Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
63 replies to this topic

#1 caleb.m.hartmann

caleb.m.hartmann

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 06 November 2014 - 10:34 AM

I started working through this process with a tech and he ended up vanishing.  Is there anyone that can walk me through this and stick with me through the whole process?  My computer has something on it that whenever I click anywhere on a webpage (even blank space), windows pop up, random words get hyperlinked and an inordinate amount of ads are infesting every page.  Below is the URL from the last time I was trying to get this fixed so you can review what has been done already.

 

http://www.bleepingcomputer.com/forums/t/549515/help/page-2#entry3498641

 

Thanks in advance for your assistance.

Caleb.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,631 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 11 November 2014 - 11:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554993 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 11 November 2014 - 11:49 AM

I've already posted the information from previous sessions.

 

I, unfortunately, cannot download DDS for some reason.  This is the problem I've been having with the computer.



#4 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 12 November 2014 - 03:38 AM


Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

icon_arrow.gif Analysis and research take some time, also sometimes real life gets in the way, please be patient.
icon_arrow.gif Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
icon_arrow.gif Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
icon_arrow.gif Paste the logs in your posts, attachments make my work harder and more complicated.
icon_arrow.gif Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
icon_arrow.gif Note that we may live in totally different time zones, what may cause some delays between answers.

icon_idea.gif I can't foresee everything, so if anything unexpected happens, please stop and inform me!
icon_idea.gif There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)


FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
There will be two versions to download: 32-bit and 64-bit. Please download the one that is designed for your system. If you don't know which one should it be, download both of them and try each other out. Only one will run - this is the right one. Please leave it and delete the other.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.
 


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#5 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 12 November 2014 - 09:43 AM

Two logs are below.

On a side note, the previous person that was helping me somehow eliminated Adobe Flash Player and there's an error every time I try to re-install.  Could you help me with that issue as well?

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Caleb's Computer at 2014-11-12 07:57:29
Running from C:\Users\Caleb's Computer\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Apprevels version  1.4.0.13 (HKLM-x32\...\{04DF7063-9BDE-40A2-AD65-C86766A0B34B}_is1) (Version: 1.4.0.13 - Leawo Software)
µTorrent (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Game of Thrones - Genesis (HKLM-x32\...\Steam App 58550) (Version:  - Cyanide)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - )
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.09.06 - ASUSTeK Computer Inc.)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.12 - ASUSTeK)
Aliens vs. Predator (HKLM-x32\...\Steam App 10680) (Version:  - Rebellion)
American Conquest (HKLM-x32\...\American Conquest) (Version:  - )
American Conquest with Fight Back (HKLM-x32\...\American Conquest with Fight Back_is1) (Version:  - GOG.com)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.10 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.2.562 - ASUSTEK)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.790 - AVG Technologies)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{6E016C56-820F-4B2D-A36F-34CCADF90C16}) (Version: 1.0.0.06 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.06 - Belkin) Hidden
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco WebEx Meetings (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Codec 8.3a (HKLM-x32\...\Codec_is1) (Version:  - )
Company of Heroes (HKLM-x32\...\Steam App 4560) (Version:  - Relic)
Company of Heroes: Opposing Fronts (HKLM-x32\...\Steam App 9340) (Version:  - Relic)
Company of Heroes: Tales of Valor (HKLM-x32\...\Steam App 20540) (Version:  - Relic)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Ritual)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - )
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Demigod (HKLM-x32\...\Steam App 202710) (Version:  - Gas Powered Games)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Dll-Files Fixer (HKLM-x32\...\Dll-Files Fixer_is1) (Version: 1.0 - Dll-Files.com)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - )
Empire Earth II (HKLM-x32\...\{DF315348-721C-40B8-BAE2-58C6C7D935A2}) (Version: 1.20 - Sierra)
Empire Earth II: The Art of Supremacy (HKLM-x32\...\{F596C356-BF35-4ED7-981C-CC791461A8F0}) (Version: 1.0 - Sierra)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - Amplitude Studios)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
ExamGuard (HKLM-x32\...\{D78149D7-480E-4012-8071-7B68B3E02527}) (Version: 1.02.0001 - Respondus, Inc.)
Fallen Enchantress (HKLM-x32\...\Steam App 216390) (Version:  - Stardock Entertainment)
Free Sound Recorder v9.2.7 (HKLM-x32\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2011 FreeSoundRecorder Technologies, Inc.)
Galactic Civilizations I: Ultimate Edition (HKLM-x32\...\Steam App 214150) (Version:  - Stardock Entertainment)
Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version:  - Stardock Entertainment)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game of Thrones  (HKLM-x32\...\Steam App 208730) (Version:  - Cyanide)
GameFly Download Manager (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\7998bdbe8c95db7f) (Version: 1.0.0.98 - GameFly)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Graph 4.3 (HKLM-x32\...\Graph_is1) (Version:  - Ivan Johansen)
Handy Updater (HKLM-x32\...\HandyUpdater) (Version:  - )
Homefront (HKLM-x32\...\Steam App 55100) (Version:  - THQ)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Iron Brigade (HKLM-x32\...\Steam App 115120) (Version:  - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Neoteris_Host_Checker) (Version: 6.5.0.15977 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Juniper_Setup_Client) (Version: 2.1.3.7631 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
King Arthur - Fallen Champions (HKLM-x32\...\Steam App 24460) (Version:  - )
King Arthur: Collection (HKLM-x32\...\Steam App 24470) (Version:  - )
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Legends of Pegasus (HKLM-x32\...\Steam App 205590) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.00.0000 - SEGA)
Meridian: New World (HKLM-x32\...\Steam App 265120) (Version:  - Elder Games)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic ® Heroes ® VI (HKLM-x32\...\Steam App 48220) (Version:  - )
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Rainbow\Double Helix)
Myth II: Soulblighter version 1.7.1 (HKLM-x32\...\{52B9E460-AE08-4DA0-9952-2A1542519B69}_is1) (Version: 1.7.1 - Bungie Software)
Myth III: The Wolf Age version 1.3.1 (HKLM-x32\...\{139D63A3-A9DC-48CC-97DA-2963038975DC}_is1) (Version: 1.3.1 - MumboJumbo)
Myth: The Fallen Lords version 1.5 (HKLM-x32\...\{3B537865-547A-4245-AFE1-53353C744D80}_is1) (Version: 1.5 - Eidos Interactive)
NVIDIA Graphics Driver 267.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.08 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
Patrician IV: Rise of a Dynasty (HKLM-x32\...\Steam App 57730) (Version:  - )
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Sony Online Entertainment)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)
Red Faction (HKLM-x32\...\Steam App 20530) (Version:  - )
Red Faction II (HKLM-x32\...\Steam App 20550) (Version:  - )
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Remember Me (HKLM-x32\...\Steam App 228300) (Version:  - DONTNOD Entertainment)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
Risen (HKLM-x32\...\Steam App 40300) (Version:  - Piranha Bytes)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Secure Download Manager (HKLM-x32\...\{FF6A778A-02DA-4B2D-82F7-733A467984EC}) (Version: 3.0.2 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shadows: Heretic Kingdoms (HKLM-x32\...\Steam App 256030) (Version:  - Games Farm)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier’s Ace Patrol: Pacific Skies (HKLM-x32\...\Steam App 244090) (Version:  - Firaxis)
Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version:  - Firaxis Games)
Sid Meiers Civilization 4 - Colonization (HKLM-x32\...\Sid Meiers Civilization 4 - Colonization) (Version: 1.0 - 2K Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundCloud Downloader (HKLM-x32\...\SoundCloud Downloader) (Version:  - )
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars Battlefront II (HKLM-x32\...\Star Wars Battlefront II) (Version: 1.0 - LucasArts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Suit Infinity (HKLM-x32\...\Steam App 234160) (Version:  - Born Ready Games Ltd.)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version:  - Born Ready Games Ltd.)
Stronghold 3 (HKLM-x32\...\Steam App 47400) (Version:  - Firefly Studios)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.36 - En Masse Entertainment)
The Battle for Middle-earth ™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
The Political Machine 2012 (HKLM-x32\...\Steam App 211120) (Version:  - Stardock Entertainment)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - IronLore)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - IronLore)
Torchlight (HKLM-x32\...\Steam App 41500) (Version:  - Runic Games, Inc.)
Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Total War: Rome II Additional Depots (HKLM-x32\...\Steam App 243660) (Version:  - )
Train Simulator 2012 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Tribler (remove only) (HKLM-x32\...\Tribler) (Version:  - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
Warhammer® 40,000®: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3520896638-2416368937-1527133040-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3520896638-2416368937-1527133040-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3520896638-2416368937-1527133040-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3520896638-2416368937-1527133040-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-10-25 14:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {205318AC-DE06-4942-B397-CE4150869029} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.)
Task: {35DF96D3-9A0F-4A7D-9D37-C45C673BD872} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {490797DC-FC55-46F7-80DD-42671DC0A934} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8524931E-6493-4F6A-B2E8-3B6E799FF745} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\\AsBackupWizard\\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {9875522B-5863-4768-A51C-C38A7DB66834} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001UA => C:\Users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {B6065375-7F9A-46A1-A275-56D21BB7335F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-11] (Google Inc.)
Task: {CD334A02-0491-4497-8274-42480D9B7999} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {DFA889C0-D13D-4E47-83F8-99BB06593B84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001Core => C:\Users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001Core.job => C:\Users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001UA.job => C:\Users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-29 13:08 - 2013-04-05 20:27 - 02231296 _____ () C:\Windows\system32\ac3filter64.acm
2011-04-11 22:25 - 2010-11-03 03:30 - 00918144 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2011-04-11 22:25 - 2010-11-19 02:56 - 00915072 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe
2011-04-11 22:25 - 2010-10-21 03:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
2009-11-25 18:45 - 2009-11-25 18:45 - 00110592 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
2013-08-28 18:23 - 2013-08-28 18:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-11 22:25 - 2014-11-06 09:17 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2011-04-11 22:25 - 2010-06-28 20:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-05-14 10:45 - 2014-05-14 10:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2014-09-03 08:49 - 2014-08-21 12:15 - 01171456 _____ () C:\New Folder\libavcodec-56.dll
2014-09-03 08:49 - 2014-08-21 12:15 - 00442368 _____ () C:\New Folder\libavutil-54.dll
2014-09-03 08:49 - 2014-08-21 12:15 - 00332800 _____ () C:\New Folder\libavresample-2.dll
2013-03-12 16:10 - 2014-10-01 17:16 - 00774656 _____ () C:\New Folder\SDL2.dll
2014-06-12 02:23 - 2014-10-21 13:22 - 02226880 _____ () C:\New Folder\video.dll
2014-09-03 08:49 - 2014-08-21 12:15 - 00403968 _____ () C:\New Folder\libavformat-56.dll
2014-09-03 08:49 - 2014-08-21 12:15 - 00485888 _____ () C:\New Folder\libswscale-3.dll
2011-10-05 15:42 - 2014-10-21 13:22 - 00682176 _____ () C:\New Folder\bin\chromehtml.DLL
2009-09-15 19:17 - 2009-09-15 19:17 - 00200704 _____ () C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
2013-08-28 18:25 - 2013-08-28 18:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-10-05 15:42 - 2014-09-04 17:29 - 34589376 _____ () C:\New Folder\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-30 17:55 - 2014-10-30 17:55 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3520896638-2416368937-1527133040-500 - Administrator - Disabled)
Caleb's Computer (S-1-5-21-3520896638-2416368937-1527133040-1001 - Administrator - Enabled) => C:\Users\Caleb's Computer
Guest (S-1-5-21-3520896638-2416368937-1527133040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3520896638-2416368937-1527133040-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 01:29:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/09/2014 07:02:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program install_flashplayer15x32_mssd_aaa_aih.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 878

Start Time: 01cffbe4cc57fc62

Termination Time: 1

Application Path: C:\Users\Caleb's Computer\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe

Report Id:

Error: (11/09/2014 07:00:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/07/2014 00:21:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/06/2014 09:19:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 01:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 3.4.2.34309, time stamp: 0x542362e2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x07be5ed0
Faulting process id: 0x91c
Faulting application start time: 0xuTorrent.exe0
Faulting application path: uTorrent.exe1
Faulting module path: uTorrent.exe2
Report Id: uTorrent.exe3

Error: (11/02/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location J:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (11/01/2014 11:43:05 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (11/01/2014 00:15:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (10/31/2014 00:24:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (11/12/2014 02:44:33 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/10/2014 01:56:29 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/08/2014 11:42:14 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

Error: (11/07/2014 05:39:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/06/2014 09:18:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (11/06/2014 09:17:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Belkin WLAN service service failed to start due to the following error:
%%1053

Error: (11/06/2014 09:17:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Belkin WLAN service service to connect.

Error: (11/03/2014 07:20:28 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (11/02/2014 10:44:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (10/29/2014 10:16:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (11/12/2014 01:29:42 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/09/2014 07:02:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: install_flashplayer15x32_mssd_aaa_aih.exe0.0.0.087801cffbe4cc57fc621C:\Users\Caleb's Computer\Downloads\install_flashplayer15x32_mssd_aaa_aih.exe

Error: (11/09/2014 07:00:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/07/2014 00:21:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/06/2014 09:19:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/04/2014 01:42:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: uTorrent.exe3.4.2.34309542362e2unknown0.0.0.000000000c000000507be5ed091c01cff39385bdce09C:\Users\Caleb's Computer\AppData\Roaming\uTorrent\uTorrent.exeunknown25a9f31e-63f6-11e4-b08b-14dae958dc76

Error: (11/02/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: J:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (11/01/2014 11:43:05 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (11/01/2014 00:15:51 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (10/31/2014 00:24:55 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3


CodeIntegrity Errors:
===================================
  Date: 2013-10-25 15:31:59.835
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-25 15:31:59.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-25 15:31:59.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-25 15:31:59.695
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-20 21:01:41.080
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-20 21:01:41.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8173.22 MB
Available physical RAM: 4680.46 MB
Total Pagefile: 16344.63 MB
Available Pagefile: 12422.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:917.33 GB) (Free:48.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=917.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Caleb's Computer (administrator) on CALEBSCOMPUTER on 12-11-2014 07:56:38
Running from C:\Users\Caleb's Computer\Desktop
Loaded Profile: Caleb's Computer (Available profiles: Caleb's Computer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Valve Corporation) C:\New Folder\Steam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
() C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Valve Corporation) C:\New Folder\bin\steamwebhelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BitTorrent Inc.) C:\Users\Caleb's Computer\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Run: [Steam] => C:\New Folder\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-18] (Electronic Arts)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Run: [uTorrent] => C:\Users\Caleb's Computer\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-06] (BitTorrent Inc.)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Run: [Google Update] => C:\Users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-27] (Google Inc.)
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\...\Winlogon: [Shell] C:\Users\Caleb's Computer\AppData\Roaming\dlc.xmm,explorer.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {88C5CF9F-0C10-4682-8309-DAB20EFD2E97} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {A8DD4AF3-ACA7-4144-98DE-0C88A87E0760} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://www.mathxl.com/BrowserCheck/wiz/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.navistar.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default
FF SearchEngineOrder.1: Secure Search
FF Homepage: hxxp://www.foxnews.com/
FF Keyword.URL:
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: @talk.google.com/O1DPlugin -> C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Caleb's Computer\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Caleb's Computer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3520896638-2416368937-1527133040-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Users\Caleb's Computer\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Caleb's Computer\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Caleb's Computer\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\searchplugins\safeguard-secure-search.xml
FF Extension: Avira Browser Safety - C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: All-in-One Gestures - C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-08-27]
FF Extension: Pro Advisor - C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\Extensions\{db615d8a-b766-4397-9ef1-0eeaf684d8da} [2014-10-14]
FF Extension: All-in-One Sidebar - C:\Users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-09-18]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-26]

Chrome:
=======
CHR Profile: C:\Users\Caleb's Computer\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-06] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-06] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [915072 2010-11-19] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 DAUpdaterSvc; C:\New Folder\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-11] (BioWare)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-12-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-14] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-08] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-12-28] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 22:54 - 2014-11-11 23:00 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Sons.of.Anarchy.S07E10.720p.HDTV.x264-KILLERS
2014-11-11 22:54 - 2014-11-11 22:53 - 00201840 ____N () C:\Users\Caleb's Computer\Downloads\Sons.of.Anarchy.S07E10.720p.HDTV.x264-KILLERS.torrent
2014-11-10 21:38 - 2014-11-11 11:54 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Gotham.S01E08.720p.HDTV.X264-DIMENSION
2014-11-10 21:38 - 2014-11-10 21:38 - 00017428 ____N () C:\Users\Caleb's Computer\Downloads\Gotham.S01E08.720p.HDTV.X264-DIMENSION.torrent
2014-11-10 08:39 - 2014-11-10 08:39 - 00002094 ____N () C:\Users\Caleb's Computer\Downloads\Guardians.of.the.Galaxy.2014.RETAIL.DVDRip.X264-PLAYNOW.torrent
2014-11-10 08:39 - 2014-11-10 08:39 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Guardians.of.the.Galaxy.2014.RETAIL.DVDRip.X264-PLAYNOW
2014-11-08 11:56 - 2014-11-08 12:01 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Ouija 2014 HC 720p HDRip x264 AC3 TiTAN
2014-11-08 11:56 - 2014-11-08 11:59 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Constantine.S01E03.720p.HDTV.X264-DIMENSION
2014-11-08 11:56 - 2014-11-08 11:56 - 00018359 ____N () C:\Users\Caleb's Computer\Downloads\Constantine.S01E03.720p.HDTV.X264-DIMENSION.torrent
2014-11-08 11:56 - 2014-11-08 11:56 - 00016592 ____N () C:\Users\Caleb's Computer\Downloads\Ouija 2014 HC 720p HDRip x264 AC3 TiTAN.torrent
2014-11-08 11:40 - 2014-11-08 11:50 - 1476855087 ____R () C:\Users\Caleb's Computer\Downloads\Ayn Rand - Atlas Shrugged mp3.rar
2014-11-08 11:40 - 2014-11-08 11:39 - 00014311 ____N () C:\Users\Caleb's Computer\Downloads\Ayn Rand - Atlas Shrugged mp3.rar.torrent
2014-11-07 12:24 - 2014-11-07 12:24 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Dracula Untold 2014 720p HDRip x264 AC3-JYK
2014-11-05 08:05 - 2014-11-05 08:10 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Sons.of.Anarchy.S07E09.720p.HDTV.x264-2HD
2014-11-01 08:33 - 2014-11-09 18:30 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Constantine.S01E02.720p.HDTV.X264-DIMENSION
2014-11-01 08:32 - 2014-11-01 08:32 - 00020615 ____N () C:\Users\Caleb's Computer\Downloads\Constantine.S01E02.720p.HDTV.X264-DIMENSION.torrent
2014-10-31 23:29 - 2014-10-31 23:30 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The Babadook 2014 720p HDRIP XVID AC3 Westdenco
2014-10-30 17:55 - 2014-11-06 17:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 15:23 - 2014-10-27 15:23 - 07665912 _____ () C:\Users\Caleb's Computer\Downloads\Chap005_615_8_13.ppt.zip
2014-10-25 07:35 - 2014-10-25 07:37 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The Judge 2014 HC 720p HC HDRIP x264 AC3 TiTAN
2014-10-25 07:34 - 2014-11-07 12:27 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Constantine.S01E01.720p.HDTV.X264-DIMENSION
2014-10-25 07:34 - 2014-10-25 07:34 - 00022092 ____N () C:\Users\Caleb's Computer\Downloads\Constantine.S01E01.720p.HDTV.X264-DIMENSION.torrent
2014-10-25 07:33 - 2014-10-25 07:33 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Teenage Mutant Ninja Turtles (2014) HDRip x264 AAC-CPG
2014-10-22 20:53 - 2014-10-22 20:53 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The.100.S01.NTSC.DVDR-ToF
2014-10-22 20:52 - 2014-10-22 20:57 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The.100.S02E01.720p.HDTV.x264-KILLERS
2014-10-22 20:52 - 2014-10-22 20:52 - 00060396 ____N () C:\Users\Caleb's Computer\Downloads\The.100.S01.NTSC.DVDR-ToF.torrent
2014-10-22 20:52 - 2014-10-22 20:51 - 00042860 ____N () C:\Users\Caleb's Computer\Downloads\The.100.S02E01.720p.HDTV.x264-KILLERS.torrent
2014-10-22 16:18 - 2014-10-22 16:18 - 00001843 _____ () C:\Users\Public\Desktop\ExamGuard.lnk
2014-10-22 16:18 - 2014-10-22 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamGuard
2014-10-22 16:18 - 2014-10-22 16:18 - 00000000 ____D () C:\Program Files (x86)\ExamGuard
2014-10-22 16:18 - 2006-01-04 12:04 - 01410704 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\FPSPR70.ocx
2014-10-22 16:18 - 2006-01-04 12:04 - 00729161 _____ (FarPoint Technologies, Inc.) C:\Windows\SysWOW64\fpimage.dll
2014-10-22 16:16 - 2014-10-22 16:17 - 03351720 _____ () C:\Users\Caleb's Computer\Downloads\ExamGuard.zip
2014-10-21 06:50 - 2014-10-21 06:59 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Hercules.2014.EXTENDED.720p.WEB-DL.x264.AC3-EVO
2014-10-19 10:18 - 2014-10-19 10:19 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The.Town.That.Dreaded.Sundown.2014.HDRip.XviD.AC3-EVO
2014-10-18 10:28 - 2014-10-18 10:29 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\The.Knick.S01.HDTV.x264-KILLERS
2014-10-18 08:01 - 2014-10-18 08:01 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Annabelle 2014 HC HDRIP x264 AC3 TiTAN
2014-10-15 19:43 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 19:43 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 19:43 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 19:43 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 19:43 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 19:43 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 19:43 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 19:43 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 19:43 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 19:43 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 19:43 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 19:43 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 19:43 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 19:43 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 19:43 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 19:43 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 19:43 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 19:43 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 19:43 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 19:43 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 19:43 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 19:43 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 19:43 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 19:43 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 19:43 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 19:43 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 19:43 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 19:43 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 19:43 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 19:43 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 19:43 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 19:43 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 19:43 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 19:43 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 19:43 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 19:43 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 19:43 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 19:43 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 19:43 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 19:43 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 19:43 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 19:43 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 19:43 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 19:43 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 19:43 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 19:43 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 19:43 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 19:43 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 19:43 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 19:43 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 19:43 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 19:43 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 19:43 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 19:43 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 19:43 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 19:43 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 19:43 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 19:43 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 19:43 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 19:43 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 19:43 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 19:43 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 19:43 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 19:43 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 19:43 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 19:42 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 19:42 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 19:42 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 19:42 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 19:42 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 19:42 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 19:42 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 19:42 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 19:42 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 19:42 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 19:42 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 19:42 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 19:42 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 07:57 - 2014-09-24 14:22 - 00020408 _____ () C:\Users\Caleb's Computer\Desktop\FRST.txt
2014-11-12 07:56 - 2013-10-16 12:10 - 00000000 ____D () C:\FRST
2014-11-12 07:56 - 2011-10-12 20:03 - 00000000 ____D () C:\Users\Caleb's Computer\AppData\Roaming\uTorrent
2014-11-12 07:55 - 2014-09-25 12:44 - 00000000 ____D () C:\Users\Caleb's Computer\Desktop\FRST-OlderVersion
2014-11-12 07:55 - 2014-09-24 14:21 - 02116096 _____ (Farbar) C:\Users\Caleb's Computer\Desktop\FRST64.exe
2014-11-12 07:51 - 2014-04-19 19:30 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001UA.job
2014-11-12 07:14 - 2013-06-11 18:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 05:02 - 2011-10-04 18:35 - 01432971 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 10:51 - 2014-04-19 19:30 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001Core.job
2014-11-11 09:14 - 2013-06-11 18:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 21:43 - 2011-10-04 19:20 - 00000000 ____D () C:\Users\Caleb's Computer\Desktop\Calebs school
2014-11-08 11:26 - 2014-09-16 11:08 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Nymphomaniac.Vol.II.2013.LiMiTED.DVDR.NTSC-LPD
2014-11-08 11:25 - 2014-09-16 11:08 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Nymphomaniac.Vol.I.2013.LiMiTED.DVDR.NTSC-LPD
2014-11-08 11:21 - 2009-07-13 23:13 - 00797850 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 12:25 - 2014-09-18 07:05 - 00000000 ____D () C:\Users\Caleb's Computer\Downloads\Extant.S01E13.720p.HDTV.X264-DIMENSION
2014-11-07 03:55 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 03:55 - 2009-07-13 22:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 09:18 - 2011-10-05 15:41 - 00000000 ____D () C:\New Folder
2014-11-06 09:17 - 2014-10-02 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-06 09:17 - 2014-02-12 03:30 - 00004670 _____ () C:\Windows\setupact.log
2014-11-06 09:17 - 2010-11-20 21:47 - 00767602 _____ () C:\Windows\PFRO.log
2014-11-06 09:17 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-04 07:58 - 2013-11-04 09:13 - 00000000 ____D () C:\Users\Caleb's Computer\AppData\Local\CrashDumps
2014-10-31 12:39 - 2013-11-26 03:20 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-10-22 16:18 - 2011-04-11 22:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-21 18:31 - 2013-02-02 13:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-20 09:46 - 2014-04-19 19:30 - 00003944 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001UA
2014-10-20 09:46 - 2014-04-19 19:30 - 00003548 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001Core
2014-10-19 08:09 - 2013-06-11 18:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 08:09 - 2013-06-11 18:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 02:32 - 2014-08-13 18:05 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-17 02:32 - 2014-04-05 11:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-17 02:32 - 2013-10-15 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-17 02:32 - 2013-10-15 17:42 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-16 03:16 - 2014-08-15 02:54 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:26 - 2009-07-13 22:45 - 00419584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:25 - 2014-04-23 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:08 - 2011-10-04 20:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 02:05 - 2013-07-27 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:00 - 2012-05-29 16:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Caleb's Computer\AppData\Local\temp\avgnt.exe
C:\Users\Caleb's Computer\AppData\Local\temp\BackupSetup.exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32ax_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32_mssa_aaa_aih.exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32_mssa_aaa_aih_1.exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32_mssd_aaa_aih(1).exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Caleb's Computer\AppData\Local\temp\install_flashplayer15x32_mssd_aaa_aih_1.exe
C:\Users\Caleb's Computer\AppData\Local\temp\optprosetup.exe
C:\Users\Caleb's Computer\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 00:15

==================== End Of Log ============================



#6 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 12 November 2014 - 03:51 PM

Two logs are below.
On a side note, the previous person that was helping me somehow eliminated Adobe Flash Player and there's an error every time I try to re-install. Could you help me with that issue as well?

We'll see. First the main course = infections, after that any repairs :)


First of all stop downloading any stuff with torrents. This was the source for your problem. Second thing - you have a backdoor onboard.




warning.gif P2P warning!
  • uTorrent
P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected. There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I strongly recommend full uninstallation of any P2P apps. To do so:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for previously mentioned program(s), right-click the entry and click Uninstall.
This is optional, but please consider this. In case of leaving it installed, please refrain from using it while we're cleaning your machine


warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:
  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.
Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).
  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.
Let me know how you'd like to proceed.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#7 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 12 November 2014 - 06:27 PM

I have too much on this computer to reinstall the system.  Can we please try to fix the issue.

 

Thanks



#8 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 13 November 2014 - 02:05 AM

Hi,
 
OK, let's try to get there. However your machine is heavy compromised, so I'd like to do some more scans to be sure if there isn't anything lurking.



51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    [-HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer];r64
    [-HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\SOFTWARE\Policies\Microsoft\Internet Explorer];r64
    iedefaults;
    emptyalltemp;
    catchme;s
    combofix;z
     C:\Users\Caleb's Computer\AppData\Roaming\dlc.xmm;f
    [HKU\S-1-5-21-3520896638-2416368937-1527133040-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon];r64
    "Shell"=-;r64
    "Shell"="explorer.exe";r64
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!


Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#9 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 November 2014 - 09:29 AM

The program is not opening (zoek).  I restarted the computer and tried again and it is not running.  The 3rd try I waited 30 minutes to see if it would open and it did not.  Thoughts?



#10 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 13 November 2014 - 10:42 AM

Yeah, I've got some more hammers here :)



RogueKiller.png Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#11 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 November 2014 - 10:15 PM

Zoek.exe v5.0.0.0 Updated 13-November-2014
Tool run by Caleb's Computer on Thu 11/13/2014 at  8:52:45.93.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Caleb's Computer\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/13/2014 10:07:49 AM Zoek.exe System Restore Point Created Succesfully.

==== Possible Rootkit Infection ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Desktop\Install

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\catchme deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]
[-HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\SOFTWARE\Policies\Microsoft\Internet Explorer]
[HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
"Shell"="explorer.exe"

==== Deleting Files \ Folders ======================

"C:\Users\Caleb's Computer\AppData\Roaming\dlc.xmm" not found

==== Folders Found ======================


==== Files Found ======================


--- C:\ComboFix.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 4384288
Created time: 2013-10-25 20:34:53
Modified time: 2013-10-25 20:34:53
MD5: 45CAB3F6DD233BCCF5847F368101DB18
SHA1: 5A6B223C01449B8FF9B62F5225CBDDD36A4BFF0F


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{88C5CF9F-0C10-4682-8309-DAB20EFD2E97} Yahoo! Search Url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}"
{A8DD4AF3-ACA7-4144-98DE-0C88A87E0760} Secure Search Url="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-3520896638-2416368937-1527133040-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Caleb's Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Caleb's Computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Caleb's Computer\AppData\Local\Mozilla\Firefox\Profiles\oxl65idy.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Caleb's Computer\AppData\Local\temp will be emptied at reboot
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CALEB'~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 11/13/2014 at 11:05:35.18 ======================
 



#12 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 14 November 2014 - 02:46 AM

OK, please generate and post the lgofile from RogueKiller as mentioned prior.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#13 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 14 November 2014 - 10:02 AM

Every time I try to run Rouge Killer it freezes.  I've tried uninstalling and reinstalling it.  I've restarted the computer a number of times. I've made sure all virus/firewall protection is off.  I even left it running all night and no success.  Suggestions?



#14 Naathim

Naathim

    Bleepin' Minion


  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:27 PM

Posted 14 November 2014 - 10:28 AM

Ok, let's pull out a sledgehammer :)

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Radek Naathim Pawelczyk

Malware Removal Specialist

 

staff.png


#15 caleb.m.hartmann

caleb.m.hartmann
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 14 November 2014 - 11:57 AM

ComboFix 13-10-19.02 - Caleb's Computer 11/14/2014  10:34:50.3.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.6258 [GMT -6:00]
Running from: c:\users\Caleb's Computer\Desktop\Computer Fix\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CALEB'~1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Caleb's Computer\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-14 to 2014-11-14  )))))))))))))))))))))))))))))))
.
.
2014-11-14 16:47 . 2014-11-14 16:47    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-11-14 16:47 . 2014-11-14 16:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-11-14 03:16 . 2014-11-14 14:44    37624    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-11-14 03:16 . 2014-11-14 03:16    --------    d-----w-    c:\programdata\RogueKiller
2014-11-13 16:15 . 2014-11-14 16:47    --------    d-----w-    c:\users\Caleb's Computer\AppData\Local\Temp
2014-11-13 16:15 . 2014-11-13 14:24    24064    ----a-w-    c:\windows\zoek-delete.exe
2014-11-13 13:55 . 2014-11-13 13:55    --------    d-----w-    C:\zoek_backup
2014-11-12 09:08 . 2014-08-21 06:43    1882624    ----a-w-    c:\windows\system32\msxml3.dll
2014-10-22 22:18 . 2014-10-22 22:18    --------    d-----w-    c:\program files (x86)\ExamGuard
2014-10-22 22:18 . 2006-01-04 18:04    729161    ----a-w-    c:\windows\SysWow64\fpimage.dll
2014-10-22 22:18 . 2006-01-04 18:04    1410704    ----a-w-    c:\windows\SysWow64\FPSPR70.ocx
2014-10-16 08:09 . 2014-10-16 08:09    3528440    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll
2014-10-16 08:07 . 2014-10-16 08:07    5085936    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE14\Csi.dll
2014-10-16 01:43 . 2014-06-18 22:23    73880    ----a-w-    c:\windows\system32\mscories.dll
2014-10-16 01:43 . 2014-06-18 22:23    1943696    ----a-w-    c:\windows\system32\dfshim.dll
2014-10-16 01:43 . 2014-06-18 22:23    156312    ----a-w-    c:\windows\system32\mscorier.dll
2014-10-16 01:43 . 2014-06-18 22:23    156824    ----a-w-    c:\windows\SysWow64\mscorier.dll
2014-10-16 01:43 . 2014-06-18 22:23    1131664    ----a-w-    c:\windows\SysWow64\dfshim.dll
2014-10-16 01:43 . 2014-06-18 22:23    81560    ----a-w-    c:\windows\SysWow64\mscories.dll
2014-10-16 01:43 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-10-16 01:43 . 2014-09-04 05:04    372736    ----a-w-    c:\windows\SysWow64\rastls.dll
2014-10-16 01:42 . 2014-07-17 01:39    3221504    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-10-16 01:42 . 2014-07-17 02:07    235520    ----a-w-    c:\windows\system32\winsta.dll
2014-10-16 01:42 . 2014-07-17 02:07    150528    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2014-10-16 01:42 . 2014-07-17 02:07    3722240    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-16 01:42 . 2014-07-17 02:07    455168    ----a-w-    c:\windows\system32\winlogon.exe
2014-10-16 01:42 . 2014-07-17 02:07    1118720    ----a-w-    c:\windows\system32\mstsc.exe
2014-10-16 01:42 . 2014-07-17 01:40    157696    ----a-w-    c:\windows\SysWow64\winsta.dll
2014-10-16 01:42 . 2014-07-17 01:39    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2014-10-16 01:42 . 2014-07-17 01:39    1051136    ----a-w-    c:\windows\SysWow64\mstsc.exe
2014-10-16 01:42 . 2014-07-17 01:21    212480    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2014-10-16 01:42 . 2014-07-17 01:21    39936    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 14:10 . 2012-05-29 22:01    103374192    ----a-w-    c:\windows\system32\MRT.exe
2014-10-09 00:01 . 2014-10-09 00:02    319912    ----a-w-    c:\windows\system32\javaws.exe
2014-10-09 00:01 . 2014-10-09 00:02    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-10-09 00:01 . 2014-10-09 00:02    189352    ----a-w-    c:\windows\system32\java.exe
2014-10-09 00:01 . 2014-10-09 00:02    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-07 10:28 . 2013-10-15 23:42    43064    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2014-10-07 10:28 . 2013-10-15 23:42    131608    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2014-10-07 10:28 . 2013-10-15 23:42    119272    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2014-09-25 02:08 . 2014-10-01 03:30    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 03:30    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-24 04:30 . 2014-05-01 09:30    3675824    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-09 22:11 . 2014-09-23 18:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 18:58    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-03 14:49 . 2010-06-24 19:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 02:22    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 02:22    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\new folder\Steam.exe" [2014-11-12 1940160]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-10-18 3561816]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"uTorrent"="c:\users\Caleb's Computer\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-06 1385808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-06 703736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-11 548528]
Belkin USB Wireless Adaptor Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"shell"=hex(0):43,00,3a,00,5c,00,55,00,73,00,65,00,72,00,73,00,5c,00,43,00,61,\
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\new folder\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\new folder\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 00:06]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 00:06]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001Core.job
- c:\users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-20 11:50]
.
2014-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3520896638-2416368937-1527133040-1001UA.job
- c:\users\Caleb's Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-20 11:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Caleb's Computer\AppData\Roaming\Mozilla\Firefox\Profiles\oxl65idy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Codec_is1 - c:\program files (x86)\Codec\Uninstall\unins000.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-11-14  10:55:35 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-14 16:55
ComboFix2.txt  2013-10-21 02:03
.
Pre-Run: 116,067,356,672 bytes free
Post-Run: 118,526,943,232 bytes free
.
- - End Of File - - AAC5B35A763AD3E75206977F83D26DCC
4976D4A7A40B83FC7F06EE4BDD84EB9B
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users