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-28] (Google Inc.)
HKU\S-1-5-21-3796240357-639066704-744450083-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3796240357-639066704-744450083-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
GroupPolicyUsers\S-1-5-21-3796240357-639066704-744450083-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.in/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x29AB9810B50CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\AudioLotus\AppData\Roaming\Mozilla\Firefox\Profiles\y2eurea4.default
FF Homepage: hxxp://www.google.co.in/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\AudioLotus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\AudioLotus\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll (National Instruments)
FF Extension: IDM CC - C:\Users\AudioLotus\AppData\Roaming\Mozilla\Firefox\Profiles\y2eurea4.default\Extensions\mozilla_cc@internetdownloadmanager.com [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-18]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\AudioLotus\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\AudioLotus\AppData\Roaming\IDM\idmmzcc5 [2012-10-01]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\AudioLotus\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR Profile: C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14]
CHR Extension: (Google Drive) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14]
CHR Extension: (Google Search) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-14]
CHR Extension: (avast! Online Security) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-06]
CHR Extension: (Skype Click to Call) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\AudioLotus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Users\AudioLotus\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-04] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S3 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2008-10-31] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [12696 2007-03-08] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
S4 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1007616 2009-09-18] (Macrovision Corporation) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 niSvcLoc; C:\Windows\SysWOW64\nisvcloc.exe [13896 2009-06-04] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [703264 2007-02-06] (National Instruments, Inc.)
S2 Photon Plus. RunOuc; C:\Program Files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [655712 2014-10-21] ()
R2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [405504 2011-12-25] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-04] ()
S2 cvintdrv; C:\Windows\SysWow64\Drivers\cvintdrv.sys [4096 2005-10-18] () [File not signed]
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2014-10-21] (Huawei Technologies Co., Ltd.)
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-18] ()
S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [11872 2007-07-12] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11856 2007-07-12] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [12928 2007-07-18] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [538712 2007-07-18] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [12920 2007-07-18] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16472 2007-07-10] (National Instruments Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 NiViFWK; C:\Windows\System32\drivers\NiViFWKl.sys [11896 2007-07-19] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [11872 2007-07-19] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [11872 2007-07-19] (National Instruments Corporation)
S3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2011-12-25] (ZTEMT Incorporated)
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 13:40 - 2014-10-24 13:41 - 00018761 _____ () C:\Users\AudioLotus\Desktop\FRST.txt
2014-10-24 13:39 - 2014-10-24 13:40 - 00000000 ____D () C:\FRST
2014-10-24 13:39 - 2014-10-24 13:39 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SIA-Smaart Acoustic Tools
2014-10-24 13:39 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2014-10-24 13:39 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.012
2014-10-24 13:39 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2014-10-24 13:38 - 2014-10-24 13:39 - 00000000 ____D () C:\Program Files (x86)\SIA-Smaart Acoustic Tools
2014-10-24 13:14 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2014-10-24 13:14 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2014-10-24 13:14 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
2014-10-24 13:03 - 2014-10-24 13:03 - 00005576 _____ () C:\Windows\DPINST.LOG
2014-10-24 13:03 - 2014-10-24 13:03 - 00000000 ____D () C:\Windows\LastGood
2014-10-24 13:03 - 2014-10-24 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2014-10-24 13:03 - 2013-09-25 14:40 - 00127280 _____ (Focusrite Audio Engineering Limited.) C:\Windows\system32\Drivers\ffusb2audio.sys
2014-10-24 12:52 - 2014-10-24 12:52 - 02112000 _____ (Farbar) C:\Users\AudioLotus\Desktop\FRST64.exe
2014-10-23 22:36 - 2014-10-23 22:36 - 00014402 _____ () C:\Users\AudioLotus\Desktop\attach.txt
2014-10-23 22:36 - 2014-10-23 22:35 - 00017080 _____ () C:\Users\AudioLotus\Desktop\dds.txt
2014-10-23 22:33 - 2014-10-23 22:32 - 00688992 ____R (Swearware) C:\Users\AudioLotus\Desktop\dds.com
2014-10-23 22:29 - 2014-10-23 22:32 - 00688992 _____ (Swearware) C:\Users\AudioLotus\Downloads\dds.com
2014-10-21 21:49 - 2014-10-21 21:49 - 00000000 ____D () C:\Users\Roshan SM\Desktop\New folder (3)
2014-10-21 21:45 - 2014-10-21 21:46 - 00311197 _____ () C:\Users\Roshan SM\Downloads\cerner.zip
2014-10-21 19:30 - 2014-10-21 19:30 - 00001166 _____ () C:\Users\Public\Desktop\Photon Plus.lnk
2014-10-21 19:30 - 2014-10-21 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photon Plus
2014-10-21 19:29 - 2014-10-21 19:32 - 00000000 ____D () C:\ProgramData\DataCardService
2014-10-21 19:29 - 2014-10-21 19:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2014-10-21 19:29 - 2014-10-21 19:29 - 00000000 ____D () C:\ProgramData\Photon Plus
2014-10-21 19:29 - 2014-10-21 19:28 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-10-21 19:29 - 2014-10-21 19:28 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-10-21 19:29 - 2014-10-21 19:28 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00436224 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00225920 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00224768 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00104448 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00090112 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00073216 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00030720 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-10-21 19:29 - 2014-10-21 19:28 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-10-21 19:27 - 2014-10-21 19:27 - 00000000 ____D () C:\Program Files (x86)\Photon Plus
2014-10-21 19:26 - 2014-10-21 19:27 - 00000000 ____D () C:\Users\Roshan SM\Desktop\New folder (2)
2014-10-13 11:14 - 2014-10-13 11:15 - 00000000 ____D () C:\Users\AudioLotus\Desktop\V A T
2014-10-12 21:22 - 2014-10-13 21:04 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\Skype
2014-10-12 21:22 - 2014-10-12 21:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-12 21:22 - 2014-10-12 21:22 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-12 21:22 - 2014-10-12 21:22 - 00000000 ____D () C:\Users\AudioLotus\AppData\Local\Skype
2014-10-12 21:22 - 2014-10-12 21:22 - 00000000 ____D () C:\ProgramData\Skype
2014-10-12 21:22 - 2014-10-12 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-12 21:17 - 2014-10-12 21:17 - 00003136 _____ () C:\Windows\System32\Tasks\{31D9521B-AD3A-4D1F-909A-7463095EC82E}
2014-10-10 12:14 - 2014-10-10 13:00 - 00027934 _____ () C:\Users\Public\Documents\06 VAT SEP 14-15.xlsx
2014-10-10 11:55 - 2014-10-10 11:55 - 00000000 ____D () C:\Users\Roshan SM\AppData\Roaming\AVAST Software
2014-10-09 10:43 - 2014-10-24 13:04 - 00004975 _____ () C:\Windows\setupact.log
2014-10-09 10:43 - 2014-10-24 12:47 - 00005704 _____ () C:\Windows\error.log
2014-10-09 10:43 - 2014-10-09 10:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-06 13:55 - 2014-10-21 18:35 - 00044364 _____ () C:\Users\AudioLotus\Desktop\Pokemon  ralph.SGM
2014-10-06 13:37 - 2014-10-21 18:35 - 00044351 _____ () C:\Users\AudioLotus\Desktop\Pokemon evan.SGM
2014-10-05 12:10 - 2014-10-05 12:10 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\AVAST Software
2014-10-04 12:52 - 2014-10-04 12:52 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-04 12:52 - 2014-10-04 12:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-04 12:52 - 2014-10-04 12:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-04 12:38 - 2014-10-04 12:52 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-04 12:38 - 2014-10-04 12:52 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-02 13:33 - 2014-10-02 13:35 - 02006432 _____ () C:\Users\AudioLotus\Downloads\sd ceiling ( combine ceilling new) RTN3.dwg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 13:39 - 2012-08-13 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIA-Smaart Acoustic Tools
2014-10-24 13:14 - 2013-08-08 16:34 - 00000000 ____D () C:\Program Files (x86)\SIA SmaartLive 5
2014-10-24 13:09 - 2009-07-14 10:15 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 13:09 - 2009-07-14 10:15 - 00013424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 13:06 - 2014-01-09 11:34 - 00000000 ____D () C:\Users\AudioLotus\REW
2014-10-24 13:06 - 2012-10-01 09:06 - 00000000 ____D () C:\jexepackres
2014-10-24 13:03 - 2014-03-13 21:17 - 01561576 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 13:00 - 2012-06-16 18:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-24 13:00 - 2012-06-16 18:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 13:00 - 2012-03-28 12:43 - 00000000 ____D () C:\Users\AudioLotus\AppData\Local\Adobe
2014-10-24 12:48 - 2012-03-28 15:08 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000UA.job
2014-10-24 12:48 - 2012-03-28 12:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 12:47 - 2009-07-14 10:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 22:41 - 2012-10-01 09:14 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\DMCache
2014-10-23 22:17 - 2014-03-18 22:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-23 22:08 - 2012-03-28 16:32 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\vlc
2014-10-23 10:28 - 2009-07-14 10:43 - 00782838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-22 05:25 - 2012-03-28 13:10 - 00198744 _____ () C:\Users\AudioLotus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 19:32 - 2012-10-03 21:24 - 00198744 _____ () C:\Users\Roshan SM\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 19:31 - 2009-07-14 10:15 - 05238048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 17:48 - 2012-03-28 15:08 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000Core.job
2014-10-16 13:51 - 2013-07-27 10:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 21:17 - 2012-10-01 09:14 - 00000000 ____D () C:\Users\AudioLotus\AppData\Roaming\IDM
2014-10-10 12:12 - 2009-07-14 08:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-10 12:00 - 2014-03-18 22:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-05 12:09 - 2009-07-14 10:38 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-04 12:52 - 2014-03-18 22:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-10-04 12:52 - 2014-03-18 22:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-04 12:52 - 2014-03-18 22:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-04 12:52 - 2014-03-18 22:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-10-04 12:38 - 2013-02-11 11:39 - 00000000 _____ () C:\Windows\SysWOW64\config.nt

Some content of TEMP:
====================
C:\Users\AudioLotus\AppData\Local\Temp\arctic-loop.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-21 21:01

==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by AudioLotus at 2014-10-24 13:41:58
Running from C:\Users\AudioLotus\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.29963 - BitTorrent Inc.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 8 Professional - English, Français, Deutsch (x32 Version: 8.1.0 - Adobe Systems) Hidden
Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AFMG Licence Manager (HKLM-x32\...\{F2499F77-9924-4137-B514-13F488B4FE55}) (Version: 1.0.5 - AFMG)
AFMG Software Prerequisites (HKLM-x32\...\{0A44ED35-3A20-4DE8-B172-5FD061ED558D}) (Version: 1.0.0 - AFMG)
Angry Birds Star Wars (HKLM-x32\...\{DDDA784F-1F6F-4ECA-B432-EBE0374C322D}) (Version: 1.0.0 - Rovio)
Angry Birds Star Wars II 1.0.4 (HKLM-x32\...\Angry Birds Star Wars II 1.0.4) (Version: 1.0.4 - Cat-A-Cat)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arta Software version 1.7.1 (HKLM-x32\...\ArtaSoftware_is1) (Version:  - ARTALABS)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Audio Tuner (remove only) (HKLM-x32\...\Audio Tuner) (Version:  - )
AutoCAD 2012 - English (HKLM\...\AutoCAD 2012 - English) (Version: 18.2.51.0 - Autodesk)
AutoCAD 2012 - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.6.8941 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.06(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CADopia IntelliCAD 4 (x32 Version: 4.00.0000 - CADopia) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
ClueFinders Years 3 & 4 Adventures (HKLM-x32\...\ClueFinders Years 3 & 4 Adventures) (Version:  - )
Corel Graphics Suite 11 (HKLM-x32\...\InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}) (Version: 11 - Corel Corporation)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
Creative WebCam Vista Plus (HKLM-x32\...\{880424A6-A592-11D7-8466-00D0B726B56E}) (Version:  - )
Crystal10 (HKLM-x32\...\{91FD3E1D-FE00-4ECB-8379-204704812A9D}) (Version: 1.0.0.0 - Cadence Design System)
Danley Direct (HKLM-x32\...\{02A1EF62-5DC5-4D37-A5DB-7BB43084BF1E}) (Version: 1.0.21 - Microsoft)
EASE 4.3 (HKLM-x32\...\{7BA1A360-647C-11D4-A0F9-00105ACC16E5}) (Version:  - )
EASE GLL Viewer (HKLM-x32\...\{795B8848-B5F6-4C71-8243-19A446A61A3A}) (Version: 1.01.11 - AFMG)
EASE SpeakerLab (HKLM-x32\...\{B052DFAB-10AF-48E5-9067-104C02959AE2}) (Version: 1.01.11 - AFMG)
EASETOOLS (HKLM-x32\...\{1C18C0A9-7282-4F00-A874-0FD9CE40A1E3}) (Version:  - )
EASEUS Data Recovery Wizard Professional 4.3.6 (HKLM-x32\...\{1965C9BB-9114-4A50-AEC7-E62414BB117B}) (Version: 4.3.6 - EASEUS)
Everyday Auto Backup 2.3 (HKLM-x32\...\Everyday Auto Backup_is1) (Version:  - LionMax Software)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Free Video Dub version 2.0.22.925 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.22.925 - DVDVideoSoft Ltd.)
Get Yahoo! Messenger (HKLM-x32\...\Get Yahoo! Messenger) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Half-Life (HKLM-x32\...\Half-Life) (Version:  - )
HI-TECH C51-lite V9.60PL0 (HKLM-x32\...\HC51 9.60PL0) (Version: 9.60 - HI-TECH Software)
HI-TECH PICC lite V9.60PL0 (HKLM-x32\...\PICC 9.60PL0) (Version: 9.60 - HI-TECH Software)
HOLMImpulse (HKLM\...\{97D1B7D2-4428-4B1A-B676-1C4AC877EC5B}) (Version: 01.04.0200 - HOLM Acoustics)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - )
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
IVI Shared Component (x32 Version: 1.4.0 - IVI Foundation Inc.) Hidden
IVI Shared Components (HKLM-x32\...\IviSharedComponent) (Version:  - )
Java Auto Updater (x32 Version: 2.0.2.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Magic ISO Maker v5.4 (build 0239) (HKLM-x32\...\Magic ISO Maker v5.4 (build 0239)) (Version:  - )
Mathcad 2001i Professional (HKLM-x32\...\InstallShield_{76C8A611-8059-44EB-8513-C86A6B3A9C5F}) (Version: 10.05.0000 - MathSoft)
Mathcad 2001i Professional (x32 Version: 10.05.0000 - MathSoft) Hidden
MBlaze UI (HKLM\...\ZTEWireless-101_is1) (Version:  - )
Micro-Cap 9.0 (HKLM-x32\...\Micro-Cap 9.0) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version:  - National Instruments)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NI AFW Channel Configuration Tool (x32 Version: 5.6.79.0 - National Instruments) Hidden
NI Assistant Framework (x32 Version: 5.6.232.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 6.1 (x32 Version: 3.0.350.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 7.0 (x32 Version: 3.0.350.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 7.1 (x32 Version: 3.0.350.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 8.0 (x32 Version: 3.0.350.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 8.2 (x32 Version: 3.0.350.0 - National Instruments) Hidden
NI Assistant Framework LabVIEW Code Generator 8.5 (x32 Version: 5.5.140.0 - National Instruments) Hidden
NI Certificates Deployment Support (x32 Version: 1.01.49153 - National Instruments) Hidden
NI Circuit Design Suite 11.0 Core (x32 Version: 11.0.278 - National Instruments) Hidden
NI Circuit Design Suite 11.0 Pro (x32 Version: 11.0.278 - National Instruments) Hidden
NI Circuit Design Suite 11.0 Pro Licenses (x32 Version: 11.0.278 - National Instruments) Hidden
NI EULA Depot (x32 Version: 2.71.128 - National Instruments) Hidden
NI Example Finder 9.0 (x32 Version: 9.0.136.0 - National Instruments) Hidden
NI Help Assistant (64bit) (Version: 1.0.10 - National Instruments) Hidden
NI Help Assistant (x32 Version: 1.0.10 - National Instruments) Hidden
NI IVI Class Drivers (x32 Version: 5.12.49168 - National Instruments) Hidden
NI IVI Class Simulation Drivers (x32 Version: 3.10.49152 - National Instruments) Hidden
NI IVI Compliance Package 3.1 (x32 Version: 3.10.49152 - National Instruments) Hidden
NI IVI Engine (x32 Version: 131.10.49152 - National Instruments) Hidden
NI IVI Online Help (x32 Version: 3.10.49152 - National Instruments) Hidden
NI LabVIEW Broker (x32 Version: 6.5.20.0 - National Instruments) Hidden
NI LabVIEW Real-Time Error Dialog (x32 Version: 8.5.294.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.2.74.0 - National Instruments) Hidden
NI LabVIEW Real-Time FIFO for Runtime (x32 Version: 8.5.264.0 - National Instruments) Hidden
NI LabVIEW Real-Time NBFifo (x32 Version: 8.6.348.0 - National Instruments) Hidden
NI LabVIEW Real-Time NBFifo (x32 Version: 9.0.222.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 2009 (x32 Version: 9.0.315.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 7.1.1 (x32 Version: 7.1.800 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.0.1 (x32 Version: 8.0.812.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.2.1 (x32 Version: 8.2.379.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.5 (x32 Version: 8.5.186.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine 8.6.1 (x32 Version: 8.6.426.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Interop 2009 (x32 Version: 9.0.78.0 - National Instruments) Hidden
NI LabVIEW Run-Time Engine Web Services (x32 Version: 9.0.197.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 (x32 Version: 2.5.236.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 Core (x32 Version: 2.5.237.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 Datatypes (x32 Version: 2.5.240.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 Licenses (x32 Version: 2.5.237.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 Steps (x32 Version: 2.5.238.0 - National Instruments) Hidden
NI LabVIEW SignalExpress 2.5.1 Tools (x32 Version: 2.5.236.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 8.6.41.0 - National Instruments) Hidden
NI LabVIEW Web Server for Run-Time Engine (x32 Version: 9.0.185.0 - National Instruments) Hidden
NI LabVIEW Web Services Runtime (x32 Version: 8.6.48.0 - National Instruments) Hidden
NI LabWindows/CVI 9.0.1 Run-Time Engine (x32 Version: 9.0.1376 - National Instruments) Hidden
NI LabWindows/CVI Code Generator (x32 Version: 8.1.10361 - National Instruments) Hidden
NI License Manager (x32 Version: 3.4.28 - National Instruments) Hidden
NI Logos 5.1 (x32 Version: 5.1.118.0 - National Instruments) Hidden
NI Logos XT Support (x32 Version: 5.1.66.0 - National Instruments) Hidden
NI Logos64 5.1 (Version: 5.1.71.0 - National Instruments) Hidden
NI Logos64 XT Support (Version: 5.1.63.0 - National Instruments) Hidden
NI LVBrokerAux 8.2.1 (x32 Version: 8.2.303.0 - National Instruments) Hidden
NI LVBrokerAux 8.5.0 (x32 Version: 8.5.183.0 - National Instruments) Hidden
NI LVBrokerAux71 (x32 Version: 1.0.113 - National Instruments) Hidden
NI LVBrokerAux8.0 (x32 Version: 8.3000.5.0 - National Instruments) Hidden
NI Math Kernel Libraries (64-bit) (Version: 1.0.14.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.28.0 - National Instruments) Hidden
NI Math Kernel Libraries (x32 Version: 1.0.861.0 - National Instruments) Hidden
NI MAX Help for 64 Bit Windows (Version: 4.3.03003 - National Instruments) Hidden
NI MDF Support (x32 Version: 2.71.128 - National Instruments) Hidden
NI Measurement & Automation Explorer 4.3 (x32 Version: 4.3.03003 - National Instruments) Hidden
NI Measurement Studio 8.1 Enterprise RunTime for VS2005 (x32 Version: 8.1.10378 - National Instruments) Hidden
NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0 (x32 Version: 8.1.10237 - National Instruments) Hidden
NI Measurement Studio Recipe Processor (x32 Version: 8.0.0101 - National Instruments) Hidden
NI MetaSuite Installer (x32 Version: 2.70.346 - National Instruments) Hidden
NI MXS (x32 Version: 4.3.03003 - National Instruments) Hidden
NI OPC Support (x32 Version: 8.2.78.0 - National Instruments) Hidden
NI Portable Configuration (x32 Version: 4.3.03003 - National Instruments) Hidden
NI Portable Configuration Help for 64 Bit Windows (Version: 4.3.03003 - National Instruments) Hidden
NI Registration Wizard (x32 Version: 1.2.71 - National Instruments) Hidden
NI Remote Provider for MAX (x32 Version: 4.3.03003 - National Instruments) Hidden
NI Remote PXI Provider for MAX (x32 Version: 4.3.03003 - National Instruments) Hidden
NI Service Locator (x32 Version: 9.0.260.0 - National Instruments) Hidden
NI Software Provider for MAX (x32 Version: 4.3.03003 - National Instruments) Hidden
NI TDMS (64-bit) (Version: 2.0.171.0 - National Instruments) Hidden
NI TDMS (x32 Version: 2.0.171.0 - National Instruments) Hidden
NI Trace Engine (64-bit) (Version: 9.0.128.0 - National Instruments) Hidden
NI Trace Engine (x32 Version: 9.0.146.0 - National Instruments) Hidden
NI Uninstaller (x32 Version: 2.71.128 - National Instruments) Hidden
NI Update Service 1.0 (x32 Version: 1.1.6.0 - National Instruments) Hidden
NI Update Service Extras 1.0 (x32 Version: 1.1.6.0 - National Instruments) Hidden
NI USI 1.7.0 (x32 Version: 1.7.03805 - National Instruments) Hidden
NI USI 1.7.0 64-Bit (Version: 1.7.03805 - National Instruments) Hidden
NI Variable Engine (x32 Version: 2.0.181.0 - National Instruments) Hidden
NI VC2005MSMs x64 (Version: 8.01.5 - National Instruments) Hidden
NI VC2005MSMs x86 (x32 Version: 8.01.5 - National Instruments) Hidden
NI VC2008MSMs x64 (Version: 9.0.100 - National Instruments) Hidden
NI VC2008MSMs x86 (x32 Version: 9.0.100 - National Instruments) Hidden
NI Web Pipeline 2.0.1 (x32 Version: 2.0.128.0 - National Instruments) Hidden
NI Web Pipeline 2.0.1 64-bit support (Version: 2.0.122.0 - National Instruments) Hidden
NI-DIM 1.7.0f0 (x32 Version: 1.70.49152 - National Instruments) Hidden
NI-DIM 1.7.0f0 for 64 Bit Windows (Version: 1.70.49152 - National Instruments) Hidden
NI-IVI Provider for MAX (x32 Version: 4.10.49152 - National Instruments) Hidden
NI-ORB 1.7.0f0 (x32 Version: 1.70.49152 - National Instruments) Hidden
NI-ORB 1.7.0f0 for 64 Bit Windows (Version: 1.70.49152 - National Instruments) Hidden
NI-PAL 2.1.0f1 (x32 Version: 10.20.49153 - National Instruments) Hidden
NI-PAL 2.1.0f1 for 64 Bit Windows (Version: 10.20.49153 - National Instruments) Hidden
NI-RPC 3.4.0f1 (x32 Version: 3.40.49153 - National Instruments) Hidden
NI-RPC 3.4.0f1 for Phar Lap ETS (x32 Version: 3.40.49153 - National Instruments) Hidden
NI-VISA Runtime 4.2 (x32 Version: 4.32.769 - National Instruments) Hidden
NI-VISA x64 support 4.2 (Version: 4.32.769 - National Instruments) Hidden
NVIDIA 3D Vision Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Control Panel 266.69 (Version: 266.69 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 266.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 266.69 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6669 - NVIDIA Corporation) Hidden
OrCAD 10.5 SP1 (HKLM-x32\...\{B765AD77-1CDD-4AD2-8EC1-4E0020837C66}) (Version: 10.5.1 - )
Photon Plus (HKLM-x32\...\Huawei Photon Plus) (Version: 21.005.22.23.628 - Huawei Technologies Co.,Ltd)
PI Expert Suite 9.0 (HKLM-x32\...\{DBCDE9D3-8B4F-4F8E-9102-E0F8826A60A9}) (Version: 9.0.3 - Power Integrations)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Release OrCAD 10.5 (HKLM-x32\...\{24D0A76F-34E1-43F7-B972-0608518CD2A7}) (Version: 10.5.0 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RoboMind version 3.0 (HKLM-x32\...\RoboMind_is1) (Version:  - )
Room EQ Wizard V5 (HKLM-x32\...\RoomEQWizardV5) (Version:  - John Mulcahy)
SIA Smaart Acoustic Tools v4.12 (HKLM-x32\...\SIA Smaart Acoustic Tools v4.12) (Version:  - )
SIA SmaartLive v5.2.0.1 (HKLM-x32\...\SIA SmaartLive v5.2.0.1) (Version:  - )
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Smaart 6.1.0.0 (HKLM-x32\...\Smaart 6_is1) (Version:  - LOUD Technologies, Inc.)
Soldier of Fortune II - Double Helix (HKLM-x32\...\Soldier of Fortune II - Double Helix) (Version: 1.0 - Activision, Inc.)
Sublime Text 2 Build 2181 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Subway Surfers (HKLM-x32\...\Subway Surfers1.0) (Version: 1.0 - Foxy Games)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tina 8 - Industrial (HKLM-x32\...\{F2545705-2BFA-479A-A075-09EC64A116F5}) (Version: 8.00.000 - DesignSoft)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 1.1.6.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 1.1.6.3 - TOSHIBA Corporation) Hidden
VBA (2627.01) (x32 Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VIPer Pack (HKLM-x32\...\ST6UNST #1) (Version:  - )
VLC media player 1.0.0-rc3 (HKLM-x32\...\VLC media player) (Version: 1.0.0-rc3 - VideoLAN Team)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Focusrite USB 2.0 Audio Driver (07/07/2011 15.32.4.883) (HKLM\...\F4B837225347AABC4F4DB6067C4D5642AF04B34C) (Version: 07/07/2011 15.32.4.883 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\AudioLotus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2012 - English\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\AudioLotus\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points  =========================

24-10-2014 07:30:27 Windows Update
24-10-2014 07:33:28 Device Driver Package Install: Focusrite Sound, video and game controllers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2013-12-20 10:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {104F35B5-C6CF-43DA-8EF4-D8EBD321F898} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000Core => C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {2A690ADA-CE07-4E47-A431-E24797C93142} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {37A26C58-CE35-4A8B-A1D0-CB7A15C01DB5} - System32\Tasks\AdobeAAMUpdater-1.0-AudioLotus-PC-AudioLotus => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {6139D314-98B7-4C9D-BF22-CBC04DF1A897} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000UA => C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28] (Google Inc.)
Task: {B3B41DDF-B9C8-4A66-A540-7EEB22F708BD} - System32\Tasks\{31D9521B-AD3A-4D1F-909A-7463095EC82E} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {DFEF2EEE-424C-46F0-B0F2-32B99D11CD67} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-04] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000Core.job => C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000UA.job => C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-20 17:44 - 2007-03-23 10:36 - 00022016 _____ () C:\Windows\System32\xrxs1l6.dll
2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2011-03-14 20:57 - 2011-03-14 20:57 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-10-21 19:30 - 2014-10-21 19:28 - 00655712 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\ouc.exe
2012-08-11 21:01 - 2011-12-25 16:25 - 00405504 _____ () C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe
2014-10-04 12:52 - 2014-10-04 12:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-23 22:19 - 2014-10-23 22:19 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll
2014-10-24 12:48 - 2014-10-24 12:48 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102400\algo.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-11 20:21 - 2012-08-07 15:41 - 00205824 _____ () C:\Program Files (x86)\Everyday Auto Backup\skin.cjstyles
2014-10-04 12:52 - 2014-10-04 12:52 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 00011362 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\mingwm10.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 00043008 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\libgcc_s_dw2-1.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 02415104 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\QtCore4.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 01148416 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\QtNetwork4.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 00835072 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\QueryStrategy.dll
2014-10-21 19:30 - 2014-10-21 19:28 - 00398336 _____ () C:\ProgramData\Photon Plus\Huawei\OnlineUpdate\QtXml4.dll
2014-09-23 15:13 - 2014-09-23 15:14 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-01-16 05:25 - 2011-01-16 05:25 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^AudioLotus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_04226165.lnk => C:\Windows\pss\_uninst_04226165.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NI Background Service => C:\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3796240357-639066704-744450083-500 - Administrator - Disabled)
AudioLotus (S-1-5-21-3796240357-639066704-744450083-1000 - Administrator - Enabled) => C:\Users\AudioLotus
Guest (S-1-5-21-3796240357-639066704-744450083-501 - Limited - Enabled)
Roshan SM (S-1-5-21-3796240357-639066704-744450083-1001 - Limited - Enabled) => C:\Users\Roshan SM

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2014 07:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13853

Error: (10/23/2014 07:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13853

Error: (10/23/2014 07:50:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/21/2014 09:06:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/20/2014 11:36:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (10/20/2014 11:36:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (10/20/2014 11:36:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/20/2014 11:33:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1170

Error: (10/20/2014 11:33:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1170

Error: (10/20/2014 11:33:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/24/2014 00:48:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Photon Plus. OUC service failed to start due to the following error:
%%1053

Error: (10/24/2014 00:48:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Photon Plus. OUC service to connect.

Error: (10/24/2014 00:47:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cvintdrv service failed to start due to the following error:
%%1275

Error: (10/24/2014 00:47:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2014 10:16:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Photon Plus. OUC service failed to start due to the following error:
%%1053

Error: (10/23/2014 10:16:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Photon Plus. OUC service to connect.

Error: (10/23/2014 10:16:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cvintdrv service failed to start due to the following error:
%%1275

Error: (10/23/2014 10:16:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\cvintdrv.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/23/2014 09:34:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Photon Plus. OUC service failed to start due to the following error:
%%1053

Error: (10/23/2014 09:34:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Photon Plus. OUC service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-05 20:11:33.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_2\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-08-05 20:11:33.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix_2\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:46.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:46.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:46.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:46.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:06.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:06.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:06.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-06-20 22:38:06.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 4077.86 MB
Available physical RAM: 2459.6 MB
Total Pagefile: 12076.04 MB
Available Pagefile: 10272.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive b: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: (Roshan-7) (Fixed) (Total:45.9 GB) (Free:15.19 GB) NTFS
Drive d: (Roshan-7) (Fixed) (Total:275 GB) (Free:222.8 GB) NTFS
Drive e: (Roshan-7) (Fixed) (Total:275.17 GB) (Free:180.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 61BF1968)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=275 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=275.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 24 October 2014 - 11:22 AM

Greetings Roshan and welcome.

I will provide instructions for attaching the file.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
GroupPolicyUsers\S-1-5-21-3796240357-639066704-744450083-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-10-24 13:39 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2014-10-24 13:39 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.012
2014-10-24 13:39 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2014-10-24 13:14 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2014-10-24 13:14 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2014-10-24 13:14 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
C:\Users\AudioLotus\AppData\Local\Temp\arctic-loop.exe
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached file
  • Fixlog
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 25 October 2014 - 02:52 AM

Hi again,

 

utorrent was installed quite recently (6~8 months) and I don't remember really using it.

It's useage is dormant as of now. I think I will leave it as is for now.

 

I remember the virus existed even before that and although I consulted some people, including Bleeping computer, it was not resolved. Most of them said that my computer was clean. This virus attacks randomly, and there is no way of telling when the next attack is.

I noticed that after installing MS Security essentials it's eruption has reduced quite a bit. But still is present.

 

Summay.zip attached

 

Should I run the other tests as suggested by you.

Thx.

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 25 October 2014 - 02:12 PM

No problem, just a warning about Peer 2 Peer. Yes, please run the other steps and post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 28 October 2014 - 05:20 AM

Hi, I am travelling now and don' have access to the comp.

However, I will have a friend run the tests and post by tomorrow.

 

Cheers!


Edited by rt60man, 28 October 2014 - 05:26 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 28 October 2014 - 10:08 AM

Thanks for touching base, I appreciate the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 30 October 2014 - 07:51 AM

Hi,

 

The tests were run and below are the logs.

The system seems to work as usual. Nothing unusual has been noticed after the tests

However, whether the malware was rooted out, only you know better.

I will have it monitored for sometime and let you know.

Have we further instructions.

 

FYI, combofix asked to disable microsoft security essentials before running

 

Also,  I noticed you mentioned some "attached file" that you would like to see.

Which attached file?

 

Cheers!

 

 

 

The contents of Fixlog.txt...

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014
Ran by AudioLotus at 2014-10-30 12:05:31 Run:1
Running from C:\Users\AudioLotus\Desktop
Loaded Profile: AudioLotus (Available profiles: AudioLotus & Roshan SM)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-3796240357-639066704-744450083-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
S3 catchme; \??\C:\ComboFix_2\catchme.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-10-24 13:39 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2014-10-24 13:39 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.012
2014-10-24 13:39 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2014-10-24 13:14 - 1999-03-18 13:44 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2014-10-24 13:14 - 1999-01-05 00:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2014-10-24 13:14 - 1998-12-18 14:17 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
C:\Users\AudioLotus\AppData\Local\Temp\arctic-loop.exe
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3796240357-639066704-744450083-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
catchme => Service deleted successfully.
hwusbdev => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\SysWOW64\temp.011 => Moved successfully.
C:\Windows\SysWOW64\temp.012 => Moved successfully.
C:\Windows\SysWOW64\temp.010 => Moved successfully.
C:\Windows\SysWOW64\temp.00F => Moved successfully.
C:\Windows\SysWOW64\temp.00E => Moved successfully.
C:\Windows\SysWOW64\temp.00D => Moved successfully.
C:\Users\AudioLotus\AppData\Local\Temp\arctic-loop.exe => Moved successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}" => Key deleted successfully.
"HKU\S-1-5-21-3796240357-639066704-744450083-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

The combofix log....

 

 

ComboFix 14-10-29.01 - AudioLotus 10/30/2014  12:52:44.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4078.2401 [GMT 5.5:30]
Running from: c:\users\AudioLotus\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-30  )))))))))))))))))))))))))))))))
.
.
2014-10-30 07:32 . 2014-10-30 07:32 -------- d-----w- c:\users\Roshan SM\AppData\Local\temp
2014-10-30 07:32 . 2014-10-30 07:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-30 07:32 . 2014-10-30 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-30 07:00 . 2014-10-30 07:00 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{616D6126-FCCF-420A-BF3D-E240CE02117B}\offreg.dll
2014-10-30 06:52 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{616D6126-FCCF-420A-BF3D-E240CE02117B}\mpengine.dll
2014-10-29 06:29 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-24 08:09 . 2014-10-30 06:35 -------- d-----w- C:\FRST
2014-10-24 08:08 . 2014-10-24 08:09 -------- d-----w- c:\program files (x86)\SIA-Smaart Acoustic Tools
2014-10-24 07:33 . 2013-09-25 09:10 127280 ----a-w- c:\windows\system32\drivers\ffusb2audio.sys
2014-10-21 13:57 . 2014-10-21 13:57 -------- d-----w- c:\program files (x86)\Photon Plus
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\users\AudioLotus\AppData\Local\Skype
2014-10-12 15:52 . 2014-10-13 15:34 -------- d-----w- c:\users\AudioLotus\AppData\Roaming\Skype
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-12 15:52 . 2014-10-12 15:55 -------- d-----r- c:\program files (x86)\Skype
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\programdata\Skype
2014-10-10 06:41 . 2014-10-10 06:41 -------- d-----w- c:\users\Roshan SM\AppData\Local\Diagnostics
2014-10-10 06:25 . 2014-10-10 06:25 -------- d-----w- c:\users\Roshan SM\AppData\Roaming\AVAST Software
2014-10-05 06:40 . 2014-10-05 06:40 -------- d-----w- c:\users\AudioLotus\AppData\Roaming\AVAST Software
2014-10-04 07:22 . 2014-10-04 07:22 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-04 07:22 . 2014-10-04 07:22 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-04 07:22 . 2014-10-04 07:22 43152 ----a-w- c:\windows\avastSS.scr
2014-10-04 07:08 . 2014-10-04 07:22 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-04 07:08 . 2014-10-04 07:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-02 08:08 . 2014-09-17 06:00 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92B62924-6380-4D75-9FB0-F1DEDA1D4CAB}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-24 07:30 . 2012-06-16 13:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 07:30 . 2012-06-16 13:12 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-10 06:30 . 2014-03-18 17:19 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-04 07:22 . 2014-03-18 17:19 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-04 07:22 . 2014-03-18 17:19 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-04 07:22 . 2014-03-18 17:19 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-04 07:22 . 2014-03-18 17:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-22 06:42 . 2012-03-28 07:36 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 06:00 . 2014-03-20 06:36 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
1998-10-30 17:51 . 2014-05-17 08:03 30240 ----a-w- c:\program files (x86)\SETUP.EXE
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everyday Auto Backup"="c:\program files (x86)\Everyday Auto Backup\AutoBackup.exe" [2013-02-21 245760]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-07-14 3405208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-16 2475384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-10 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Photon Plus. RunOuc;Photon Plus. OUC;c:\program files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe;c:\program files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys;c:\windows\SYSNATIVE\drivers\nidimkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys;c:\windows\SYSNATIVE\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys;c:\windows\SYSNATIVE\drivers\nipalusbedl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys;c:\windows\SYSNATIVE\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys;c:\windows\SYSNATIVE\drivers\NiViPciKl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys;c:\windows\SYSNATIVE\drivers\nipbcfk.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys;c:\windows\SYSNATIVE\drivers\NiViPxiKl.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000Core.job
- c:\users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 09:38]
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000UA.job
- c:\users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-04 07:22 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\AudioLotus\AppData\Roaming\Mozilla\Firefox\Profiles\y2eurea4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - ExtSQL: !HIDDEN! 2012-10-01 09:14; mozilla_cc@internetdownloadmanager.com; c:\users\AudioLotus\AppData\Roaming\IDM\idmmzcc5
.
.
------- File Associations -------
.
.scr=Icad.load.scr
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{466fd106-6f7c-4d41-a955-c8676928616d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000067
"Therad"=dword:00000018
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f5,e2,78,a1,d0,08,6b,86,05,05,1a,37,fd,8c,20,b2,4d,25,aa,36,8e,
   01,f7,e8,55,95,2c,93,82,01,97,7a,6a,b6,1a,09,90,df,6d,4d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-30  13:06:00
ComboFix-quarantined-files.txt  2014-10-30 07:35
ComboFix2.txt  2013-12-20 04:46
.
Pre-Run: 15,365,558,272 bytes free
Post-Run: 15,420,940,288 bytes free
.
- - End Of File - - CE737C358F6C92E6B8DF4EA6CE0AA195
A36C5E4F47E84449FF07ED3517B43A31

Edited by rt60man, 30 October 2014 - 08:10 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 30 October 2014 - 08:12 AM

Greetings Roshan,

That attached file has been taken care of already (msinfo32).

Things are looking a lot better but there are a few things I would still like to do.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
Driver::
aswRvrt
aswVmm
FileLook::
c:\program files (x86)\SETUP.EXE
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 rt60man

rt60man
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:03:58 PM

Posted 01 November 2014 - 09:11 AM

Hi Gary,

 

The combofix log...

 

ComboFix 14-10-29.01 - AudioLotus 11/01/2014  13:22:36.5.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4078.2234 [GMT 5.5:30]
Running from: c:\users\AudioLotus\Desktop\ComboFix.exe
Command switches used :: c:\users\AudioLotus\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWRVRT
-------\Legacy_ASWVMM
-------\Service_aswRvrt
-------\Service_aswVmm
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-01 to 2014-11-01  )))))))))))))))))))))))))))))))
.
.
2014-11-01 08:03 . 2014-11-01 08:03 -------- d-----w- c:\users\Roshan SM\AppData\Local\temp
2014-11-01 08:03 . 2014-11-01 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-01 08:03 . 2014-11-01 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-01 07:50 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C961CF83-1BB6-4E4B-8A84-0B0327A869DF}\mpengine.dll
2014-10-30 08:03 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-24 08:09 . 2014-10-30 06:35 -------- d-----w- C:\FRST
2014-10-24 08:08 . 2014-10-24 08:09 -------- d-----w- c:\program files (x86)\SIA-Smaart Acoustic Tools
2014-10-24 07:33 . 2013-09-25 09:10 127280 ----a-w- c:\windows\system32\drivers\ffusb2audio.sys
2014-10-21 13:57 . 2014-10-21 13:57 -------- d-----w- c:\program files (x86)\Photon Plus
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\users\AudioLotus\AppData\Local\Skype
2014-10-12 15:52 . 2014-10-13 15:34 -------- d-----w- c:\users\AudioLotus\AppData\Roaming\Skype
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-12 15:52 . 2014-10-12 15:55 -------- d-----r- c:\program files (x86)\Skype
2014-10-12 15:52 . 2014-10-12 15:52 -------- d-----w- c:\programdata\Skype
2014-10-10 06:41 . 2014-10-10 06:41 -------- d-----w- c:\users\Roshan SM\AppData\Local\Diagnostics
2014-10-10 06:25 . 2014-10-10 06:25 -------- d-----w- c:\users\Roshan SM\AppData\Roaming\AVAST Software
2014-10-05 06:40 . 2014-10-05 06:40 -------- d-----w- c:\users\AudioLotus\AppData\Roaming\AVAST Software
2014-10-04 07:22 . 2014-10-04 07:22 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-04 07:22 . 2014-10-04 07:22 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-04 07:22 . 2014-10-04 07:22 43152 ----a-w- c:\windows\avastSS.scr
2014-10-04 07:08 . 2014-10-04 07:22 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-04 07:08 . 2014-10-04 07:22 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-02 08:08 . 2014-09-17 06:00 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92B62924-6380-4D75-9FB0-F1DEDA1D4CAB}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2012-03-28 07:36 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-24 07:30 . 2012-06-16 13:12 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-24 07:30 . 2012-06-16 13:12 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-10 06:30 . 2014-03-18 17:19 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-04 07:22 . 2014-03-18 17:19 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-04 07:22 . 2014-03-18 17:19 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-04 07:22 . 2014-03-18 17:19 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-04 07:22 . 2014-03-18 17:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-17 06:00 . 2014-03-20 06:36 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
1998-10-30 17:51 . 2014-05-17 08:03 30240 ----a-w- c:\program files (x86)\SETUP.EXE
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files (x86)\SETUP.EXE ---
Company: 
File Description: SETUP Redirector
File Version: 5, 0, 0, 0
Product Name: SETUP Redirector
Copyright: Copyright Sierra On-Line© 1997
Original Filename: SETUP.EXE
File size: 30240
Created time: 2014-05-17 08:03
Modified time: 1998-10-30 17:51
MD5: B5B4D41D09147A5B8495BF59FCB198F4
SHA1: BE9A230C9BC4120258BF7FFE6C82D795290986D0
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everyday Auto Backup"="c:\program files (x86)\Everyday Auto Backup\AutoBackup.exe" [2013-02-21 245760]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-07-14 3405208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2011-01-16 2475384]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-10 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Photon Plus. RunOuc;Photon Plus. OUC;c:\program files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe;c:\program files (x86)\Photon Plus\Huawei\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys;c:\windows\SYSNATIVE\drivers\nidimkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys;c:\windows\SYSNATIVE\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys;c:\windows\SYSNATIVE\drivers\nipalusbedl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys;c:\windows\SYSNATIVE\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys;c:\windows\SYSNATIVE\drivers\NiViPciKl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys;c:\windows\SYSNATIVE\drivers\nipbcfk.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys;c:\windows\SYSNATIVE\drivers\NiViPxiKl.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe;c:\program files\MBlaze UI\bin\MonServiceUDisk.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000Core.job
- c:\users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 09:38]
.
2014-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796240357-639066704-744450083-1000UA.job
- c:\users\AudioLotus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-28 09:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-04 07:22 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\AudioLotus\AppData\Roaming\Mozilla\Firefox\Profiles\y2eurea4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
FF - ExtSQL: !HIDDEN! 2012-10-01 09:14; mozilla_cc@internetdownloadmanager.com; c:\users\AudioLotus\AppData\Roaming\IDM\idmmzcc5
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{466fd106-6f7c-4d41-a955-c8676928616d}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000067
"Therad"=dword:00000018
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f5,e2,78,a1,d0,08,6b,86,05,05,1a,37,fd,8c,20,b2,4d,25,aa,36,8e,
   01,f7,e8,55,95,2c,93,82,01,97,7a,6a,b6,1a,09,90,df,6d,4d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\programdata\Photon Plus\Huawei\OnlineUpdate\ouc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-11-01  13:41:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-01 08:11
ComboFix2.txt  2014-10-30 07:36
ComboFix3.txt  2013-12-20 04:46
.
Pre-Run: 16,189,689,856 bytes free
Post-Run: 15,867,301,888 bytes free
.
- - End Of File - - D5ED7BDFCD1B14A8A2003849F2711DFC
A36C5E4F47E84449FF07ED3517B43A31


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 01 November 2014 - 10:52 AM

Thank you Roshan,

Please run this now.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
File::
c:\program files (x86)\SETUP.EXE
RegLockDel::
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{466fd106-6f7c-4d41-a955-c8676928616d}]
[HKEY_USERS\S-1-5-21-3796240357-639066704-744450083-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
ClearJavaCache::
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users