Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something stopping me from running rkill & others


  • This topic is locked This topic is locked
18 replies to this topic

#1 HSV Guy

HSV Guy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 11 January 2015 - 06:50 AM

I've got a friend's PC that is infected with some sort of malware/virus. They initially found out about it by the fact that their bank blocked access to internet banking due to the fact that the bank had picked up something (how they could do that just by logging into to their website I don't know so that doesn't really make sense to me).

 

The only appearance of this 'thing' is that I can't run pretty much any Virus, Trojan, Spyware, or Malware Removal software. About the only things I have been able to run are combo fix (which is the first thing I went to - see logs below), SuperAntiSpyWare (which didn't find anything) and Viper Rescue Scanner (which I ran in safe mode and it picked up and cleaned three items (I don't know what as I didn't see it run myself) but still didn't allow me to run rkill or anything similar afterwards).

 

I've tried running rkill under various file names (.exe & .com) and in both (WIndows 7)safe mode and normal. I tried running exeHelper but I wasn't able to get to the raktor.net website to download it. However, I tried accessing this site from home and from a 'is it down site' and it appears to be down for everyone. I was able to download it from another site but it also didn't run on the infected PC. One thing that I did notice though was that on the infected PC when I couldn't access the site the URL on the browser's error page was a really long viglink.com URL. It would appear that viglink is in in-text advertising but there doesn't appear to be any ad links when browsing websites on the infected PC.

 

I've also run the trend micro online house call which didn't find anything. I've tried running inherit.exe to get rkill and other programs to run but that doesn't work. Some of the applications I've tried running include, AVG, tdsskiller, Malwarebytes and Kaspersky anti-virus. As already mentioned, other than the fact that I can't run these programs I haven't noticed anything else that is not as it should be.

 

I was hoping you guys here may be able to shed some light based on the logs I have included. 

 

ComboFix Logs

 

 

ComboFix 15-01-08.01 - <user> 11/01/2015 15:49:33.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.7879.5510 [GMT 10:00]
Running from: C:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2014-12-11 to 2015-01-11 )))))))))))))))))))))))))))))))
.
.
2015-01-11 05:53 . 2015-01-11 05:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-11 05:51 . 2015-01-11 05:51 -------- d-----w- c:\users\<user>\AppData\Local\Microsoft Games
2015-01-11 05:46 . 2015-01-11 05:46 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-11 05:46 . 2015-01-11 05:46 -------- d-----w- c:\programdata\Oracle
2015-01-11 05:46 . 2015-01-11 05:46 -------- d-----w- c:\program files\Java
2015-01-07 21:20 . 2015-01-07 21:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-01-06 22:56 . 2015-01-06 22:56 -------- d-----w- c:\program files\Common Files\Microsoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-11 05:42 . 2013-01-01 04:41 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-11 05:42 . 2013-01-01 04:41 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-03 14:30 . 2014-11-03 14:30 209720 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-10-17 05:34 . 2014-10-17 05:34 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-25 22:15 3627032 ----a-w- c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-08-25 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-01 06:12 222712 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-01 06:12 222712 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-01 06:12 222712 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 908160]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-30 465536]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2014-11-03 4411952]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-08-25 2640408]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-12-12 707472]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-20 152392]
.
c:\users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-3-29 245120]
Windows Live Mail.lnk - c:\program files (x86)\Windows Live\Mail\wlmail.exe [2012-9-12 101888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BS249432733;BS249432733;c:\users\<user>\AppData\Local\Temp\Low\NTFS.sys;c:\users\<user>\AppData\Local\Temp\Low\NTFS.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm258.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\DRIVERS\VDiskBus64.sys;c:\windows\SYSNATIVE\DRIVERS\VDiskBus64.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [x]
S2 ASDiskUnlocker;ASDiskUnlocker;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe;c:\program files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AiCharger;AiCharger;SysWow64\drivers\AiCharger.sys;SysWow64\drivers\AiCharger.sys [x]
S3 ASFLTDrv.sys;ASFLTDrv.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys;c:\program files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASFLTDRV.SYS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 22:58 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-01 05:42]
.
2015-01-11 c:\windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
- c:\program files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-27 04:02]
.
2015-01-11 c:\windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
- c:\program files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe [2014-08-27 04:02]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 04:35]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01 04:35]
.
2013-01-21 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-01-01 06:12 261624 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-01-01 06:12 261624 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-01-01 06:12 261624 ----a-w- c:\users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-21 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-21 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-21 440600]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\1sxyczcc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.news.com.au/|http://ninemsn.com.au/?ocid=makehomepagesite0113
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-11 15:54:17
ComboFix-quarantined-files.txt 2015-01-11 05:54
ComboFix2.txt 2015-01-07 12:32
.
Pre-Run: 21,010,546,688 bytes free
Post-Run: 24,266,240,000 bytes free
.
- - End Of File - - 5DE391C5985244CCA411F6C54D64AFBA

 

DDS logs (Of note is that it looks like it hasn't listed any installed software, running processes and it only produced an attach.txt file - e.g. not a dds.txt file as well):

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2012 4:02:37 PM
System Uptime: 11/01/2015 7:42:57 PM (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | P8Z77-M PRO
Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 21.695 GiB free.
D: is FIXED (NTFS) - 75 GiB total, 74.911 GiB free.
E: is FIXED (NTFS) - 1025 GiB total, 922.657 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 466 GiB total, 323.717 GiB free.
W: is CDROM ()
Y: is FIXED (NTFS) - 438 GiB total, 422.355 GiB free.
Z: is FIXED (NTFS) - 250 GiB total, 74.585 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP154: 11/01/2015 3:48:47 PM - ComboFix created restore point
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================

Edited by HSV Guy, 11 January 2015 - 06:55 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 13 January 2015 - 11:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 14 January 2015 - 03:32 AM

 

 

# AdwCleaner v4.107 - Report created 14/01/2015 at 18:21:47
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : <user> - <user>SPC
# Running from : C:\Users\<user>\Downloads\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\<user>\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\<user>\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Other User\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Other User\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v39.0.2171.95

[C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [6383 octets] - [14/01/2015 18:19:30]
AdwCleaner[S0].txt - [6139 octets] - [14/01/2015 18:21:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6199 octets] ##########

 

 

 

 

 

Farbar Service Scanner Version: 21-07-2014
Ran by <user> (administrator) on 14-01-2015 at 18:28:58
Running from "C:\Users\<user>\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 14 January 2015 - 09:53 AM

I asked that you downlooad and run the Farbar Recovery Scan Tool

You have submitted a log for the Farbar Service Scanner

It's not the same.

#5 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 January 2015 - 04:52 AM

Sorry, my bad with running the wrong tool.

 

FRST.txt log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by <user> (administrator) on <user>SPC on 15-01-2015 19:38:40
Running from C:\Users\<user>\Downloads
Loaded Profiles: <user> (Available profiles: <user> & Other User)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-10] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362232 2010-03-27] (Acronis)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-15] (CANON INC.)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2011-10-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5107232 2010-03-27] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\1sxyczcc.default
FF Homepage: hxxp://www.news.com.au/|hxxp://ninemsn.com.au/?ocid=makehomepagesite0113
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Skype.com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-11]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Skype Web Plugin) - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Profile: C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (Skype Click to Call) - C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-07]
CHR Extension: (Google Wallet) - C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [918448 2011-10-29] () [File not signed]
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe [1493120 2012-02-22] (ASUSTeK Computer Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-05-25] ()
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-08-22] (VMware, Inc.) [File not signed]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11837440 2011-08-22] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-01] (DT Soft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2013-01-01] (Acronis)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 BS249432733; \??\C:\Users\<user>\AppData\Local\Temp\Low\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:38 - 2015-01-15 19:39 - 00025498 _____ () C:\Users\<user>\Downloads\FRST.txt
2015-01-15 19:38 - 2015-01-15 19:38 - 00000000 ____D () C:\FRST
2015-01-15 19:37 - 2015-01-15 19:37 - 02125312 _____ (Farbar) C:\Users\<user>\Downloads\FRST64.exe
2015-01-14 18:28 - 2015-01-14 18:29 - 00001132 _____ () C:\Users\<user>\Downloads\FSS.txt
2015-01-14 18:25 - 2015-01-14 18:25 - 00415232 _____ (Farbar) C:\Users\<user>\Downloads\FSS.exe
2015-01-14 18:25 - 2015-01-14 18:25 - 00415232 _____ (Farbar) C:\Users\<user>\Downloads\FSS (1).exe
2015-01-14 18:18 - 2015-01-14 18:21 - 00000000 ____D () C:\AdwCleaner
2015-01-14 18:17 - 2015-01-14 18:17 - 02191360 _____ () C:\Users\<user>\Downloads\adwcleaner_4.107.exe
2015-01-11 21:12 - 2015-01-11 21:15 - 00002045 _____ () C:\Users\<user>\Desktop\attach.txt
2015-01-11 21:10 - 2015-01-11 21:10 - 00688992 ____R (Swearware) C:\Users\<user>\Downloads\dds.com
2015-01-11 20:10 - 2015-01-15 08:10 - 04877488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-11 19:55 - 2015-01-11 19:55 - 00085504 _____ () C:\Users\<user>\Downloads\Inherit.exe
2015-01-11 19:53 - 2015-01-11 19:59 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\<user>\Downloads\tdsskiller.exe
2015-01-11 19:51 - 2015-01-11 19:51 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\<user>\Downloads\explorer.com
2015-01-11 19:48 - 2015-01-11 19:48 - 00294400 _____ () C:\Users\<user>\Downloads\exeHelper.com
2015-01-11 17:24 - 2015-01-11 17:24 - 00001125 _____ () C:\Users\<user>\Desktop\WiNlOgOn.lnk
2015-01-11 17:23 - 2015-01-11 17:23 - 00001094 _____ () C:\Users\<user>\Desktop\rkill.lnk
2015-01-11 17:21 - 2015-01-11 17:21 - 00001061 _____ () C:\Users\<user>\Desktop\Vipre Rescue Scanner.lnk
2015-01-11 17:21 - 2015-01-11 17:21 - 00000852 _____ () C:\Users\<user>\Desktop\Downloads.lnk
2015-01-11 17:12 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-01-11 17:12 - 2013-05-23 07:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-01-11 17:11 - 2015-01-11 18:45 - 00000000 ____D () C:\VIPRERESCUE
2015-01-11 17:05 - 2015-01-11 17:01 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\<user>\Downloads\rfgdfgdf.exe
2015-01-11 17:00 - 2015-01-11 21:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-11 17:00 - 2015-01-11 17:00 - 00000000 ____D () C:\Users\<user>\AppData\Roaming\SUPERAntiSpyware.com
2015-01-11 17:00 - 2015-01-11 17:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-11 17:00 - 2015-01-11 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-01-11 16:59 - 2015-01-11 17:00 - 20977864 _____ (SUPERAntiSpyware) C:\Users\<user>\Downloads\SAS_50168998.EXE
2015-01-11 16:57 - 2015-01-11 17:06 - 189403136 _____ () C:\Users\<user>\Downloads\VIPRERescue36530.exe
2015-01-11 16:37 - 2015-01-11 16:37 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\<user>\Downloads\uSeRiNiT.exe
2015-01-11 16:36 - 2015-01-11 16:36 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\<user>\Downloads\WiNlOgOn.exe
2015-01-11 16:35 - 2015-01-11 16:35 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\<user>\Downloads\rkill.exe
2015-01-11 16:34 - 2015-01-11 16:34 - 00259390 _____ () C:\Users\<user>\AppData\Local\census.cache
2015-01-11 16:34 - 2015-01-11 16:34 - 00132499 _____ () C:\Users\<user>\AppData\Local\ars.cache
2015-01-11 16:29 - 2015-01-11 21:52 - 00015404 _____ () C:\Users\<user>\Downloads\hijackthis.log
2015-01-11 16:28 - 2015-01-11 16:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\<user>\Downloads\HijackThis.exe
2015-01-11 16:20 - 2015-01-11 16:20 - 02406064 _____ (Trend Micro Inc.) C:\Users\<user>\Downloads\HousecallLauncher64.exe
2015-01-11 16:20 - 2015-01-11 16:20 - 00189368 _____ (Kaspersky Lab) C:\Users\<user>\Downloads\kss12.0.1.881de_en_es_fr_it_ja_ko_pl_pt_ru_zh_6228.exe
2015-01-11 16:20 - 2015-01-11 16:20 - 00000036 _____ () C:\Users\<user>\AppData\Local\housecall.guid.cache
2015-01-11 16:16 - 2015-01-11 16:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\<user>\Downloads\cdfdsf.exe
2015-01-11 16:15 - 2015-01-11 16:16 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\<user>\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 16:11 - 2015-01-11 16:11 - 00025219 _____ () C:\ComboFix.txt
2015-01-11 16:00 - 2015-01-11 16:00 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Macromedia
2015-01-11 15:59 - 2015-01-11 15:59 - 00108824 _____ () C:\Users\Other User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-11 15:59 - 2015-01-11 15:59 - 00002272 _____ () C:\Users\Other User\Desktop\Google Chrome.lnk
2015-01-11 15:59 - 2015-01-11 15:59 - 00001460 _____ () C:\Users\Other User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-11 15:59 - 2015-01-11 15:59 - 00001426 _____ () C:\Users\Other User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ___HD () C:\ProgramData\CanonIJEPPEX2
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ___HD () C:\ProgramData\CanonEPP
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Opera
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Intel Corporation
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Canon
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Apple Computer
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Local\Opera
2015-01-11 15:59 - 2015-01-11 15:59 - 00000000 ____D () C:\Users\Other User\AppData\Local\Google
2015-01-11 15:58 - 2015-01-11 15:58 - 00000020 ___SH () C:\Users\Other User\ntuser.ini
2015-01-11 15:58 - 2015-01-11 15:58 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\Adobe
2015-01-11 15:58 - 2015-01-11 15:58 - 00000000 ____D () C:\Users\Other User\AppData\Local\VirtualStore
2015-01-11 15:58 - 2013-01-02 15:19 - 00000000 ___RD () C:\Users\Other User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 15:58 - 2013-01-01 16:04 - 00002117 _____ () C:\Users\Other User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-01-11 15:58 - 2013-01-01 15:02 - 00000000 ____D () C:\Users\Other User\AppData\Roaming\TuneUp Software
2015-01-11 15:58 - 2009-07-14 14:49 - 00000000 ___RD () C:\Users\Other User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-11 15:51 - 2015-01-11 16:36 - 00000000 ____D () C:\Users\<user>\AppData\Local\Microsoft Games
2015-01-11 15:46 - 2015-01-11 15:46 - 04637504 _____ (AVG Technologies) C:\Users\<user>\Downloads\aaa.exe
2015-01-11 15:46 - 2015-01-11 15:46 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-11 15:46 - 2015-01-11 15:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 15:46 - 2015-01-11 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 15:46 - 2015-01-11 15:46 - 00000000 ____D () C:\Program Files\Java
2015-01-11 15:43 - 2015-01-11 15:45 - 92658088 _____ (Oracle Corporation) C:\Users\<user>\Downloads\jre-8u25-windows-x64.exe
2015-01-11 15:42 - 2015-01-15 19:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 15:42 - 2015-01-15 08:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-08 07:20 - 2015-01-08 07:20 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2015-01-07 22:24 - 2015-01-11 16:11 - 00000000 ____D () C:\Qoobox
2015-01-07 22:24 - 2015-01-07 22:32 - 00000000 ____D () C:\Windows\erdnt
2015-01-07 22:24 - 2011-06-26 16:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-07 22:24 - 2010-11-08 03:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-07 22:24 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-07 22:24 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-07 22:24 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-07 22:24 - 2000-08-31 10:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-07 22:24 - 2000-08-31 10:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-07 22:24 - 2000-08-31 10:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-07 22:01 - 2015-01-11 15:48 - 05609736 ____R (Swearware) C:\ComboFix.exe
2015-01-07 08:56 - 2015-01-13 06:22 - 01348460 _____ () C:\Windows\system32\CFG249432733
2014-12-22 11:10 - 2014-12-22 11:10 - 01288474 _____ () C:\Users\<user>\Downloads\PP_cover.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 19:36 - 2013-01-01 15:09 - 00000000 ____D () C:\Users\<user>\AppData\Roaming\Skype
2015-01-15 18:57 - 2013-01-01 14:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 18:48 - 2013-01-24 07:06 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64CFA24B-28A1-4765-BA25-A993595B4C08}
2015-01-15 14:32 - 2012-12-31 16:05 - 01257718 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 13:57 - 2013-01-01 14:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 08:10 - 2013-01-01 14:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 08:10 - 2013-01-01 14:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 06:21 - 2009-07-14 14:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 06:21 - 2009-07-14 14:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 06:11 - 2014-08-27 14:02 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job
2015-01-15 06:11 - 2014-08-27 14:02 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job
2015-01-15 06:11 - 2013-01-01 10:45 - 00000000 ____D () C:\ProgramData\VMware
2015-01-15 06:11 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 06:11 - 2009-07-14 14:51 - 00102960 _____ () C:\Windows\setupact.log
2015-01-14 18:26 - 2014-01-23 09:29 - 566052107 _____ () C:\Windows\MEMORY.DMP
2015-01-14 18:26 - 2014-01-23 09:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 18:23 - 2013-01-01 13:38 - 00017958 _____ () C:\Windows\PFRO.log
2015-01-11 16:10 - 2009-07-14 12:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-11 16:01 - 2013-01-01 16:01 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-11 15:45 - 2013-01-02 20:22 - 00000000 ____D () C:\Users\<user>\AppData\Local\Adobe
2015-01-06 18:59 - 2013-01-01 14:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-19 07:15 - 2013-01-01 15:09 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 07:15 - 2013-01-01 15:08 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 17:26

==================== End Of Log ============================

 

 

Addition.txt log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by <user> at 2015-01-15 19:39:11
Running from C:\Users\<user>\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis Disk Director Home (HKLM-x32\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis)
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7046 - Acronis)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.29 - ASUSTeK Computer Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - Canon Inc.)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0327 - DT Soft Ltd)
Disk Unlocker (HKLM-x32\...\{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}) (Version: 2.0.8 - ASUS)
EasyRecovery Professional (HKLM-x32\...\InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}) (Version: 6.03.04 - Ontrack Data International, Inc.)
EasyRecovery Professional (x32 Version: 6.03.04 - Ontrack Data International, Inc.) Hidden
Echo360 Personal Capture (HKLM-x32\...\Echo360 Personal Capture) (Version: - Echo360 Inc)
Echo360 Personal Capture (x32 Version: 1.0 - Echo360) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FinePrint (HKLM\...\FinePrint) (Version: 6.25 - FinePrint Software, LLC)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.0.1029 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}) (Version: 7.0.2.8415 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.3 - )
Opera 12.12 (HKLM-x32\...\Opera 12.12.1707) (Version: 12.12.1707 - Opera Software ASA)
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: 4.50 - FinePrint Software, LLC)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{2266F46F-0E46-491C-B278-DAF80F7C58D7}) (Version: 2.2.12059.16911 - Skype)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpaceMonger 2.1.1 (HKLM-x32\...\SpaceMonger) (Version: 2.1.1 - Sixty-Five)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version: - Code Sector Inc.)
Ulead PhotoImpact XL ESD (HKLM-x32\...\{0DDDE141-9696-4E33-AB82-EF398169D7E5}) (Version: 8.5 - Ulead System)
VDMSound 2.0.4 (HKLM-x32\...\{8ECBE643-8230-11D5-9D6B-00A024112F81}) (Version: 2.0.4.0 - VDMSound Project)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.0.18997 - VMware, Inc)
VMware Workstation (x32 Version: 8.0.0.18997 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\<user>\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

11-01-2015 15:48:47 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-01-13 12:33 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0163A00B-77B9-4936-AAAC-8A392309C4B7} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {03EB7D0D-2526-4B4B-8543-88E92D0B45F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {1FAC7DBA-FAA2-417A-8D04-32812834B8C5} - System32\Tasks\{2317A297-BB1E-4B08-8977-4F306DB2D6B9} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {4E8E1E68-D4E5-4868-99CC-787A6359D786} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {535D7E65-4CB4-4740-8F04-2949DB15B7B2} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-03-06] (ASUSTeK Computer Inc.)
Task: {68A6C4A3-CA3F-4D36-943E-97DA230E85E1} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {8BDE0989-BA1D-4567-AD23-0CF5AD359731} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {8C27FA15-FE65-4A99-B1E8-7BAAEF094A4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-01] (Google Inc.)
Task: {A3390D4B-4501-4CEA-807D-A429A1465BB0} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: {A74AFFC6-04EF-4050-A1CB-3DE8F015D4C2} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {AB98CC2C-63C7-4ABE-82E8-C1FBD1F3452F} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {C295ECA4-1BA1-4616-8806-C9977A593FA2} - System32\Tasks\{E5482565-5DF8-4BA5-A60F-9BA24D826B0B} => Firefox.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {C9B2E3B9-973C-4C4B-A717-C2C8E6AB2ADF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D2E386A6-BE50-4625-BD15-94493788CB6E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-10-29 11:59 - 2011-10-29 11:59 - 00918448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
2010-05-25 19:53 - 2010-05-25 19:53 - 02139400 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2011-08-22 16:34 - 2011-08-22 16:34 - 11837440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-01-01 14:12 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-01-01 10:39 - 2009-06-21 07:52 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2012-12-31 16:16 - 2011-12-15 16:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-12-13 08:36 - 2013-12-13 08:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-31 16:39 - 2015-01-15 06:11 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.18\PEbiosinterface32.dll
2012-12-31 16:39 - 2010-06-29 12:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.18\ATKEX.dll
2011-08-22 16:23 - 2011-08-22 16:23 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2012-12-31 16:39 - 2011-12-29 03:13 - 00043520 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-12-31 16:39 - 2011-09-07 23:23 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-27 16:30 - 2010-03-27 16:30 - 00279904 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
2010-03-27 15:13 - 2010-03-27 15:13 - 00019808 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll
2010-03-27 15:14 - 2010-03-27 15:14 - 00028512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2012-12-31 16:39 - 2011-07-12 19:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-12-31 16:39 - 2010-10-05 08:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-12-31 16:40 - 2011-09-26 19:36 - 00869376 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2012-12-31 16:39 - 2011-09-20 18:11 - 00985600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-12-31 16:40 - 2011-12-29 20:45 - 01296384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-12-31 16:39 - 2012-02-10 11:29 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-12-31 16:39 - 2012-02-13 09:53 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-12-31 16:39 - 2011-09-26 18:37 - 01616384 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-12-31 16:39 - 2011-09-19 20:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-12-31 16:39 - 2011-07-21 09:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-12-31 16:39 - 2011-10-14 20:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-12-31 16:39 - 2010-08-23 12:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2012-12-31 16:39 - 2010-10-05 08:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-01-01 12:53 - 2013-01-01 12:53 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a21ece5c049c9f429756fd1a3fe55ccd\IsdiInterop.ni.dll
2012-12-31 16:35 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-12-31 16:39 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2012-12-31 16:22 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-01-15 08:10 - 2015-01-15 08:10 - 16844464 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2013-01-01 11:43 - 2013-01-01 11:43 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Classes\exefile: <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1844587749-1574700385-4156627816-500 - Administrator - Disabled)
Guest (S-1-5-21-1844587749-1574700385-4156627816-501 - Limited - Disabled)
<user> (S-1-5-21-1844587749-1574700385-4156627816-1000 - Administrator - Enabled) => C:\Users\<user>
Other User (S-1-5-21-1844587749-1574700385-4156627816-1002 - Administrator - Enabled) => C:\Users\Other User

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 10:20:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x28054400
Faulting process id: 0x544
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/15/2015 06:40:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/15/2015 06:40:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/15/2015 06:40:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/15/2015 06:40:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (01/15/2015 10:59:42 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The ASDiskUnlocker service has reported an invalid current state 11.

Error: (01/15/2015 10:38:25 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The ASDiskUnlocker service has reported an invalid current state 11.

Error: (01/15/2015 07:39:19 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The ASDiskUnlocker service has reported an invalid current state 11.

Error: (01/15/2015 07:37:20 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (01/15/2015 06:15:45 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The ASDiskUnlocker service has reported an invalid current state 11.

Error: (01/15/2015 06:11:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%1053

Error: (01/15/2015 06:11:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVG WatchDog service to connect.

Error: (01/15/2015 06:11:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVGIDSAgent service failed to start due to the following error:
%%1053

Error: (01/15/2015 06:11:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.

Error: (01/14/2015 10:15:55 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The ASDiskUnlocker service has reported an invalid current state 11.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 10:20:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.1645750a2f9e3unknown0.0.0.000000000c00000052805440054401d03057693cd39fC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown59b2fae9-9c4c-11e4-8cee-3085a9448366

Error: (01/15/2015 06:40:26 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll

Error: (01/15/2015 06:40:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe

Error: (01/15/2015 06:40:21 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe

Error: (01/15/2015 06:40:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Common Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (01/15/2015 06:16:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


CodeIntegrity Errors:
===================================
Date: 2015-01-07 22:30:20.412
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-07 22:30:20.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-07 22:55:24.692
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-07 22:30:54.845
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 20:55:21.366
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 20:09:46.503
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 17:46:48.850
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 17:17:57.477
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 16:56:22.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2013-01-01 16:48:45.478
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 7878.98 MB
Available physical RAM: 5380.96 MB
Total Pagefile: 15757.97 MB
Available Pagefile: 12475.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Win 7) (Fixed) (Total:75.01 GB) (Free:18.78 GB) NTFS
Drive d: (Spare OS) (Fixed) (Total:75.01 GB) (Free:74.91 GB) NTFS
Drive e: (Data) (Fixed) (Total:1025.02 GB) (Free:922.66 GB) NTFS
Drive g: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:323.72 GB) NTFS
Drive l: (Lexar) (Removable) (Total:7.45 GB) (Free:0.11 GB) FAT32
Drive y: (Backups) (Fixed) (Total:437.77 GB) (Free:422.36 GB) NTFS
Drive z: (<user>sOldPC) (Fixed) (Total:250.1 GB) (Free:74.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 6B9EB201)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1712.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 15 January 2015 - 09:31 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Wallet) - C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
S3 BS249432733; \??\C:\Users\<user>\AppData\Local\Temp\Low\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Classes\exefile: <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 15 January 2015 - 04:08 PM

Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
Ran by <user> at 2015-01-16 06:55:18 Run:1
Running from C:\Users\<user>\Downloads
Loaded Profiles: <user> (Available profiles: <user> & Other User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <=======
ATTENTION
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-1844587749-1574700385-4156627816-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Wallet) -
C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
S3 BS249432733; \??\C:\Users\<user>\AppData\Local\Temp\Low\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Classes\exefile: <===== ATTENTION!


*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
ATTENTION => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
CHR Extension: (Google Wallet) - directory not found.
"C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]" => File/Directory not found.
BS249432733 => Service deleted successfully.
catchme => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"HKU\S-1-5-21-1844587749-1574700385-4156627816-1000\Software\Classes\exefile" => Key deleted successfully.

==== End of Fixlog 06:55:19 ====

 

 

Results of screen317's Security Check version 0.99.93
x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG AntiVirus Free Edition 2013
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 16.0.0.257
Mozilla Firefox (34.0.5)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

I am still unable to open rkill, avg (application and installer) and other anti-virus/malware type programs.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 16 January 2015 - 08:45 AM

Download the AVG removal tool for the version of AVG installed.

http://www.avg.com/ca-en/utilities

Restart the computer when done.

Reinstall the application. How is it now?

p.s.
Why do you want to run Rkill?

#9 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 17 January 2015 - 06:35 AM

Download the AVG removal tool for the version of AVG installed.

http://www.avg.com/ca-en/utilities

Restart the computer when done.

Reinstall the application. How is it now?

Thanks for your help, I really do appreciate it. Unfortunately while I was able to run the AVG removal tool it didn't seem to actually do anything and I am still unable to install AVG (or other ant-virus/anti-malware programs - such as AVG and Kaspersky anti-virus and Malwarebytes)

 

 

 

p.s.
Why do you want to run Rkill?

 

Rkill can often kill off virus/malware processes that stop you from being able to install anti-virus/anti-malware software (such as what is happening with this PC at the moment). 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 17 January 2015 - 09:31 AM

Strange that you can download other .exe and run them but not for the security software.

Post the logs from this scan.

ttLR1ki.jpg
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------

#11 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 18 January 2015 - 06:03 AM

OLT.txt

 

 

 

OTL logfile created on: 18/01/2015 8:47:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.69 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 82.14% Memory free
15.39 Gb Paging File | 13.00 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.01 Gb Total Space | 20.88 Gb Free Space | 27.84% Space Free | Partition Type: NTFS
Drive D: | 75.01 Gb Total Space | 74.87 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive E: | 1025.02 Gb Total Space | 922.66 Gb Free Space | 90.01% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 323.72 Gb Free Space | 69.50% Space Free | Partition Type: NTFS
Drive Y: | 437.77 Gb Total Space | 422.36 Gb Free Space | 96.48% Space Free | Partition Type: NTFS
Drive Z: | 250.10 Gb Total Space | 74.58 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: <user>SPC | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\<user>\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_257_ActiveX.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f1f0231b32dee581dcab0b26d83b02ca\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll ()
MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.25\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe ()
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (ASDiskUnlocker) -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe (ASUSTeK Computer Inc.)
SRV - (OS Selector) -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64-6.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (gfiutil) -- C:\Windows\SysNative\drivers\gfiutil.sys (ThreatTrack Security)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (gfiark) -- C:\Windows\SysNative\drivers\gfiark.sys (ThreatTrack Security)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (tdrpman258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (VDiskBus) -- C:\Windows\SysNative\drivers\VDiskBus64.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ASFLTDrv.sys) -- C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys (ASUSTeK Computer Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.news.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 1F B5 FB C1 E7 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "http://www.news.com.au/|http://ninemsn.com.au/?ocid=makehomepagesite0113"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype.com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/02/09 12:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\Mozilla\Extensions
[2015/01/08 09:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\Mozilla\Firefox\Profiles\1sxyczcc.default\extensions
[2015/01/17 18:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/01/17 18:31:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015/01/17 18:31:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/17 18:31:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Skype Web Plugin (Enabled) = C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - default_search_provider: 5EDEBDBC43BF1E5160002FC1FE74D77BFCB9D63FAAE34CF516348296490B53AC (Enabled)
CHR - default_search_provider: search_url = 960692363305D2CDACFD2843E9A9567FC3731481A5160D35680B1D2C77998480
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: EC235FFBEF3EA699EC41BD847EF8075F49026361818ED1B2004B6EFDE9A86D0A
CHR - Extension: No name found = C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\<user>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\

O1 HOSTS File: ([2015/01/18 07:13:43 | 000,000,175 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 130.102.1.194 vpn.uq.edu.au ###Cisco AnyConnect VPN client modified this file. Please do not modify contents until this comment is removed.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7752B348-0492-4C9A-B137-B17D262DDB57}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/17 18:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/17 11:42:04 | 000,000,000 | ---D | C] -- C:\AVG_Remover
[2015/01/15 19:38:34 | 000,000,000 | ---D | C] -- C:\FRST
[2015/01/14 18:18:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/01/11 20:10:28 | 004,877,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/11 17:12:20 | 000,041,032 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiark.sys
[2015/01/11 17:12:20 | 000,031,264 | ---- | C] (ThreatTrack Security) -- C:\Windows\SysNative\drivers\gfiutil.sys
[2015/01/11 17:11:48 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2015/01/11 17:00:29 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\SUPERAntiSpyware.com
[2015/01/11 17:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2015/01/11 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2015/01/11 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2015/01/11 16:11:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/01/11 16:11:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015/01/11 15:59:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2015/01/11 15:59:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2015/01/11 15:51:18 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Local\Microsoft Games
[2015/01/11 15:46:27 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/01/11 15:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/11 15:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/01/11 15:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2015/01/08 07:20:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2015/01/07 22:24:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015/01/07 22:24:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015/01/07 22:24:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015/01/07 22:24:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/01/07 22:24:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015/01/07 22:01:05 | 005,609,736 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2015/01/07 08:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2015/01/18 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/18 20:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/18 20:02:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/18 13:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/18 07:20:43 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 07:20:43 | 000,020,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/18 07:13:43 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/01/18 07:13:05 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0814tb_rmv.job
[2015/01/18 07:13:05 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_0814tb_rel.job
[2015/01/18 07:12:57 | 1901,318,143 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/17 15:34:37 | 000,000,118 | ---- | M] () -- C:\Users\<user>\Desktop\ECPs.url
[2015/01/17 12:26:44 | 000,000,198 | ---- | M] () -- C:\cleanup.bat
[2015/01/17 11:54:29 | 608,290,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2015/01/17 08:57:14 | 001,368,084 | ---- | M] () -- C:\Windows\SysNative\CFG249432733
[2015/01/15 08:10:12 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/01/15 08:10:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/01/15 08:10:10 | 004,877,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2015/01/13 12:33:46 | 000,000,030 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ac
[2015/01/11 17:24:24 | 000,001,125 | ---- | M] () -- C:\Users\<user>\Desktop\WiNlOgOn.lnk
[2015/01/11 17:23:02 | 000,001,094 | ---- | M] () -- C:\Users\<user>\Desktop\rkill.lnk
[2015/01/11 17:21:25 | 000,000,852 | ---- | M] () -- C:\Users\<user>\Desktop\Downloads.lnk
[2015/01/11 17:21:02 | 000,001,061 | ---- | M] () -- C:\Users\<user>\Desktop\Vipre Rescue Scanner.lnk
[2015/01/11 16:34:17 | 000,259,390 | ---- | M] () -- C:\Users\<user>\AppData\Local\census.cache
[2015/01/11 16:34:13 | 000,132,499 | ---- | M] () -- C:\Users\<user>\AppData\Local\ars.cache
[2015/01/11 16:20:53 | 000,000,036 | ---- | M] () -- C:\Users\<user>\AppData\Local\housecall.guid.cache
[2015/01/11 15:48:32 | 005,609,736 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2015/01/11 15:46:24 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2015/01/06 22:54:26 | 000,182,447 | ---- | M] () -- C:\Users\<user>\Desktop\PD_501155_School-based_Researcher_SOSE_History.pdf
[2014/12/31 11:55:42 | 005,588,342 | ---- | M] () -- C:\Users\<user>\Desktop\Blitz2Go_Recipe_Book.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2015/01/17 15:34:25 | 000,000,118 | ---- | C] () -- C:\Users\<user>\Desktop\ECPs.url
[2015/01/17 11:43:06 | 000,000,198 | ---- | C] () -- C:\cleanup.bat
[2015/01/11 17:24:24 | 000,001,125 | ---- | C] () -- C:\Users\<user>\Desktop\WiNlOgOn.lnk
[2015/01/11 17:23:02 | 000,001,094 | ---- | C] () -- C:\Users\<user>\Desktop\rkill.lnk
[2015/01/11 17:21:25 | 000,000,852 | ---- | C] () -- C:\Users\<user>\Desktop\Downloads.lnk
[2015/01/11 17:21:02 | 000,001,061 | ---- | C] () -- C:\Users\<user>\Desktop\Vipre Rescue Scanner.lnk
[2015/01/11 16:34:17 | 000,259,390 | ---- | C] () -- C:\Users\<user>\AppData\Local\census.cache
[2015/01/11 16:34:13 | 000,132,499 | ---- | C] () -- C:\Users\<user>\AppData\Local\ars.cache
[2015/01/11 16:20:53 | 000,000,036 | ---- | C] () -- C:\Users\<user>\AppData\Local\housecall.guid.cache
[2015/01/11 15:42:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/07 22:24:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015/01/07 22:24:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015/01/07 22:24:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015/01/07 22:24:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015/01/07 22:24:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015/01/07 08:56:42 | 001,368,084 | ---- | C] () -- C:\Windows\SysNative\CFG249432733
[2015/01/06 22:54:26 | 000,182,447 | ---- | C] () -- C:\Users\<user>\Desktop\PD_501155_School-based_Researcher_SOSE_History.pdf
[2014/12/31 11:55:42 | 005,588,342 | ---- | C] () -- C:\Users\<user>\Desktop\Blitz2Go_Recipe_Book.pdf
[2013/12/28 15:05:00 | 003,660,954 | ---- | C] () -- C:\ProgramData\P1010439.JPG
[2013/05/21 21:33:06 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/02/17 14:33:29 | 000,064,512 | ---- | C] () -- C:\Users\<user>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/09 12:52:42 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/01 11:53:56 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Acronis
[2013/01/02 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\AVG2013
[2013/07/15 10:56:50 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Blackboard
[2013/01/01 16:56:36 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Canon
[2013/01/02 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\DAEMON Tools Lite
[2012/12/31 16:51:27 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\DAEMON Tools Pro
[2013/11/01 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\DVDVideoSoft
[2013/01/01 15:27:15 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\ImgBurn
[2013/07/18 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Leadertech
[2013/02/09 12:57:20 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Notepad++
[2013/01/02 15:20:01 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Opera
[2013/01/01 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\SpaceMonger
[2014/09/19 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\TeamViewer
[2014/05/30 21:11:32 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\TeraCopy
[2013/01/01 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\TuneUp Software
[2013/01/02 11:50:41 | 000,000,000 | ---D | M] -- C:\Users\<user>\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

 

Extras.txt

 

 

 

OTL Extras logfile created on: 18/01/2015 8:47:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\<user>\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.69 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 82.14% Memory free
15.39 Gb Paging File | 13.00 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.01 Gb Total Space | 20.88 Gb Free Space | 27.84% Space Free | Partition Type: NTFS
Drive D: | 75.01 Gb Total Space | 74.87 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
Drive E: | 1025.02 Gb Total Space | 922.66 Gb Free Space | 90.01% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 323.72 Gb Free Space | 69.50% Space Free | Partition Type: NTFS
Drive Y: | 437.77 Gb Total Space | 422.36 Gb Free Space | 96.48% Space Free | Partition Type: NTFS
Drive Z: | 250.10 Gb Total Space | 74.58 Gb Free Space | 29.82% Space Free | Partition Type: NTFS

Computer Name: <user>SPC | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{285E77BA-442C-465A-AEE2-CDC84C02145B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{7E95247A-B778-42EE-99AE-A229913F17DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{834E0A21-285D-40DB-A7D2-19CCAFD82250}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{875D2101-FFC5-4480-AAEA-07839F968889}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9972141D-D865-48CE-AEEA-35C8598378A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D85F98B3-4978-47F5-9FC0-BF57A6F1F13D}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C7CB7D-70B2-4B12-B8D2-133696DC31C2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0FF179D2-14BC-437D-9160-02336B34FC78}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{1734AB90-B3B3-431C-833A-1FFAEBE988E9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{1B38AA93-1640-467F-82CB-28DCAC855871}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{1F606795-D09B-4439-AEA2-30DA5266A151}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20A784CA-2431-4005-9930-0F68DCEF0678}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{22B76799-2C4A-431A-997F-C10153DA8B4D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3086F56D-0060-432A-ABF3-4E600C83BDA4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{3236D38C-546B-4777-B46D-73532C2F06A8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{37E999AE-CC5C-409A-8372-741AB5E252D3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3871D66C-6A63-40A8-8ACB-E843228946FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{3CCE9103-A9C0-4377-824B-0E164C58DD87}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{42D4C5AB-558A-48B7-B434-F96D29137A31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{454E9724-C261-4100-8466-FC34231E53E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{461AA5E7-095D-43FE-8158-015993683264}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{53A6C130-4871-48CA-BA99-13B2DDEEDA60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5BE9E68F-A40D-4120-8FB5-C5670F025B3F}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5EB729E4-1EAF-4445-B729-5876E2241B20}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{5F34C799-7D88-4D80-9B7A-BD1B10DBFB8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{61CDCD87-9827-41A6-A553-C9487B1760B0}" = dir=in | app=c:\users\<user>\appdata\local\microsoft\skydrive\skydrive.exe |
"{72F87F4D-C4B7-4962-82A5-AC4A0F660990}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{77BD5FE2-0329-4749-ADE5-00262EF4E55A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{7C19B818-2528-4237-8F00-93E766DF79E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F14C636-AF65-412D-9B0D-DE3AE609DED5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8301872B-9175-4550-B9A9-885021270343}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8826A489-B356-472F-BC50-5F4F11B5F349}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BDC2715-F076-4982-B056-DCDADC9A2ADE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D5C3CCB-568F-4E27-AD0F-ED205A1F4E2F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{946A6ABA-9C08-4438-B38A-BFA35F333A85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{9552011C-6A3B-4814-9A28-03F0DEFD45E9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{957F4C4B-6B87-40E3-85A7-47B5DFC3BCE8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{96E515EF-4110-485D-97F2-BEBBDA1B4D54}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{975F7006-64F9-4EFA-BE4D-D8472E2A885D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{9ACF0737-D6F6-43B7-B14C-9AF0251053C8}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{AF89C4F3-7B4A-4DBE-ACCA-334E61CFEE65}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B061505F-BC19-41B5-A117-6FEECEF942B8}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{B6A863F0-0915-4EBA-9F68-4B09174821EB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{BDC032F2-3578-42A4-AC68-1579CA1EE032}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BED4ADD7-4912-43C0-AEA3-786FE2C8105E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C10B8144-5703-4A96-83E5-96C8769A9ACB}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{C5FE4327-54A8-47FC-AA65-69B0FF99833A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C66E77E7-27E7-4D1E-85B8-0DEB6696202F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C9D0F15C-82E6-47A0-825E-F94A43AFC72C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC59CED9-6214-4062-822E-BCFD9DAAF852}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D27E4906-89CF-4A37-A34C-E40A28D4D4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D4F8E813-2D14-4578-8FB7-1A87424AD7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{DA633181-19C1-4047-824B-4FCB76F3AA17}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{DCA574B1-60F3-4A96-965D-1B91DAB4389F}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{DEC9DD1F-4D09-4B45-A9A5-8BDE0A6B111C}" = dir=in | app=c:\program files (x86)\skypewebplugin\skypewebplugin.exe |
"{DFEECABE-C3E6-4F8E-91D6-A4F43EC8B16A}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E2DED110-011B-4B76-8844-499C06905853}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F4FE94B8-50EC-4CB7-95D6-289594FBBC82}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{FCFBB07D-B5DD-4303-A803-CB7890F22833}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{FDD5987C-E04F-48BF-AC24-08A0104D2967}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"TCP Query User{6C5A4334-C681-43B2-A8C3-0111181C825E}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"UDP Query User{973557B8-6157-4242-B16A-D0FACBC91957}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{12079D47-A4AB-4AE5-A957-C2062D328F35}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86418025F0}" = Java 8 Update 25 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D6D3F085-3AEA-4BC5-A727-ED71CB460BD2}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"AVG" = AVG 2013
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"FinePrint" = FinePrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"pdfFactory Pro" = pdfFactory Pro
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL ESD
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2266F46F-0E46-491C-B278-DAF80F7C58D7}" = Skype Web Plugin
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{473A4557-3CB8-42CF-BCE6-A1AE33A3259C}" = Echo360 Personal Capture
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{9CCC78EF-027E-40E0-9B61-39932C65E3FE}" = Acronis Disk Director Home
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAAB700A-DDB7-4298-AB4B-B6E9F785059C}" = Cisco AnyConnect Secure Mobility Client
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}" = Disk Unlocker
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Echo360 Personal Capture" = Echo360 Personal Capture
"Free Studio_is1" = Free Studio version 2013
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InfraRecorder" = InfraRecorder
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"Mozilla Firefox 35.0 (x86 en-US)" = Mozilla Firefox 35.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Notepad++" = Notepad++
"Opera 12.12.1707" = Opera 12.12
"SpaceMonger" = SpaceMonger 2.1.1
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.5
"VMware_Workstation" = VMware Workstation
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/01/2015 5:16:02 PM | Computer Name = <user>sPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 17/01/2015 5:16:02 PM | Computer Name = <user>sPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 17/01/2015 5:16:03 PM | Computer Name = <user>sPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 17/01/2015 5:16:03 PM | Computer Name = <user>sPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 17/01/2015 5:16:03 PM | Computer Name = <user>sPC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 17/01/2015 6:26:51 PM | Computer Name = <user>sPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\systeminfo.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/01/2015 6:27:01 PM | Computer Name = <user>sPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\RecoveryExpert.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/01/2015 6:27:05 PM | Computer Name = <user>sPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\ManagementConsole.exe". Dependent Assembly
Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/01/2015 6:27:07 PM | Computer Name = <user>sPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Acronis\DiskDirector\WinPE\Files\mmsBundle.dll". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/01/2015 1:32:16 AM | Computer Name = <user>sPC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,
time stamp: 0x50a2f9e3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x100084f1 Faulting process id:
0x1d68 Faulting application start time: 0x01d032e01802a243 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 5cc204c3-9ed3-11e4-866a-3085a9448366

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute
File:
.\HostConfigMgr.cpp Line: 1769 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface
Return
Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
9771 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeCategoryHandler File: .\MainThread.cpp
Line:
6953 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -28835824
(0xFE480010) Description: HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 6566
Invoked
Function: CMainThread::genericNoticeCategoryHandler Return Code: -28835824 (0xFE480010)
Description:
HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 6516
Invoked
Function: CMainThread::processNotice Return Code: -28835824 (0xFE480010) Description:
HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 17/01/2015 5:49:09 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnEventSignaled File: .\MainThread.cpp Line:
6288 Invoked Function: CMainThread::noticeHandler Return Code: -28835824 (0xFE480010)
Description:
HOSTCONFIGMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE

Error - 17/01/2015 6:51:29 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetbinding::getIcfg File: .\CNetbinding.cpp Line: 175 Invoked
Function: INetCfgLock::AcquireWriteLock Return Code: 1 (0x00000001) Description:
Incorrect function. write lock already taken by iphlpsvc.dll

Error - 17/01/2015 6:51:29 PM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: ACIdentifierExts::GetMacAddressesOfPhysicalInterfaces File:
.\ACIdentifierExts.cpp Line: 314 Invoked Function: CNetbinding::EnumeratePhysicalAdapters
Return
Code: -26279926 (0xFE6F000A) Description: NETBINDING_ERROR_GETICFG

Error - 18/01/2015 12:13:31 AM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: CNetbinding::getIcfg File: .\CNetbinding.cpp Line: 175 Invoked
Function: INetCfgLock::AcquireWriteLock Return Code: 1 (0x00000001) Description:
Incorrect function. write lock already taken by iphlpsvc.dll

Error - 18/01/2015 12:13:31 AM | Computer Name = <user>sPC | Source = acvpnagent | ID = 67108866
Description = Function: ACIdentifierExts::GetMacAddressesOfPhysicalInterfaces File:
.\ACIdentifierExts.cpp Line: 314 Invoked Function: CNetbinding::EnumeratePhysicalAdapters
Return
Code: -26279926 (0xFE6F000A) Description: NETBINDING_ERROR_GETICFG

[ System Events ]
Error - 17/01/2015 9:00:31 AM | Computer Name = <user>sPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/01/2015 9:23:51 AM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7016
Description = The ASDiskUnlocker service has reported an invalid current state 11.

Error - 17/01/2015 5:13:06 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent
service to connect.

Error - 17/01/2015 5:13:06 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7000
Description = The AVGIDSAgent service failed to start due to the following error:
%%1053

Error - 17/01/2015 5:13:06 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AVG
WatchDog service to connect.

Error - 17/01/2015 5:13:06 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%1053

Error - 17/01/2015 5:13:13 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7024
Description = The VMware Workstation Server service terminated with service-specific
error %%-1.

Error - 17/01/2015 5:37:18 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7016
Description = The ASDiskUnlocker service has reported an invalid current state 11.

Error - 17/01/2015 5:37:19 PM | Computer Name = <user>sPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/01/2015 5:52:58 PM | Computer Name = <user>sPC | Source = Service Control Manager | ID = 7016
Description = The ASDiskUnlocker service has reported an invalid current state 11.


< End of report >


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 18 January 2015 - 09:57 AM

Lets check if there is any policy restrictions.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

#13 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 19 January 2015 - 06:11 AM

Result:

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:08 on 19/01/2015 by Linda
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions]
(Unable to open key - key not found)

-= EOF =-

There is a registry folder at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\ but  no Internet Explorer folder under that location.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,523 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:26 PM

Posted 19 January 2015 - 08:29 AM

Run this Farbar registry search.

:reg
HKEY_LOCAL_MACHINE\Software\Policies /sub


The file may be long so attach it if necessary.

#15 HSV Guy

HSV Guy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 20 January 2015 - 06:16 AM

Run this Farbar registry search.
 

:reg 
HKEY_LOCAL_MACHINE\Software\Policies /sub


The file may be long so attach it if necessary.

 

 

I assume that should essentially export all keys under that location but running FRST on both the "infected" PC and mine resulted in the following txt file being generated:

 

 

Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by <user> at 2015-01-20 20:56:33
Running from C:\Users\<user>\Downloads
Boot Mode: Normal

================== Search Registry: ":reg HKEY_LOCAL_MACHINE\Software\Policies /sub" ===========


====== End Of Search ======

I assume I am probably not ticking something that I should (or similar). In any case, below is an export of HKEY_LOCAL_MACHINE\SOFTWARE\Policies from regedit:

 

 

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|CollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certify|Doc&ument Processing|Print Pro&duction|Ja&vaScript|&Accessibility|Analy&ze|&Annotations|D&rawing Markups|Revie&w"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
"tSponsoredContentSchemeWhiteList"="http|https"
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\15.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\15.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\15.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"
"SFCDisable"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 

Edited by HSV Guy, 20 January 2015 - 06:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users