Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hearing browser loading sounds, possible keylogger


  • This topic is locked This topic is locked
15 replies to this topic

#1 Dlance

Dlance

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 29 October 2014 - 07:52 AM

Hi there,

 

I have been hearing some browser loading sounds and I suspect that I may also been keylogged. Awaiting further instructions. 
Help much appreciated,

 

Thien.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:09 AM

Posted 03 November 2014 - 07:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553813 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:09 AM

Posted 06 November 2014 - 10:18 AM

:welcome:

 

Sorry for the delay but most times we just get swamped

 

Do you still  need help or have you resolved your issue ?


Edited by ken545, 06 November 2014 - 10:18 AM.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 Dlance

Dlance
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 06 November 2014 - 10:55 PM

Hi Ken545,

 

No worries, thank you for your reply. I still need your help as the problem still persists.



#5 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:09 AM

Posted 07 November 2014 - 06:44 AM

Hi,

 

uProxyServer = hxxp=localhost:8118  <-- Did you set and use this proxy ??

 

Lets run some different scanners that may show us more then the other logs do

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Do not check
*List BCD
*Drivers MD5
*Shortcut txt
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#6 Dlance

Dlance
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 09 November 2014 - 11:15 AM

Hi, 

 

Yes, I did set that proxy but no longer use it anymore.

I am having trouble trying to get aswMBR to complete its scan; it stays paused on a desktop application.

I have attached the files nevertheless.

 

Thanks.

 

aswMBR completed just fine and looks good

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014
Ran by Thien (administrator) on THIEN-PC on 10-11-2014 02:12:09
Running from C:\Users\Thien\Desktop
Loaded Profile: Thien (Available profiles: Thien)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(www.nzbdrone.com) C:\ProgramData\NzbDrone\bin\NzbDrone.Console.exe
() C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Flux Software LLC) C:\Users\Thien\AppData\Local\FluxSoftware\Flux\flux.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Spotify Ltd) C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Thien\AppData\Roaming\Spotify\spotify.exe
() H:\Usenet\NZBMegasearcH\mega2.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Thien\Desktop\aswMBR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-18] (DT Soft Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [F.lux] => C:\Users\Thien\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [288560 2013-11-26] (BitTorrent, Inc.)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [TorrentStream] => C:\Users\Thien\AppData\Roaming\TorrentStream\engine\tsengine.exe [27904 2014-04-25] ()
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [Spotify Web Helper] => C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [Spotify] => C:\Users\Thien\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {61f68c1b-3a1c-11e4-a660-bc5ff444d89c} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {90f0f24a-e118-11e1-a985-806e6f6e6963} - E:\ASRSetup.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {91ecaffb-9f64-11e3-bb2b-bc5ff444d89c} - G:\setup_QuickStart.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {91ecaffe-9f64-11e3-bb2b-bc5ff444d89c} - G:\setup_QuickStart.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {a646846e-e46e-11e1-bdc4-bc5ff444d89c} - F:\setup.exe
Startup: C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mega2.exe - Shortcut.lnk
ShortcutTarget: mega2.exe - Shortcut.lnk -> H:\Usenet\NZBMegasearcH\mega2.exe ()
Startup: C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.exe - Shortcut.lnk
ShortcutTarget: SABnzbd.exe - Shortcut.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=localhost:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDAAE5E290299CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{981C8EC2-986D-4006-8B9A-922CC31264D5}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default
FF NetworkProxy: "backup.ftp", "212.144.254.122"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "212.144.254.122"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "212.144.254.122"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.8.6 -> C:\Users\Thien\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Edit Cookies - C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2013-02-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2012-08-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/"
CHR Profile: C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2013-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-15]
CHR Extension: (Google Search) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-15]
CHR Extension: (Reddit Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcomccnnochpjdakpakbieihbglblcn [2013-06-24]
CHR Extension: (Tampermonkey) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2012-10-15]
CHR Extension: (MightyText - SMS Text Messaging ⟷ Computer) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-10-26]
CHR Extension: (Collusion for Chrome) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2013-03-18]
CHR Extension: (AdBlock) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-15]
CHR Extension: (Hola Better Internet) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-10]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-06-24]
CHR Extension: (Hover Free) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2013-06-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2013-07-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-12]
CHR Extension: (Allow Right-Click) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-07-16]
CHR Extension: (Digital Clock Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikimcdcgajipgcoehakmgloecbaacmoj [2013-06-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-10-28]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-04-20]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-01-21]
CHR Extension: (Awesome New Tab Page) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-06-24]
CHR Extension: (Ghostery) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-08]
CHR Extension: (Instant Bet365) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfpohmkceigafhgkadhhifpojjmfbcl [2012-11-18]
CHR Extension: (Google Wallet) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (SABconnect++) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2012-08-10]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-08-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-06] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [23552 2014-10-31] (www.nzbdrone.com) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Vodafone Mobile Broadband QuickStart; C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe [229216 2011-12-21] ()
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [303360 2011-12-07] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
S3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-12] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 VMHybrid64; C:\Windows\System32\DRIVERS\VMHybr64.sys [1403648 2011-05-06] (Compro Technology, Inc.)
S3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation                           )
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-11-09] ()
U3 afdrbzhm; C:\Windows\System32\Drivers\afdrbzhm.sys [0 ] (Intel Corporation)
R3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U3 aswMBR; \??\C:\Users\Thien\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Thien\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 02:12 - 2014-11-10 02:12 - 00034477 _____ () C:\Users\Thien\Desktop\FRST.txt
2014-11-10 02:11 - 2014-11-10 02:11 - 02115584 _____ (Farbar) C:\Users\Thien\Desktop\FRST64.exe
2014-11-10 02:11 - 2014-11-10 02:11 - 00002564 _____ () C:\Users\Thien\Desktop\aswMBR.txt
2014-11-10 02:11 - 2014-11-10 02:11 - 00000512 _____ () C:\Users\Thien\Desktop\MBR.dat
2014-11-10 01:05 - 2014-11-10 01:05 - 00000182 _____ () C:\Users\Thien\Desktop\Population Health.txt
2014-11-09 14:22 - 2014-11-09 14:22 - 1247728326 _____ () C:\Windows\MEMORY.DMP
2014-11-09 14:22 - 2014-11-09 14:22 - 00003026 _____ () C:\Windows\System32\Tasks\asrRd
2014-11-09 13:53 - 2014-11-09 13:53 - 00275008 _____ () C:\Windows\Minidump\110914-8595-01.dmp
2014-11-08 02:51 - 2014-11-08 02:52 - 20662412 _____ () C:\Users\Thien\Desktop\genie15g_setup_15.1.1_b504.zip
2014-11-07 22:08 - 2014-11-07 22:10 - 05194752 _____ (AVAST Software) C:\Users\Thien\Desktop\aswMBR.exe
2014-11-05 04:08 - 2014-11-05 04:08 - 00000300 _____ () C:\Users\Thien\Desktop\coaches.txt
2014-10-31 02:17 - 2014-11-08 03:19 - 00000696 _____ () C:\Users\Public\Desktop\FM Genie Scout 15g.lnk
2014-10-31 02:17 - 2014-11-08 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 15g
2014-10-31 02:17 - 2014-11-08 03:19 - 00000000 ____D () C:\FM Genie Scout 15g
2014-10-29 22:36 - 2014-10-29 22:36 - 00011963 _____ () C:\Users\Thien\Desktop\attach.txt
2014-10-28 19:36 - 2014-10-28 19:36 - 00000000 ____D () C:\Users\Thien\Desktop\Injustice - Gods Among Us
2014-10-26 22:00 - 2014-11-10 01:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 22:00 - 2014-10-26 22:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 22:00 - 2014-10-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 22:00 - 2014-10-26 22:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 22:00 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 22:00 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 22:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 21:56 - 2014-11-10 02:12 - 00000000 ____D () C:\FRST
2014-10-26 21:50 - 2014-10-26 21:50 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-26 21:50 - 2014-10-26 21:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-26 21:42 - 2014-10-26 21:48 - 19114072 _____ () C:\Users\Thien\Desktop\RogueKillerX64.exe
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Binarysense
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\Program Files (x86)\BinarySense
2014-10-25 21:23 - 2014-10-25 21:23 - 00000222 _____ () C:\Users\Thien\Desktop\Football Manager 2015.url
2014-10-22 16:37 - 2014-10-22 16:37 - 00000000 ____D () C:\Users\Thien\AppData\Local\ESET
2014-10-15 23:40 - 2014-10-15 23:40 - 00000949 _____ () C:\Users\Thien\Desktop\Middle Earth - Shadow of Mordor.lnk
2014-10-15 23:40 - 2014-10-15 23:40 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Middle Earth - Shadow of Mordor
2014-10-15 23:40 - 2014-10-15 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-10-15 22:54 - 2014-10-19 16:29 - 00001172 _____ () C:\Users\Thien\Desktop\Ryse Son of Rome.lnk
2014-10-13 19:18 - 2014-10-13 19:18 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-13 19:17 - 2014-10-13 19:19 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-10-13 19:17 - 2014-10-13 19:19 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-10-13 19:17 - 2014-10-13 19:19 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-10-13 18:39 - 2014-10-13 18:39 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Nitro
2014-10-13 18:38 - 2014-10-13 18:45 - 00000000 ____D () C:\Program Files\Nitro
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Nitro PDF
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Downloaded Installations
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\ProgramData\Nitro
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-13 18:24 - 2014-10-15 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ryse Son of Rome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 01:59 - 2014-06-30 22:04 - 00000000 ____D () C:\ProgramData\NzbDrone
2014-11-10 01:49 - 2012-10-23 12:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 01:24 - 2012-10-15 21:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 01:22 - 2013-11-25 01:35 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-11-09 23:32 - 2014-10-04 21:51 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Spotify
2014-11-09 23:24 - 2012-10-15 21:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 21:26 - 2013-03-08 02:31 - 01940068 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 14:34 - 2012-08-08 15:25 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-11-09 14:28 - 2009-07-14 15:13 - 00784440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 14:27 - 2009-07-14 14:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 14:27 - 2009-07-14 14:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 14:22 - 2014-09-27 13:28 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-11-09 14:22 - 2014-09-22 08:31 - 00005169 _____ () C:\Windows\setupact.log
2014-11-09 14:22 - 2014-09-22 08:30 - 00024230 _____ () C:\Windows\PFRO.log
2014-11-09 14:22 - 2014-09-07 14:48 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-11-09 14:22 - 2013-12-25 01:36 - 00003490 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-09 14:22 - 2013-01-15 21:34 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-09 14:22 - 2012-09-23 16:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-09 14:22 - 2012-08-08 22:01 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\uTorrent
2014-11-09 14:22 - 2012-08-08 15:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-11-09 14:22 - 2012-08-08 15:25 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-09 14:22 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 13:54 - 2014-10-04 21:53 - 00000000 ____D () C:\Users\Thien\AppData\Local\Spotify
2014-11-09 03:39 - 2012-08-16 00:57 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Skype
2014-11-08 23:50 - 2012-08-08 18:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-08 22:53 - 2014-09-14 00:13 - 00000000 ____D () C:\TorrentStream
2014-11-08 01:34 - 2014-05-28 14:17 - 00000000 ____D () C:\Users\Thien\AppData\Local\QuickPar
2014-11-07 22:05 - 2012-08-09 13:40 - 00000000 ____D () C:\Users\Thien\AppData\Local\CrashDumps
2014-11-06 15:26 - 2012-11-05 00:25 - 00000000 ____D () C:\Users\Thien\Desktop\Receipts
2014-11-02 23:38 - 2014-09-14 00:12 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\.Torrent Stream
2014-11-01 14:23 - 2014-03-24 20:51 - 00008845 _____ () C:\Users\Thien\Desktop\Receipts.xlsx
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Thien\Documents\Sports Interactive
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Thien\AppData\Local\Sports Interactive
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-10-30 18:38 - 2013-05-27 16:59 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\vlc
2014-10-28 08:31 - 2009-07-14 14:45 - 00450280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-27 18:01 - 2012-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 01:47 - 2013-12-31 02:31 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-26 21:50 - 2012-08-09 13:41 - 00000000 ____D () C:\ProgramData\ABBYY
2014-10-26 21:49 - 2012-08-08 15:23 - 00116624 _____ () C:\Users\Thien\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-26 03:26 - 2012-08-08 15:28 - 00000000 ____D () C:\ProgramData\Temp
2014-10-25 21:23 - 2012-08-08 18:44 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-24 18:00 - 2013-07-07 00:05 - 00000000 ____D () C:\Users\Thien\Documents\Outlook Files
2014-10-23 20:54 - 2013-02-15 22:13 - 00000000 ____D () C:\Users\Thien\Desktop\Articles
2014-10-22 19:15 - 2014-03-05 19:26 - 00000000 ____D () C:\Users\Thien\Desktop\Texts
2014-10-18 23:19 - 2012-10-15 21:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 23:19 - 2012-10-15 21:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 12:11 - 2014-05-16 19:58 - 00000000 ____D () C:\Users\Thien\Desktop\Dental Schools
2014-10-14 08:33 - 2012-08-08 17:46 - 00000000 ____D () C:\Users\Thien\AppData\Local\Adobe
2014-10-13 19:19 - 2012-08-08 15:27 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Adobe
2014-10-13 19:18 - 2012-08-08 15:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-13 19:17 - 2012-08-08 15:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-13 18:45 - 2013-09-24 17:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 03:12 - 2009-07-14 15:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
Files to move or delete:
====================
C:\Users\Thien\jagex_cl_loginapplet_LIVE.dat
C:\Users\Thien\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Thien\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Thien\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thien\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 20:48
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014
Ran by Thien at 2014-11-10 02:12:29
Running from C:\Users\Thien\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.4 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.07 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{EE0B4480-194D-C725-EDF8-6CE3FC4DDC89}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASCII BlackBox Launcher version 1 (HKLM-x32\...\{3648CD52-8415-48BE-A052-147BFE7D1D48}_is1) (Version: 1 - Black Box)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.185 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
Assassins Creed (HKLM-x32\...\Assassins Creed_is1) (Version: 1.0.0.1 - VEBMAX)
Assassins Creed Brotherhood (HKLM-x32\...\Assassins Creed Brotherhood_is1) (Version: 1.0.0.1 - VEBMAX)
Assassins Creed II (HKLM-x32\...\Assassins Creed II_is1) (Version: 1.0.0.1 - VEBMAX)
Assassins Creed III (HKLM-x32\...\Assassins Creed III_is1) (Version: 1.0.0.1 - VEBMAX)
Assassins Creed IV Black Flag Freedom Cry (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Batman Arkham Origins (HKLM-x32\...\QmF0bWFuQXJraGFtT3JpZ2lucw==_is1) (Version: 1 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 3.28 - Piriform)
CDisplayEx 1.9.9 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)
Combined Community Codec Pack 2013-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.04.20.0 - CCCP Project)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 2 - Your Mom)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
EndNote_X7.0.2_X64_R01_copy (x32 Version: 1.0.0 - Thomson Reuters) Hidden
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
eTG complete July 2013 (HKLM-x32\...\eTG complete_is1) (Version:  - Therapeutic Guidelines)
f.lux (HKCU\...\Flux) (Version:  - )
FM Genie Scout 14g version 1.1 14.2.1 (HKLM-x32\...\FM Genie Scout 14g_is1) (Version: 1.1 14.2.1 - )
FM Genie Scout 15g version 1.0 15.1.1 beta 3 (HKLM-x32\...\FM Genie Scout 15g_is1) (Version: 1.0 15.1.1 beta 3 - )
FMRTE 13.3.3.62 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.3.3.62 - Raul Bravo)
FMRTE 14.1.3.7 (HKLM\...\{067E314C-0505-406F-ABF5-AC601646E8B4}_is1) (Version: 14.1.3.7 - Raul Bravo)
Football Manager 2013 (HKLM-x32\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version:  - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Garry)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar)
GTA IV: San Andreas (HKLM-x32\...\{2B856A04-CE27-4B9C-B326-384B6FED4291}) (Version: 0.5.4.0 - GTA IV: San Andreas Mod Team)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Livestreamer 1.7.0 (HKLM-x32\...\Livestreamer) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Center Master (HKLM-x32\...\Media Center Master_is1) (Version: 2.09.35513.691 - Media Center Master, Inc.)
Media Player Codec Pack 4.2.9 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.2.9 - Media Player Codec Pack)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle Earth - Shadow of Mordor (HKLM-x32\...\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
mIRC (HKLM-x32\...\mIRC) (Version: 7.29 - mIRC Co. Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
My Game Long Name (HKLM\...\UDK-8a5c647d-b7cd-49a3-b6e6-4856e96336d1) (Version:  - Epic Games, Inc.)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
NETGEAR WNA3100M N300 Wireless USB Adapter (HKLM-x32\...\{D3580358-0F78-402A-BE53-2E9D06383E04}) (Version: 1.0.0.10 - NETGEAR)
Network Guide EPSON WorkForce 845 Series (HKLM-x32\...\EPSON WorkForce 845 Series Netg) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Ryse Son of Rome (HKLM-x32\...\Ryse Son of Rome_is1) (Version:  - )
SABnzbd 0.7.16 (HKLM-x32\...\SABnzbd) (Version: 0.7.16 - The SABnzbd Team)
Saints Row IV (HKLM-x32\...\Saints  RowIV_is1) (Version: 1.0.5.0 - )
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - )
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SSDlife Pro (HKLM-x32\...\{6F104B6D-535A-4D27-9A11-8525368AEB1F}) (Version: 2.5.82 - BinarySense Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
The Stomping Land (HKLM-x32\...\Steam App 263440) (Version:  - SuperCrit)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead Season 2 (HKLM-x32\...\The Walking Dead Season 2_is1) (Version:  - )
The Walking Dead Season 2 EP 2 (HKLM-x32\...\The Walking Dead Season 2 EP 2_is1) (Version:  - )
The Walking Dead: Season 2 Episode 3 (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1) (Version: 1 - )
The Wolf Among Us (HKLM-x32\...\VGhlV29sZkFtb25nVXM=_is1) (Version: 1 - )
The Wolf Among Us Episode 2 (HKLM-x32\...\The Wolf Among Us Episode 2_is1) (Version:  - CODEX)
The Wolf Among Us Episode 3 (HKLM-x32\...\The Wolf Among Us Episode 3_is1) (Version:  - )
The Wolf Among Us Episode 4 (HKLM-x32\...\The Wolf Among Us Episode 4_is1) (Version:  - )
The Wolf Among Us Episode 5 (HKLM-x32\...\The Wolf Among Us Episode 5_is1) (Version:  - )
theRenamer 7.66 (HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version:  - theRenamer)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
TikiOne Steam Cleaner (HKLM-x32\...\TikiOneSteamCleaner) (Version:  - Jonathan Lermitage)
Tombraider (HKLM-x32\...\Tombraider_is1) (Version:  - )
Torrent Stream 2.0.8.6 (HKCU\...\TorrentStream) (Version: 2.0.8.6 - Torrent Stream)
Twitch V2.2 (HKLM-x32\...\{4CFA1CCC-7D9F-420A-896B-7D223E733E49}) (Version: 2.2.0 - University of Strathclyde)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
User's Guide EPSON WorkForce 845 Series (HKLM-x32\...\EPSON WorkForce 845 Series Useg) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version:  - )
Windows Media Player Plus! 2.5 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.5 - BM-productions)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WMPKeys (HKLM-x32\...\{5D4B3647-9842-4875-B081-EF8D98C02865}) (Version: 1.2.0.0 - lazymf and kbept)
WordWeb (HKLM-x32\...\WordWeb) (Version: 6 - WordWeb Software)
XBMC (HKCU\...\XBMC) (Version:  - Team XBMC)
XBMCCustomregis 2.60.12 (HKLM-x32\...\XBMCCustomregis) (Version: 2.60.12 - Elitegamer360)
XML Marker version 2.2 (HKLM-x32\...\{C47C1D8C-417A-4DE9-B8AE-C9D4A8B7BE79}_is1) (Version: 2.2 - Symbol Click Software)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-07-08 03:37 - 2014-10-26 22:04 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0409DE44-EC9A-46BF-B907-C38F85B5F18E} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {0AE033D7-6090-4A30-825C-A1B4E1260B84} - System32\Tasks\AsrXTU => C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe [2012-02-29] ()
Task: {34B34DE6-7F16-4787-8F99-A05FC56B204E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {48505E15-1116-4D87-A27C-82EEEE4F2E1D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {592C4665-06F1-4433-899F-8AD86BBB2AF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6B624A73-2620-4C0E-B121-F3A6D25B3CE8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-03-12] ()
Task: {8645717C-181B-43FE-8C98-1D17772FCE17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {962418B3-0EAD-4EE6-9E2F-1AE644BAE6FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A130F54A-E16C-43BE-A6C3-A3C6B1A2A0BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-26] (Piriform Ltd)
Task: {A19D75E6-4019-4B00-BFB2-1967CDC9ECA6} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {AC677FB1-B093-4E7C-B1B0-CA3CACDD16CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)
Task: {B7C172D7-7CAB-4532-8D67-DED79ABBD67F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {D89BD4E7-47AC-4084-B690-175FEF8F2A69} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe [2012-01-13] ()
Task: {E8BD49FA-AC80-4A2D-95F2-A5A23C364EF1} - System32\Tasks\{9F2046FB-4543-4C0C-ACC4-3654CF43FB29} => Chrome.exe http://ui.skype.com/ui/0/6.6.73.106.456/en/abandoninstall?page=tsWLM
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-08 15:24 - 2012-02-07 17:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2011-12-21 09:49 - 2011-12-21 09:49 - 00229216 _____ () C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe
2012-12-27 18:30 - 2011-12-07 17:31 - 00303360 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
2012-08-08 15:28 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-07-09 17:06 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2014-07-09 17:06 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2012-08-10 00:46 - 2012-04-21 15:11 - 00077064 ____N () C:\Program Files (x86)\WordWeb\wweb32.exe
2013-11-24 11:16 - 2014-06-23 01:18 - 02844904 _____ () H:\Usenet\NZBMegasearcH\mega2.exe
2013-12-03 03:21 - 2013-12-03 03:21 - 00103424 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2012-08-08 15:26 - 2012-02-29 15:51 - 08187688 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
2014-10-04 21:53 - 2014-10-04 21:53 - 00613944 _____ () C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2012-08-08 15:26 - 2012-01-13 15:47 - 01448744 _____ () C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-30 22:04 - 2014-10-31 17:45 - 00643948 _____ () C:\ProgramData\NzbDrone\bin\sqlite3.DLL
2012-12-27 18:30 - 2011-11-25 13:38 - 00409600 _____ () C:\Program Files (x86)\NETGEAR\WNA3100M\WifiLib.dll
2013-10-17 10:25 - 2013-10-17 10:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-10 00:46 - 2012-07-15 12:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-08-10 00:46 - 2012-07-15 12:25 - 00022800 ____N () C:\Program Files (x86)\WordWeb\WUCNT.dll
2012-08-10 00:46 - 2012-07-15 12:25 - 00581480 ____N () C:\Program Files (x86)\WordWeb\wwextdb.dll
2014-07-09 17:06 - 2011-06-02 18:12 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2014-10-04 21:53 - 2014-10-04 21:53 - 36966968 _____ () C:\Users\Thien\AppData\Roaming\Spotify\Data\libcef.dll
2012-04-10 23:31 - 2014-06-23 01:18 - 00285184 _____ () H:\Usenet\NZBMegasearcH\_hashlib.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00040960 _____ () H:\Usenet\NZBMegasearcH\_socket.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00721920 _____ () H:\Usenet\NZBMegasearcH\_ssl.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00074240 _____ () H:\Usenet\NZBMegasearcH\_ctypes.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00009728 _____ () H:\Usenet\NZBMegasearcH\select.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00041984 _____ () H:\Usenet\NZBMegasearcH\_sqlite3.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00337920 _____ () H:\Usenet\NZBMegasearcH\sqlite3.dll
2012-04-10 23:31 - 2014-06-23 01:18 - 00103424 _____ () H:\Usenet\NZBMegasearcH\pyexpat.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00070656 _____ () H:\Usenet\NZBMegasearcH\_elementtree.pyd
2012-04-10 23:31 - 2014-06-23 01:18 - 00686592 _____ () H:\Usenet\NZBMegasearcH\unicodedata.pyd
2011-09-02 10:58 - 2014-06-23 01:18 - 00055808 _____ () H:\Usenet\NZBMegasearcH\OpenSSL\crypto.pyd
2011-09-02 10:58 - 2014-06-23 01:18 - 00010240 _____ () H:\Usenet\NZBMegasearcH\OpenSSL\rand.pyd
2011-09-02 10:58 - 2014-06-23 01:18 - 00043008 _____ () H:\Usenet\NZBMegasearcH\OpenSSL\SSL.pyd
2012-10-27 15:21 - 2014-06-23 01:18 - 00098816 _____ () H:\Usenet\NZBMegasearcH\win32api.pyd
2012-10-27 15:20 - 2014-06-23 01:18 - 00110080 _____ () H:\Usenet\NZBMegasearcH\pywintypes27.dll
2013-12-03 03:21 - 2013-12-03 03:21 - 00053248 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00671744 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00294912 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00102400 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2013-12-03 03:21 - 2013-12-03 03:21 - 00013824 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00036864 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00057344 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00007168 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00037888 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00086016 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00049152 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00546205 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2013-12-03 03:21 - 2013-12-03 03:21 - 00008192 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00012288 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00135168 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00040960 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00110592 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00014848 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00024576 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00019968 _____ () C:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00155648 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2013-12-03 03:21 - 2013-12-03 03:21 - 00176128 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2014-03-28 18:57 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-08 15:26 - 2012-02-24 10:53 - 00094208 _____ () C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL
2014-10-04 21:53 - 2014-10-04 21:53 - 00867896 _____ () C:\Users\Thien\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-10-04 21:53 - 2014-10-04 21:53 - 00886840 _____ () C:\Users\Thien\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-10-04 21:53 - 2014-10-04 21:53 - 00108600 _____ () C:\Users\Thien\AppData\Roaming\Spotify\Data\libegl.dll
2014-02-14 09:25 - 2014-02-14 09:25 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\84fda52f3b34f80a8c5056e859ca35c7\IsdiInterop.ni.dll
2012-08-08 15:22 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-08 15:24 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-28 14:25 - 2014-10-22 14:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 14:25 - 2014-10-22 14:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 14:25 - 2014-10-22 14:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 14:25 - 2014-10-22 14:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 14:25 - 2014-10-22 14:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ComproRemote.lnk => C:\Windows\pss\ComproRemote.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ComproSchedulerDTV.lnk => C:\Windows\pss\ComproSchedulerDTV.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Thien^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Uppidy.lnk => C:\Windows\pss\Uppidy.lnk.Startup
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: iFunBoxConnector => "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: TorrentStream => C:\Users\Thien\AppData\Roaming\TorrentStream\engine\tsengine.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3906381925-2076769449-1619887262-500 - Administrator - Disabled)
Guest (S-1-5-21-3906381925-2076769449-1619887262-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3906381925-2076769449-1619887262-1002 - Limited - Enabled)
Thien (S-1-5-21-3906381925-2076769449-1619887262-1000 - Administrator - Enabled) => C:\Users\Thien
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2014 02:22:09 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 01:53:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 00:53:33 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 05:04:42 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/08/2014 01:15:01 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/07/2014 10:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 11.0.7.79, time stamp: 0x536b812b
Faulting module name: Acrobat.dll, version: 11.0.7.79, time stamp: 0x536b80ff
Exception code: 0xc0000005
Fault offset: 0x00561b2b
Faulting process id: 0x1938
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3
 
Error: (11/07/2014 04:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Acrobat.exe, version: 11.0.7.79, time stamp: 0x536b812b
Faulting module name: Acrobat.dll, version: 11.0.7.79, time stamp: 0x536b80ff
Exception code: 0xc0000005
Fault offset: 0x00561b2b
Faulting process id: 0x17e8
Faulting application start time: 0xAcrobat.exe0
Faulting application path: Acrobat.exe1
Faulting module path: Acrobat.exe2
Report Id: Acrobat.exe3
 
Error: (11/07/2014 00:51:34 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/07/2014 03:14:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.0.3.0, time stamp: 0x5456b54d
Faulting module name: fm.exe, version: 15.0.3.0, time stamp: 0x5456b54d
Exception code: 0xc0000005
Fault offset: 0x00e7fe1c
Faulting process id: 0x1f6c
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3
 
Error: (11/06/2014 01:16:12 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
 
System errors:
=============
Error: (11/09/2014 02:23:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/09/2014 02:22:09 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d89f42f690, 0xb3b7465ef1c1329a, 0xfffff880035705c0, 0x0000000000000002)C:\Windows\MEMORY.DMP
 
Error: (11/09/2014 02:22:09 PM) (Source: BugCheck) (EventID: 1005) (User: )
Description: 
 
Error: (11/09/2014 02:22:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:21:41 PM on ‎9/‎11/‎2014 was unexpected.
 
Error: (11/09/2014 01:54:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/09/2014 01:53:41 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d8b4f955a0, 0xb3b7465f077791aa, 0xfffff880035705c0, 0x0000000000000002)C:\Windows\MEMORY.DMP110914-8595-01
 
Error: (11/09/2014 01:53:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:52:32 PM on ‎9/‎11/‎2014 was unexpected.
 
Error: (11/09/2014 00:54:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/09/2014 05:05:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/08/2014 01:16:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/09/2014 02:22:09 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 01:53:42 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 00:53:33 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/09/2014 05:04:42 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/08/2014 01:15:01 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/07/2014 10:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Acrobat.exe11.0.7.79536b812bAcrobat.dll11.0.7.79536b80ffc000000500561b2b193801cffa63fb0f867dC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.dll50c4a905-6676-11e4-bb58-bc5ff444d89c
 
Error: (11/07/2014 04:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Acrobat.exe11.0.7.79536b812bAcrobat.dll11.0.7.79536b80ffc000000500561b2b17e801cffa44344cf52aC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exeC:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.dll9052bef1-6648-11e4-bb58-bc5ff444d89c
 
Error: (11/07/2014 00:51:34 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (11/07/2014 03:14:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.0.3.05456b54dfm.exe15.0.3.05456b54dc000000500e7fe1c1f6c01cff9d7b7db116aH:\SteamLibrary\steamapps\common\Football Manager 2015\fm.exeH:\SteamLibrary\steamapps\common\Football Manager 2015\fm.exe6c5d2948-65d8-11e4-aec9-bc5ff444d89c
 
Error: (11/06/2014 01:16:12 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 66%
Total physical RAM: 8155.09 MB
Available physical RAM: 2754.47 MB
Total Pagefile: 16508.37 MB
Available Pagefile: 9852.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:13.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Samsung SpinPoint) (Fixed) (Total:931.51 GB) (Free:92.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Seagate 3TB) (Fixed) (Total:2794.39 GB) (Free:2694.66 GB) NTFS
Drive f: (Ryse Son of Rome) (CDROM) (Total:25.91 GB) (Free:0 GB) CDFS
Drive g: (Seagate Barracuda 2) (Fixed) (Total:1863.01 GB) (Free:215.96 GB) NTFS
Drive h: (Seagate Barracuda) (Fixed) (Total:1863.01 GB) (Free:390.83 GB) NTFS
Drive j: (ABCDEFGHIJKLMNOPQRSTUVWXYZ) (Fixed) (Total:14.91 GB) (Free:11.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 42AE9619)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CE42D30D)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: ABD9C28B)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 2794.5 GB) (Disk ID: 68E9F2CA)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5327E232)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 14.9 GB) (Disk ID: EB823FAE)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by ken545, 09 November 2014 - 11:37 AM.


#7 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:09 AM

Posted 09 November 2014 - 11:56 AM

First, you have the teatimer set in Spybot, it could block fixes we need to make

http://forums.spybot.info/showthread.php?2827-Disabling-Teatimer

 

 

Second , your using the torrents , using P2P File Sharing is not recommended , most times the program is safe but what your download may not be, the bad guys know this and infect a lot of those downloads, its like playing russian roulette malwarewise.  I am going to ask you to uninstall both these programs.

 

TorrentStream
uTorrent
 
If you can I prefer that you post the logs we ask for from the scans as its easier for me to evaluate them
 
 
1. Disable the TeaTimer, if you cant find out how to disable it than just uninstall Spybot, you can reinstall when were done
2. Uninstall those torrent programs
3. Run  MiniToolBox
4. Then run a new scan with FRST, checkmark Additions and post both logs
 

 

Download MiniToolBox and save it to your desktop,  right click on it and select RUN AS ADMINISTRATOR
 
Checkmark the following boxes:
  •  
  • Flush DNS 
  • Reset IE Proxy Settings 
  • Reset FF Proxy Settings
 
 
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
 
 

 

 

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#8 Dlance

Dlance
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 12 November 2014 - 02:02 AM

Thanks, I have done what you asked. Awaiting further instructions.

 

I also need to see the Additions log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Thien (administrator) on THIEN-PC on 12-11-2014 16:58:40
Running from C:\Users\Thien\Desktop
Loaded Profile: Thien (Available profiles: Thien)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(www.nzbdrone.com) C:\ProgramData\NzbDrone\bin\NzbDrone.Console.exe
() C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
() C:\Program Files (x86)\WordWeb\wweb32.exe
(Flux Software LLC) C:\Users\Thien\AppData\Local\FluxSoftware\Flux\flux.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Spotify Ltd) C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Thien\AppData\Roaming\Spotify\spotify.exe
() H:\Usenet\NZBMegasearcH\mega2.exe
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-18] (DT Soft Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [F.lux] => C:\Users\Thien\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [Spotify Web Helper] => C:\Users\Thien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\Run: [Spotify] => C:\Users\Thien\AppData\Roaming\Spotify\spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {61f68c1b-3a1c-11e4-a660-bc5ff444d89c} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {90f0f24a-e118-11e1-a985-806e6f6e6963} - E:\ASRSetup.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {91ecaffb-9f64-11e3-bb2b-bc5ff444d89c} - G:\setup_QuickStart.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {91ecaffe-9f64-11e3-bb2b-bc5ff444d89c} - G:\setup_QuickStart.exe
HKU\S-1-5-21-3906381925-2076769449-1619887262-1000\...\MountPoints2: {a646846e-e46e-11e1-bdc4-bc5ff444d89c} - F:\setup.exe
Startup: C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mega2.exe - Shortcut.lnk
ShortcutTarget: mega2.exe - Shortcut.lnk -> H:\Usenet\NZBMegasearcH\mega2.exe ()
Startup: C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk
ShortcutTarget: PureVPN.lnk -> C:\Program Files (x86)\PureVPN\purevpn.exe (No File)
Startup: C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.exe - Shortcut.lnk
ShortcutTarget: SABnzbd.exe - Shortcut.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=localhost:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDAAE5E290299CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://au.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{981C8EC2-986D-4006-8B9A-922CC31264D5}: [NameServer] 8.8.4.4,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default
FF NetworkProxy: "backup.ftp", "212.144.254.122"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "212.144.254.122"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "212.144.254.122"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3906381925-2076769449-1619887262-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Edit Cookies - C:\Users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\g45ixum5.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2013-02-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-13]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com.au/"
CHR Profile: C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2013-06-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-15]
CHR Extension: (Google Search) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-15]
CHR Extension: (Reddit Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpcomccnnochpjdakpakbieihbglblcn [2013-06-24]
CHR Extension: (Tampermonkey) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2012-10-15]
CHR Extension: (MightyText - SMS Text Messaging ⟷ Computer) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-10-26]
CHR Extension: (Collusion for Chrome) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2013-03-18]
CHR Extension: (AdBlock) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-15]
CHR Extension: (Hola Better Internet) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-10]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-06-24]
CHR Extension: (Hover Free) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmnnggnaofmhflgomfjfbndngdoogkj [2013-06-28]
CHR Extension: (Hush - private bookmarking) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2013-07-11]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-02-12]
CHR Extension: (Allow Right-Click) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-07-16]
CHR Extension: (Digital Clock Widget [ANTP]) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikimcdcgajipgcoehakmgloecbaacmoj [2013-06-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-10-28]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-04-20]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-01-21]
CHR Extension: (Awesome New Tab Page) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-06-24]
CHR Extension: (Ghostery) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-08]
CHR Extension: (Instant Bet365) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbfpohmkceigafhgkadhhifpojjmfbcl [2012-11-18]
CHR Extension: (Google Wallet) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (SABconnect++) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\okphadhbbjadcifjplhifajfacbkkbod [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\WordWeb\wcxChrome.crx [2012-08-10]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Thien\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-08-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-01-06] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [23552 2014-10-31] (www.nzbdrone.com) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Vodafone Mobile Broadband QuickStart; C:\ProgramData\MobileBroadbandQuickStartService\VMBQuickStartService.exe [229216 2011-12-21] ()
R2 WSWNA3100M; C:\Program Files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [303360 2011-12-07] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
S3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
S3 ComproHID; C:\Windows\SysWOW64\DRIVERS\ComproHID64.sys [9088 2007-10-01] (Compro Tech., Inc.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-09] (The OpenVPN Project)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-08-12] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-25] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
S3 VMHybrid64; C:\Windows\System32\DRIVERS\VMHybr64.sys [1403648 2011-05-06] (Compro Technology, Inc.)
S3 wna3100m; C:\Windows\System32\DRIVERS\wna3100m.sys [1094760 2011-12-30] (NETGEAR Corporation                           )
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-11-12] ()
U3 aib7xu3w; C:\Windows\System32\Drivers\aib7xu3w.sys [0 ] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:57 - 2014-11-12 16:57 - 00000000 ____D () C:\Users\Thien\Desktop\FRST-OlderVersion
2014-11-12 16:56 - 2014-11-12 16:56 - 00001316 _____ () C:\Users\Thien\Desktop\Result.txt
2014-11-12 16:55 - 2014-11-12 16:55 - 00401920 _____ (Farbar) C:\Users\Thien\Desktop\MiniToolBox.exe
2014-11-12 16:11 - 2014-11-12 16:11 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-11-12 16:06 - 2014-11-12 16:06 - 00000000 ____D () C:\ProgramData\purevpn
2014-11-12 16:06 - 2013-08-22 05:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-11-10 02:12 - 2014-11-12 16:58 - 00033782 _____ () C:\Users\Thien\Desktop\FRST.txt
2014-11-10 02:12 - 2014-11-10 02:12 - 00043906 _____ () C:\Users\Thien\Desktop\Addition.txt
2014-11-10 02:11 - 2014-11-12 16:57 - 02116096 _____ (Farbar) C:\Users\Thien\Desktop\FRST64.exe
2014-11-10 02:11 - 2014-11-10 02:11 - 00002564 _____ () C:\Users\Thien\Desktop\aswMBR.txt
2014-11-10 02:11 - 2014-11-10 02:11 - 00000512 _____ () C:\Users\Thien\Desktop\MBR.dat
2014-11-10 01:05 - 2014-11-10 01:05 - 00000182 _____ () C:\Users\Thien\Desktop\Population Health.txt
2014-11-09 14:22 - 2014-11-12 15:38 - 00003026 _____ () C:\Windows\System32\Tasks\asrRd
2014-11-09 14:22 - 2014-11-09 14:22 - 1247728326 _____ () C:\Windows\MEMORY.DMP
2014-11-09 13:53 - 2014-11-09 13:53 - 00275008 _____ () C:\Windows\Minidump\110914-8595-01.dmp
2014-11-07 22:08 - 2014-11-07 22:10 - 05194752 _____ (AVAST Software) C:\Users\Thien\Desktop\aswMBR.exe
2014-11-05 04:08 - 2014-11-05 04:08 - 00000300 _____ () C:\Users\Thien\Desktop\coaches.txt
2014-10-31 02:17 - 2014-11-11 17:55 - 00000696 _____ () C:\Users\Public\Desktop\FM Genie Scout 15g.lnk
2014-10-31 02:17 - 2014-11-11 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 15g
2014-10-31 02:17 - 2014-11-11 17:55 - 00000000 ____D () C:\FM Genie Scout 15g
2014-10-29 22:36 - 2014-10-29 22:36 - 00011963 _____ () C:\Users\Thien\Desktop\attach.txt
2014-10-28 19:36 - 2014-10-28 19:36 - 00000000 ____D () C:\Users\Thien\Desktop\Injustice - Gods Among Us
2014-10-26 22:00 - 2014-11-12 16:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-26 22:00 - 2014-10-26 22:00 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-26 22:00 - 2014-10-26 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-26 22:00 - 2014-10-26 22:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-26 22:00 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-26 22:00 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-26 22:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-26 21:56 - 2014-11-12 16:58 - 00000000 ____D () C:\FRST
2014-10-26 21:50 - 2014-10-26 21:50 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-26 21:50 - 2014-10-26 21:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-26 21:42 - 2014-10-26 21:48 - 19114072 _____ () C:\Users\Thien\Desktop\RogueKillerX64.exe
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SSDlife
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\ProgramData\Binarysense
2014-10-26 03:26 - 2014-10-26 03:26 - 00000000 ____D () C:\Program Files (x86)\BinarySense
2014-10-25 21:23 - 2014-10-25 21:23 - 00000222 _____ () C:\Users\Thien\Desktop\Football Manager 2015.url
2014-10-22 16:37 - 2014-10-22 16:37 - 00000000 ____D () C:\Users\Thien\AppData\Local\ESET
2014-10-15 23:40 - 2014-10-15 23:40 - 00000949 _____ () C:\Users\Thien\Desktop\Middle Earth - Shadow of Mordor.lnk
2014-10-15 23:40 - 2014-10-15 23:40 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Middle Earth - Shadow of Mordor
2014-10-15 23:40 - 2014-10-15 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2014-10-15 22:54 - 2014-10-19 16:29 - 00001172 _____ () C:\Users\Thien\Desktop\Ryse Son of Rome.lnk
2014-10-13 19:18 - 2014-10-13 19:18 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-10-13 19:17 - 2014-10-13 19:19 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-10-13 19:17 - 2014-10-13 19:19 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-10-13 19:17 - 2014-10-13 19:19 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-10-13 18:39 - 2014-10-13 18:39 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Nitro
2014-10-13 18:38 - 2014-10-13 18:45 - 00000000 ____D () C:\Program Files\Nitro
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Nitro PDF
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Downloaded Installations
2014-10-13 18:38 - 2014-10-13 18:38 - 00000000 ____D () C:\ProgramData\Nitro
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-10-13 18:34 - 2014-10-13 18:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-10-13 18:24 - 2014-10-15 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ryse Son of Rome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-12 16:54 - 2014-09-14 00:12 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\.Torrent Stream
2014-11-12 16:54 - 2014-09-14 00:11 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\TorrentStream
2014-11-12 16:53 - 2012-08-08 22:01 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\uTorrent
2014-11-12 16:49 - 2012-10-23 12:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 16:24 - 2013-11-25 01:35 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-11-12 16:24 - 2012-10-15 21:10 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 16:20 - 2014-06-30 22:04 - 00000000 ____D () C:\ProgramData\NzbDrone
2014-11-12 15:58 - 2014-10-04 21:51 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Spotify
2014-11-12 15:42 - 2012-08-08 18:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-12 15:38 - 2014-09-07 14:48 - 00002960 _____ () C:\Windows\System32\Tasks\AsrXTU
2014-11-12 15:38 - 2013-03-08 02:31 - 01158730 _____ () C:\Windows\WindowsUpdate.log
2014-11-12 15:38 - 2013-01-15 21:34 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-11-12 15:38 - 2012-10-15 21:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 15:38 - 2012-08-08 15:25 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-12 15:29 - 2009-07-14 14:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:29 - 2009-07-14 14:45 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-12 15:28 - 2009-07-14 15:13 - 00784440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 15:24 - 2014-09-27 13:28 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-11-12 15:24 - 2014-09-22 08:31 - 00005505 _____ () C:\Windows\setupact.log
2014-11-12 15:24 - 2014-09-22 08:30 - 00025570 _____ () C:\Windows\PFRO.log
2014-11-12 15:24 - 2013-12-25 01:36 - 00003488 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-12 15:24 - 2012-08-08 15:26 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-11-12 15:24 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-12 11:20 - 2014-10-04 21:53 - 00000000 ____D () C:\Users\Thien\AppData\Local\Spotify
2014-11-12 03:50 - 2012-08-09 13:40 - 00000000 ____D () C:\Users\Thien\AppData\Local\CrashDumps
2014-11-11 14:34 - 2012-08-08 15:25 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-11-11 02:22 - 2012-08-16 00:57 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Skype
2014-11-09 14:22 - 2012-09-23 16:10 - 00000000 ____D () C:\Windows\Minidump
2014-11-08 22:53 - 2014-09-14 00:13 - 00000000 ____D () C:\TorrentStream
2014-11-08 01:34 - 2014-05-28 14:17 - 00000000 ____D () C:\Users\Thien\AppData\Local\QuickPar
2014-11-06 15:26 - 2012-11-05 00:25 - 00000000 ____D () C:\Users\Thien\Desktop\Receipts
2014-11-01 14:23 - 2014-03-24 20:51 - 00008845 _____ () C:\Users\Thien\Desktop\Receipts.xlsx
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Thien\Documents\Sports Interactive
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Thien\AppData\Local\Sports Interactive
2014-10-31 00:56 - 2012-08-24 16:24 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-10-30 18:38 - 2013-05-27 16:59 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\vlc
2014-10-28 08:31 - 2009-07-14 14:45 - 00450280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-27 18:01 - 2012-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-27 01:47 - 2013-12-31 02:31 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-26 21:50 - 2012-08-09 13:41 - 00000000 ____D () C:\ProgramData\ABBYY
2014-10-26 21:49 - 2012-08-08 15:23 - 00116624 _____ () C:\Users\Thien\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-26 03:26 - 2012-08-08 15:28 - 00000000 ____D () C:\ProgramData\Temp
2014-10-25 21:23 - 2012-08-08 18:44 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-24 18:00 - 2013-07-07 00:05 - 00000000 ____D () C:\Users\Thien\Documents\Outlook Files
2014-10-23 20:54 - 2013-02-15 22:13 - 00000000 ____D () C:\Users\Thien\Desktop\Articles
2014-10-22 19:15 - 2014-03-05 19:26 - 00000000 ____D () C:\Users\Thien\Desktop\Texts
2014-10-18 23:19 - 2012-10-15 21:10 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 23:19 - 2012-10-15 21:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-16 12:11 - 2014-05-16 19:58 - 00000000 ____D () C:\Users\Thien\Desktop\Dental Schools
2014-10-14 08:33 - 2012-08-08 17:46 - 00000000 ____D () C:\Users\Thien\AppData\Local\Adobe
2014-10-13 19:19 - 2012-08-08 15:27 - 00000000 ____D () C:\Users\Thien\AppData\Roaming\Adobe
2014-10-13 19:18 - 2012-08-08 15:27 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-13 19:17 - 2012-08-08 15:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-13 18:45 - 2013-09-24 17:57 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-13 03:12 - 2009-07-14 15:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
Files to move or delete:
====================
C:\Users\Thien\jagex_cl_loginapplet_LIVE.dat
C:\Users\Thien\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Thien\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Thien\AppData\Local\Temp\JExplorer32.2.7.1.dll
C:\Users\Thien\AppData\Local\Temp\JExplorer32.2.7.1.exe
C:\Users\Thien\AppData\Local\Temp\JExplorer64.2.7.1.dll
C:\Users\Thien\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Thien\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 20:48
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   45.71KB   1 downloads

Edited by ken545, 12 November 2014 - 06:10 AM.


#9 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:09 AM

Posted 12 November 2014 - 06:17 AM

1. Disable the TeaTimer, if you cant find out how to disable it than just uninstall Spybot, you can reinstall when were done <---Its still enabled
2. Uninstall those torrent programs
3. Run  MiniToolBox <--Would like to see the report as per instructions, it should be on your desktop Fixlog
4. Then run a new scan with FRST, checkmark Additions and post both logs <-- Need to see Additions
5. Copy and paste the logs in lieu of attaching them

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#10 Dlance

Dlance
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 12 November 2014 - 10:58 AM

Here you are. I've disabled TeaTimer and had already uninstalled the torrent programs before. Thank you.

Attached Files



#11 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:01:09 AM

Posted 12 November 2014 - 11:01 AM

What can you tell me about these from Firefox

 

"network.proxy.backup.ftp", "212.144.254.122"
"network.proxy.backup.ftp_port", 3128
"network.proxy.backup.socks", "212.144.254.122"
"network.proxy.backup.socks_port", 3128
"network.proxy.backup.ssl", "212.144.254.122"
"network.proxy.backup.ssl_port", 3128
"network.proxy.ftp", "212.144.254.123"
"network.proxy.ftp_port", 3128
"network.proxy.http", "212.144.254.123"
"network.proxy.http_port", 3128
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "212.144.254.123"
"network.proxy.socks_port", 3128
"network.proxy.ssl", "212.144.254.123"
"network.proxy.ssl_port", 3128
"network.proxy.type", 0
 
 
 
 
 
 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  to your desktop. 
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #12 Dlance

    Dlance
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:03:09 PM

    Posted 12 November 2014 - 11:54 AM

    I am unsure, I haven't used firefox for a while now.
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 13/11/2014
    Scan Time: 2:45:50 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.3.1025
    Malware Database: v2014.11.12.08
    Rootkit Database: v2014.11.12.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Thien
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 338514
    Time Elapsed: 5 min, 25 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Deep Rootkit Scan: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 0
    (No malicious items detected)
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)

    Attached Files



    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:09 AM

    Posted 12 November 2014 - 12:48 PM

    Lets run Combofix and see if it finds and removes anything, you can disregard the instructions for a Recovery Console as you have win 7 

     

     
    Download ComboFix from one of these locations:
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
     
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
  •  
  • Double click on ComboFix.exe & follow the prompts.
  •  
    For Windows XP Users
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
  •  
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
     
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     

    RC1.png

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    RC2-1.png

     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
     
    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 Dlance

    Dlance
    • Topic Starter

    • Members
    • 28 posts
    • OFFLINE
    •  
    • Local time:03:09 PM

    Posted 12 November 2014 - 09:02 PM

    Here you are.

     

    ComboFix 14-11-12.01 - Thien 13/11/2014  11:53:22.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8155.5278 [GMT 10:00]
    Running from: c:\users\Thien\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Created a new restore point
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Thien\AppData\Roaming\dvdae
    c:\users\Thien\AppData\Roaming\dvdae\dvdae.config
    c:\users\Thien\AppData\Roaming\dvdae\dvdae.lic
    c:\users\Thien\Documents\pvr.tmp
    c:\windows\SysWow64\DEBUG.log
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Run
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-10-13 to 2014-11-13  )))))))))))))))))))))))))))))))
    .
    .
    2014-11-13 01:56 . 2014-11-13 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-12 16:40 . 2014-11-12 16:40 -------- d-----w- c:\windows\ERUNT
    2014-11-12 16:30 . 2014-11-12 16:38 -------- d-----w- C:\AdwCleaner
    2014-11-12 06:11 . 2014-11-12 06:11 -------- d-----w- c:\programdata\FlyVPN
    2014-11-12 06:06 . 2014-11-12 06:06 -------- d-----w- c:\programdata\purevpn
    2014-11-12 06:06 . 2013-08-21 19:40 40664 ----a-w- c:\windows\system32\drivers\tap0901.sys
    2014-10-30 16:17 . 2014-11-11 07:55 -------- d-----w- C:\FM Genie Scout 15g
    2014-10-26 12:00 . 2014-11-13 01:57 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-26 12:00 . 2014-10-26 12:00 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-26 12:00 . 2014-10-01 01:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-26 12:00 . 2014-10-01 01:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-26 12:00 . 2014-10-01 01:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-26 11:56 . 2014-11-12 15:53 -------- d-----w- C:\FRST
    2014-10-26 11:53 . 2014-10-19 17:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C516C442-54FC-4364-B036-CC514DAC5094}\mpengine.dll
    2014-10-26 11:50 . 2014-10-26 11:50 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-26 11:50 . 2014-10-26 11:50 -------- d-----w- c:\programdata\RogueKiller
    2014-10-25 17:27 . 2014-10-25 17:27 -------- d-----w- c:\programdata\Logs
    2014-10-25 17:26 . 2014-10-25 17:26 -------- d-----w- c:\programdata\Licenses
    2014-10-25 17:26 . 2014-10-25 17:26 -------- d-----w- c:\programdata\Binarysense
    2014-10-25 17:26 . 2014-10-25 17:26 -------- d-----w- c:\program files (x86)\BinarySense
    2014-10-22 06:37 . 2014-10-22 06:37 -------- d-----w- c:\users\Thien\AppData\Local\ESET
    2014-10-15 13:40 . 2014-10-15 13:40 -------- d-----w- c:\users\Thien\AppData\Roaming\Middle Earth - Shadow of Mordor
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-13 01:57 . 2014-09-27 03:28 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
    2014-11-13 01:57 . 2013-11-24 15:35 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
    2014-11-13 01:57 . 2012-08-08 05:26 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
    2014-11-12 08:49 . 2012-08-11 14:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-12 08:49 . 2012-08-11 14:08 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-02 05:53 . 2012-08-08 05:35 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-02 01:16 . 2014-09-04 00:30 447752 ----a-r- c:\windows\SysWow64\vp6vfw.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2013-11-02 01:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2013-11-02 01:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2013-11-02 01:35 1727176 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WordWeb"="c:\program files (x86)\WordWeb\wweb32.exe" [2012-04-21 77064]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    "F.lux"="c:\users\Thien\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
    "KiesPDLR.exe"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2014-05-28 843568]
    "Spotify Web Helper"="c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-04 1514040]
    "Spotify"="c:\users\Thien\AppData\Roaming\Spotify\spotify.exe" [2014-10-04 6553144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
    "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
    "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
    "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-10 256896]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-07-09 767200]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-05-08 3499896]
    .
    c:\users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    mega2.exe - Shortcut.lnk - h:\usenet\NZBMegasearcH\mega2.exe [2013-11-24 2844904]
    SABnzbd.exe - Shortcut.lnk - c:\program files (x86)\SABnzbd\SABnzbd.exe [2013-12-3 103424]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
    R3 ComproHID;VideoMate Root Enumerated Hid Device;c:\windows\system32\DRIVERS\ComproHID64.sys;c:\windows\SYSNATIVE\DRIVERS\ComproHID64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
    R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 ptun0901;TAP Adapter V9 for Private Tunnel;c:\windows\system32\DRIVERS\ptun0901.sys;c:\windows\SYSNATIVE\DRIVERS\ptun0901.sys [x]
    R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VMHybrid64;VMHybrid service;c:\windows\system32\DRIVERS\VMHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\VMHybr64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 wna3100m;NETGEAR WNA3100M N300 Wireless Mini USB Adapter;c:\windows\system32\DRIVERS\wna3100m.sys;c:\windows\SYSNATIVE\DRIVERS\wna3100m.sys [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys;c:\windows\SYSNATIVE\DRIVERS\AsrRamDisk.sys [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
    S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NzbDrone;NzbDrone;c:\programdata\NzbDrone\bin\nzbdrone.console.exe;c:\programdata\NzbDrone\bin\nzbdrone.console.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    S2 Vodafone Mobile Broadband QuickStart;Vodafone Mobile Broadband QuickStart Service;c:\programdata\MobileBroadbandQuickStartService\VMBQuickStartService.exe;c:\programdata\MobileBroadbandQuickStartService\VMBQuickStartService.exe [x]
    S2 WSWNA3100M;WSWNA3100M;c:\program files (x86)\NETGEAR\WNA3100M\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100M\WifiSvc.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    S3 cmudaxp;ASUS Xonar DGX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
    S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-28 04:25 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 08:49]
    .
    2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 11:10]
    .
    2014-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15 11:10]
    .
    2014-11-13 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 03:41]
    .
    2014-11-11 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 03:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
    "THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-05-28 310064]
    "Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
    "Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
    "Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{981C8EC2-986D-4006-8B9A-922CC31264D5}: NameServer = 8.8.4.4,8.8.8.8
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Thien\AppData\Roaming\Mozilla\Firefox\Profiles\0\
    FF - prefs.js: network.proxy.type - 
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-ASRockXTU - (no file)
    Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
    Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    c:\users\Thien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureVPN.lnk - c:\program files (x86)\PureVPN\purevpn.exe -autorun
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM_Wow6432Node-ActiveSetup-{3C8178FD-B30F-4BD0-B3D7-A23F4BAB49ED} - msiexec
    AddRemove-{117B6BF6-82C3-420C-B284-9247C8568E53} - c:\program files (x86)\InstallShield Installation Information\{117B6BF6-82C3-420C-B284-9247C8568E53}\setup.exe
    AddRemove-{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC} - c:\program files (x86)\InstallShield Installation Information\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}\setup.exe
    AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12]
    "GameDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\games"
    "ShortlistDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
    "FMPath"=""
    "ScreenshotsDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012"
    "SaveDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\"
    "HistoryDir"="c:\\FM Genie Scout 12\\History Points"
    "LangDB"="c:\\FM Genie Scout 12\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a272
    "VersionOf201"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification"=dword:00000000
    "ShowDonateNotification"=dword:00000000
    "Version"=dword:000000cf
    "UniqueID"="77-E2B0-E03F"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000001
    "StaffSearchFeatureNum"=dword:00000000
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:00000000
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000001
    "HintsFeatureNum"=dword:00000000
    "GenieReportFeatureNum"=dword:00000001
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    "AdClicksNum"=dword:00000000
    "AdImpressionsNum"=dword:00000005
    "GameLoadedCounter"=dword:00000002
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 12g]
    "GameDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\games"
    "ShortlistDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\shortlists"
    "GraphicPackDir"=""
    "FMPath"="c:\\program files (x86)\\steam\\steamapps\\common\\football manager 2012"
    "ScreenshotsDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012"
    "SaveDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2012\\"
    "HistoryDir"="c:\\FM Genie Scout 12g\\History Points"
    "LangDB"="c:\\FM Genie Scout 12g\\lang_db.dat"
    "LastSaveGame"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2013\\games\\Spurs.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a16a
    "VersionOf202"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification"=dword:00000000
    "Version"=dword:000000d0
    "UniqueID"="77-E2B0-E03F"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000047
    "StaffSearchFeatureNum"=dword:0000000a
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:0000000b
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:0000004e
    "HintsFeatureNum"=dword:00000001
    "GenieReportFeatureNum"=dword:00000019
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 13g]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2013\\games"
    "ShortlistDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2013\\shortlists"
    "GraphicPackDir"=""
    "FMPath"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2013\\"
    "ScreenshotsDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2013"
    "SaveDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2013\\"
    "HistoryDir"="c:\\FM Genie Scout 13g\\History Points"
    "LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2013\\data\\db\\1300\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a18e
    "VersionOf202"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification"=dword:00000000
    "Version"=dword:00000157
    "UniqueID"="77-E2B0-E03F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000054
    "StaffSearchFeatureNum"=dword:0000000f
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:0000000b
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000000
    "HintsFeatureNum"=dword:00000001
    "GenieReportFeatureNum"=dword:0000001e
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    "Offsets"=""
    "Currency"=dword:00000056
    "ShowGuidNotification2"=dword:00000000
    "ShowQuickGuideNotification"=dword:00000000
    "HistoryAutoTracking"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 14f]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\FM Genie Scout 14g\\games"
    "ShortlistDir"="c:\\FM Genie Scout 14g\\shortlists"
    "GraphicPackDir"=""
    "FMPath"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2014\\"
    "ScreenshotsDir"="c:\\FM Genie Scout 14g"
    "SaveDir"="c:\\FM Genie Scout 14g\\"
    "HistoryDir"="c:\\FM Genie Scout 14g\\History Points"
    "HistoryAutoTracking"=dword:00000000
    "LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2014\\data\\db\\1400\\fm\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a3db
    "VersionOf202"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification2"=dword:00000000
    "ShowQuickGuideNotification"=dword:00000000
    "Version"=dword:000001f6
    "UniqueID"="77-E2B0-E03F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:0000001b
    "StaffSearchFeatureNum"=dword:00000008
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:00000006
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000000
    "HintsFeatureNum"=dword:00000000
    "GenieReportFeatureNum"=dword:00000010
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    "Currency"=dword:00000056
    "LoadingGamesCounter"=dword:0000000d
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 14g]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\FM Genie Scout 14g\\games"
    "ShortlistDir"="c:\\FM Genie Scout 14g\\shortlists"
    "GraphicPackDir"=""
    "FMPath"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2014\\"
    "ScreenshotsDir"="c:\\FM Genie Scout 14g"
    "SaveDir"="c:\\FM Genie Scout 14g\\"
    "HistoryDir"="c:\\FM Genie Scout 14g\\History Points"
    "HistoryAutoTracking"=dword:00000000
    "LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2014\\data\\db\\1400\\fm\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a29c
    "VersionOf202"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification2"=dword:00000000
    "ShowQuickGuideNotification"=dword:00000000
    "Version"=dword:0000019b
    "UniqueID"="77-E2B0-E03F"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000031
    "StaffSearchFeatureNum"=dword:0000000a
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:0000000a
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000000
    "HintsFeatureNum"=dword:00000003
    "GenieReportFeatureNum"=dword:00000018
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\G*e*n*i*e*"!\FM Genie Scout 15g]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2015\\games"
    "ShortlistDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2015\\shortlists"
    "GraphicPackDir"=""
    "FMPath"="h:\\SteamLibrary\\steamapps\\common\\Football Manager 2015\\"
    "ScreenshotsDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2015"
    "SaveDir"="c:\\Users\\Thien\\Documents\\Sports Interactive\\Football Manager 2015\\"
    "HistoryDir"="c:\\FM Genie Scout 15g\\History Points"
    "HistoryAutoTracking"=dword:00000000
    "LoadingGamesCounter"=dword:000003ea
    "LangDB"="h:\\SteamLibrary\\steamapps\\common\\Football Manager 2015\\data\\db\\1500\\1500_fm\\lang_db.dat"
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:0000a3df
    "VersionOf202"=dword:0000007b
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "ShowGuidNotification2"=dword:00000000
    "ShowQuickGuideNotification"=dword:00000000
    "Version"=dword:000001f8
    "UniqueID"="77-E2B0-E03F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000004
    "StaffSearchFeatureNum"=dword:00000002
    "ClubSearchFeatureNum"=dword:00000000
    "FilterByClubFeatureNum"=dword:00000001
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000000
    "HintsFeatureNum"=dword:00000000
    "GenieReportFeatureNum"=dword:00000003
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    "Currency"=dword:00000056
    .
    [HKEY_USERS\S-1-5-21-3906381925-2076769449-1619887262-1000\Software\SecuROM\License information*]
    "datasecu"=hex:59,a3,be,2a,c1,29,d9,1c,ac,27,d3,d6,a1,8d,90,72,7c,e2,30,de,39,
       c8,4f,46,38,ba,82,95,aa,80,2d,48,1e,50,0c,c4,2c,24,d8,a1,a4,b0,3f,45,ef,53,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files\ASUS Xonar DGX Audio\Customapp\ASUSAUDIOCENTER.EXE
    c:\program files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe
    c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    c:\users\Thien\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    c:\program files\ASRock Utility\XFast RAM\asrRd.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-13  11:59:18 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-11-13 01:59
    .
    Pre-Run: 21,120,589,824 bytes free
    Post-Run: 21,072,535,552 bytes free
    .
    - - End Of File - - 3064584E6174BBED92FDCA9BE9B81A55

    Attached Files


    Edited by ken545, 12 November 2014 - 09:17 PM.


    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:01:09 AM

    Posted 12 November 2014 - 09:26 PM

    Removed a few things, how is your system behaving now ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users