Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware TrackId Cant Seem To Get Rid Of It


  • This topic is locked This topic is locked
22 replies to this topic

#1 toncruz

toncruz

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 12 January 2015 - 05:41 AM

Hi Guys! Im new here and i am seeking help from the experts of BC!

 

I have accidentally clicked on a link that gave me dozens of malware. I have cleaned most of it but there is one that stayed and undetectable.

 

Its called Trackid Malware i dont know how to remove of it, it has been here for days. I am also afraid its stealing my information. Does anyone have any idea? Also, does it infect my other drive files.

 

**********************************************************************************************************

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Winston Cruz at 18:34:37 on 2015-01-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8109.3270 [GMT 8:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 11\cbVSCService11.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe
C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Winston Cruz\AppData\Local\Apps\2.0\8RHAJJ5E.AP0\MAW2VQV8.TKZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
C:\Program Files (x86)\Razer\Razer Cortex\main.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\World of Warcraft\Wow.exe
E:\World of Warcraft\Utils\WowBrowserProxy.exe
C:\Users\Winston Cruz\Documents\Honorbuddy\Honorbuddy.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = www.google.com
uDefault_Page_URL = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Viber] "C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe" StartMinimized
uRun: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
uRun: [uTorrent] "C:\Users\Winston Cruz\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
StartupFolder: C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\WINSTO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BBF0EC6-BC35-4190-8559-87A51AF2C3FF} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{B114CD2C-4910-4309-83D7-DA652C116F47} : DHCPNameServer = 122.2.167.2 122.2.129.2 192.168.1.1
TCP: Interfaces\{D2B1ABAE-1693-4F93-BA74-135BFD05E447} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Winston Cruz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-18 267632]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-21 20464]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-9-18 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-9-18 436624]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-29 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-18 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-2 50344]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files\Cobian Backup 11\cbVSCService11.exe [2015-1-11 67584]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-9-20 1148560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-25 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-25 19823248]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-12-10 186048]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-12-6 32544]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [2014-10-27 105448]
R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2014-6-9 4250624]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-10-27 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-12-8 129600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-27 410768]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-2 271752]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-2 4012248]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-21 370672]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-21 791024]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-28 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-17 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-12-6 941272]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-9-5 39592]
R3 rzhnet;Razer Inc. External Display Driver;C:\Windows\System32\drivers\rzhnet.sys [2014-9-5 21160]
R3 rzjstk;Razer Virtual Joystick Driver;C:\Windows\System32\drivers\rzjstk.sys [2014-9-5 27816]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-5-23 32768]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-5 160424]
S1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-11-13 74432]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-29 116728]
S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe --> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [?]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe --> C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2014-12-6 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-12-6 32400]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-11-13 129472]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2014-7-6 239696]
S4 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
.
=============== Created Last 30 ================
.
2015-01-11 06:33:35 -------- d-----w- C:\Program Files\Cobian Backup 11
2015-01-11 05:44:57 -------- d-----w- C:\FRST
2015-01-11 04:00:02 -------- d-----w- C:\AdwCleaner
2015-01-10 03:10:25 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-10 02:29:39 358736 ----a-w- C:\Windows\System32\LavasoftTcpService64.dll
2015-01-10 02:29:39 312424 ----a-w- C:\Windows\SysWow64\LavasoftTcpService.dll
2015-01-09 08:11:53 -------- d-----w- C:\Users\Winston Cruz\AppData\Local\Wunderlist
2015-01-09 08:11:44 -------- d-----w- C:\Program Files (x86)\Wunderlist
2015-01-05 05:32:46 -------- d-----w- C:\Windows\SysWow64\DCS
2014-12-28 18:17:38 -------- d-sh--w- C:\Jumpshot
2014-12-28 18:08:07 -------- d-----w- C:\Windows\jumpshot.com
2014-12-27 04:37:59 620176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-12-26 21:11:29 -------- d-----w- C:\Users\Winston Cruz\AppData\Local\Bossland
2014-12-26 18:44:18 6446080 ----a-r- C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Installer\{6D8FB164-2A7D-43B2-A59E-E16BF568ACB0}\DesktopIcon.exe
2014-12-20 11:25:26 -------- d-----w- C:\Users\Winston Cruz\AppData\Local\RzStats
2014-12-19 03:22:14 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
2014-12-16 18:13:58 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-12-16 18:13:58 32400 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M  ====================
.
2014-12-15 05:27:50 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-15 05:27:50 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-13 08:03:15 6859408 ----a-w- C:\Windows\System32\nvcpl.dll
2014-12-13 08:03:15 3513488 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-12-13 08:03:13 935240 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-12-13 08:03:13 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-12-13 08:03:13 386368 ----a-w- C:\Windows\System32\nvmctray.dll
2014-12-13 08:03:13 2558608 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-12-13 00:12:24 2210040 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-12-13 00:12:24 1291464 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-12-13 00:12:12 2824504 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-12-13 00:12:12 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-12-12 23:11:01 4151176 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-12-09 22:21:53 37184 ----a-w- C:\Windows\System32\drivers\rzpmgrk.sys
2014-12-02 07:45:40 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-12-02 07:45:28 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-12-02 07:45:28 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-12-02 07:45:28 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-12-02 07:45:28 43152 ----a-w- C:\Windows\avastSS.scr
2014-12-02 07:45:28 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-12-02 07:45:28 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-12-02 07:45:28 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-22 10:46:30 35472 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-11-17 22:18:52 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-11-17 21:37:21 129600 ----a-w- C:\Windows\System32\drivers\rzpnk.sys
2014-11-13 00:20:36 1876296 ----a-w- C:\Windows\System32\nvdispco6434475.dll
2014-11-13 00:20:36 1540424 ----a-w- C:\Windows\System32\nvdispgenco6434475.dll
.
============= FINISH: 18:34:45.58 ===============
 
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 12 January 2015 - 06:37 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 12 January 2015 - 01:39 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Winston Cruz (administrator) on PANTHEON on 13-01-2015 02:34:14
Running from C:\Users\Winston Cruz\Downloads
Loaded Profile: Winston Cruz (Available profiles: Winston Cruz)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 11\cbVSCService11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe
(Dropbox, Inc.) C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Curse) C:\Users\Winston Cruz\AppData\Local\Apps\2.0\8RHAJJ5E.AP0\MAW2VQV8.TKZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\main.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5383\Battle.net.exe
(Blizzard Entertainment) E:\World of Warcraft\Wow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) E:\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [60640 2014-12-06] (Razer Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-11-03] (Razer Inc.)
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Run: [Viber] => C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe [936456 2014-03-06] ()
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2864688 2014-12-12] (Blizzard Entertainment)
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Run: [uTorrent] => C:\Users\Winston Cruz\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-22] (BitTorrent Inc.)
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\MountPoints2: {869182fa-f504-11e3-b638-00248ce4be90} - "I:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\MountPoints2: {af90ac24-04e1-11e4-8897-00248ce4be90} - I:\AutoRun.exe
Startup: C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001 -> {10E74EC6-5116-4008-A492-2A0A550D3201} URL = https://ph.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1546886429-1528316237-1301858924-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Winston Cruz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default\searchplugins\google-avast.xml
FF Extension: iCloud Bookmarks - C:\Users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default\Extensions\firefoxdav@icloud.com [2014-11-15]
FF Extension: iMacros for Firefox - C:\Users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Winston Cruz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Winston Cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (Avast Online Security) - C:\Users\Winston Cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-30]
CHR Extension: (Google Wallet) - C:\Users\Winston Cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\WINSTO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-02]
CHR StartMenuInternet: Google Chrome - Chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-02] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-02] (Avast Software)
R2 cbVSCService11; C:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S4 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239696 2013-07-23] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-12-06] (Razer Inc.)
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S4 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-02] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-11] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-09-05] (Razer Inc)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-11] (Razer, Inc.)
R3 rzhnet; C:\Windows\System32\Drivers\rzhnet.sys [21160 2014-09-05] (Razer Inc)
R3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [27816 2014-09-05] (Razer Inc)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-11-18] (Razer, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-02] (Avast Software)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 02:34 - 2015-01-13 02:34 - 00022898 _____ () C:\Users\Winston Cruz\Downloads\FRST.txt
2015-01-13 02:33 - 2015-01-13 02:33 - 02124288 _____ (Farbar) C:\Users\Winston Cruz\Downloads\FRST64 (1).exe
2015-01-12 22:10 - 2015-01-12 22:10 - 00017126 _____ () C:\Users\Winston Cruz\Downloads\American.Horror.Story.S04E11.720p.HDTV.x265-REViVE.mkv [IPT].torrent
2015-01-12 21:10 - 2015-01-12 21:10 - 00038291 _____ () C:\Users\Winston Cruz\Documents\50451f8fbcf94d349ff26906e6839fc6_A.jpeg
2015-01-12 16:22 - 2015-01-12 16:23 - 00000197 _____ () C:\Windows\system32\2015-01-12-08-22-31.042-AvastVBoxSVC.exe-2856.log
2015-01-11 21:45 - 2015-01-11 21:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-13-45-10.040-AvastVBoxSVC.exe-2828.log
2015-01-11 15:36 - 2015-01-11 15:36 - 00000197 _____ () C:\Windows\system32\2015-01-11-07-36-25.064-AvastVBoxSVC.exe-2860.log
2015-01-11 14:48 - 2015-01-11 14:49 - 00688992 ____R (Swearware) C:\Users\Winston Cruz\Downloads\dds.com
2015-01-11 14:33 - 2015-01-11 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-01-11 14:33 - 2015-01-11 14:33 - 00000000 ____D () C:\Program Files\Cobian Backup 11
2015-01-11 14:11 - 2015-01-11 14:23 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Winston Cruz\Downloads\cbSetup.exe
2015-01-11 13:44 - 2015-01-13 02:34 - 00000000 ____D () C:\FRST
2015-01-11 13:42 - 2015-01-11 13:42 - 02124288 _____ (Farbar) C:\Users\Winston Cruz\Downloads\FRST64.exe
2015-01-11 12:44 - 2015-01-11 12:44 - 00000197 _____ () C:\Windows\system32\2015-01-11-04-44-30.009-AvastVBoxSVC.exe-2792.log
2015-01-11 12:05 - 2015-01-11 12:05 - 00000197 _____ () C:\Windows\system32\2015-01-11-04-05-04.016-AvastVBoxSVC.exe-2776.log
2015-01-11 12:00 - 2015-01-11 15:34 - 00000000 ____D () C:\AdwCleaner
2015-01-11 11:59 - 2015-01-11 11:59 - 02191360 _____ () C:\Users\Winston Cruz\Downloads\adwcleaner_4.107.exe
2015-01-11 10:45 - 2015-01-11 10:46 - 00000197 _____ () C:\Windows\system32\2015-01-11-02-45-35.034-AvastVBoxSVC.exe-2796.log
2015-01-10 14:10 - 2015-01-10 14:10 - 00000197 _____ () C:\Windows\system32\2015-01-10-06-10-22.041-AvastVBoxSVC.exe-2932.log
2015-01-10 12:56 - 2015-01-10 13:19 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-10 12:56 - 2015-01-10 12:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-10 12:54 - 2015-01-10 12:54 - 00244104 _____ () C:\Users\Winston Cruz\Downloads\Firefox Setup Stub 34.0.5.exe
2015-01-10 11:21 - 2015-01-10 11:21 - 00000197 _____ () C:\Windows\system32\2015-01-10-03-21-20.032-AvastVBoxSVC.exe-2876.log
2015-01-10 11:10 - 2015-01-10 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-10 11:07 - 2015-01-10 11:08 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Winston Cruz\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-10 10:29 - 2015-01-10 10:29 - 00004616 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-10 10:29 - 2015-01-10 10:29 - 00002448 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-10 10:29 - 2015-01-10 10:29 - 00002448 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-10 10:29 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-10 10:29 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-10 10:25 - 2015-01-10 10:25 - 00003182 _____ () C:\Windows\System32\Tasks\{90C94D23-6189-487D-B021-96B852D46A3D}
2015-01-10 10:25 - 2015-01-10 10:25 - 00003182 _____ () C:\Windows\System32\Tasks\{33EB07C4-A76A-4B4E-B16A-AC5AA024186C}
2015-01-10 10:22 - 2015-01-10 10:24 - 08059016 _____ (Lavasoft) C:\Users\Winston Cruz\Downloads\WebCompanionInstaller.exe
2015-01-10 10:13 - 2015-01-10 13:19 - 00003274 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1546886429-1528316237-1301858924-1001
2015-01-10 05:11 - 2015-01-10 05:11 - 00000197 _____ () C:\Windows\system32\2015-01-09-21-11-26.086-AvastVBoxSVC.exe-2804.log
2015-01-09 16:39 - 2015-01-09 16:39 - 00005321 _____ () C:\Users\Winston Cruz\Downloads\REP-Shaohao 1.0 - Akuma88.xml
2015-01-09 16:19 - 2015-01-09 16:19 - 00001622 _____ () C:\Users\Winston Cruz\Downloads\Emperor Shaohao Reputation Farm v1.1 Reverse.xml
2015-01-09 16:11 - 2015-01-10 09:50 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Wunderlist
2015-01-09 16:11 - 2015-01-09 16:11 - 00002505 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2015-01-09 16:11 - 2015-01-09 16:11 - 00000000 ____D () C:\Program Files (x86)\Wunderlist
2015-01-09 14:10 - 2013-08-23 11:09 - 00000000 ____D () C:\Users\Winston Cruz\Downloads\Constellation of Feelings
2015-01-09 12:12 - 2015-01-09 12:13 - 00000197 _____ () C:\Windows\system32\2015-01-09-04-12-34.099-AvastVBoxSVC.exe-2776.log
2015-01-08 22:58 - 2015-01-08 22:58 - 00000197 _____ () C:\Windows\system32\2015-01-08-14-58-11.053-AvastVBoxSVC.exe-2808.log
2015-01-08 17:10 - 2015-01-08 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-08-09-10-37.044-AvastVBoxSVC.exe-2884.log
2015-01-08 10:55 - 2015-01-08 10:55 - 00000197 _____ () C:\Windows\system32\2015-01-08-02-55-25.077-AvastVBoxSVC.exe-2820.log
2015-01-08 04:15 - 2015-01-08 04:15 - 00001283 _____ () C:\Users\Winston Cruz\Downloads\Emperor Shaohao Reputation Farm v1.1 .xml
2015-01-08 04:03 - 2015-01-08 04:03 - 00001602 _____ () C:\Users\Winston Cruz\Downloads\Frostwolf orcs Grind v2.1[H].xml
2015-01-08 02:18 - 2015-01-08 02:18 - 00008933 _____ () C:\Users\Winston Cruz\Downloads\SteamWheedleRep.xml
2015-01-08 02:18 - 2015-01-08 02:18 - 00005803 _____ () C:\Users\Winston Cruz\Downloads\FrostWolfOrcRep.xml
2015-01-07 23:59 - 2015-01-08 00:00 - 00000197 _____ () C:\Windows\system32\2015-01-07-15-59-43.095-AvastVBoxSVC.exe-2916.log
2015-01-07 14:42 - 2015-01-07 14:43 - 00000197 _____ () C:\Windows\system32\2015-01-07-06-42-48.055-AvastVBoxSVC.exe-3028.log
2015-01-06 01:07 - 2015-01-06 01:08 - 00000197 _____ () C:\Windows\system32\2015-01-05-17-07-59.001-AvastVBoxSVC.exe-2812.log
2015-01-05 13:32 - 2015-01-12 14:39 - 00000000 ____D () C:\Windows\SysWOW64\DCS
2015-01-05 13:31 - 2015-01-05 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-05-05-31-51.047-AvastVBoxSVC.exe-2804.log
2015-01-01 21:58 - 2015-01-01 22:51 - 73924608 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
2015-01-01 21:58 - 2015-01-01 22:51 - 21233664 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-12-29 02:17 - 2015-01-02 06:52 - 00000000 __SHD () C:\Jumpshot
2014-12-29 02:08 - 2015-01-01 22:58 - 00000000 ____D () C:\Windows\jumpshot.com
2014-12-27 12:37 - 2014-12-13 08:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-27 12:36 - 2014-12-13 18:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-27 12:36 - 2014-12-13 18:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-27 12:36 - 2014-12-13 18:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-27 12:36 - 2014-10-10 01:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-27 12:36 - 2014-10-10 01:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-27 12:36 - 2014-10-09 15:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-27 05:11 - 2014-12-27 05:11 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Bossland
2014-12-27 02:44 - 2015-01-12 21:44 - 00000000 ____D () C:\Users\Winston Cruz\Documents\Honorbuddy
2014-12-26 16:55 - 2014-12-26 16:56 - 00000197 _____ () C:\Windows\system32\2014-12-26-08-55-56.019-AvastVBoxSVC.exe-2368.log
2014-12-25 21:10 - 2014-12-25 21:10 - 00000197 _____ () C:\Windows\system32\2014-12-25-13-10-14.064-AvastVBoxSVC.exe-2936.log
2014-12-24 04:33 - 2014-12-24 04:33 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 04:25 - 2014-12-24 04:26 - 00000197 _____ () C:\Windows\system32\2014-12-23-20-25-29.003-AvastVBoxSVC.exe-2944.log
2014-12-22 12:04 - 2014-12-22 12:04 - 00000197 _____ () C:\Windows\system32\2014-12-22-04-04-05.079-AvastVBoxSVC.exe-2856.log
2014-12-21 17:24 - 2014-12-21 17:24 - 00000197 _____ () C:\Windows\system32\2014-12-21-09-24-51.027-AvastVBoxSVC.exe-2900.log
2014-12-21 01:20 - 2014-12-21 01:20 - 00000197 _____ () C:\Windows\system32\2014-12-20-17-20-07.085-AvastVBoxSVC.exe-2868.log
2014-12-20 19:26 - 2014-12-20 19:26 - 00000197 _____ () C:\Windows\system32\2014-12-20-11-26-18.061-AvastVBoxSVC.exe-2892.log
2014-12-20 19:25 - 2014-12-20 19:25 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\RzStats
2014-12-19 11:22 - 2014-12-19 11:22 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-12-17 13:46 - 2014-12-17 13:46 - 00000197 _____ () C:\Windows\system32\2014-12-17-05-46-50.053-AvastVBoxSVC.exe-2896.log
2014-12-17 02:13 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-17 02:13 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-15 23:16 - 2014-12-15 23:16 - 00000197 _____ () C:\Windows\system32\2014-12-15-15-16-07.056-AvastVBoxSVC.exe-2876.log
2014-12-15 23:10 - 2014-12-15 23:10 - 00000197 _____ () C:\Windows\system32\2014-12-15-15-10-17.052-AvastVBoxSVC.exe-2856.log
2014-12-15 22:57 - 2014-12-15 22:57 - 00000197 _____ () C:\Windows\system32\2014-12-15-14-57-56.073-AvastVBoxSVC.exe-3028.log
2014-12-15 21:35 - 2014-12-15 21:35 - 00000197 _____ () C:\Windows\system32\2014-12-15-13-35-05.058-AvastVBoxSVC.exe-2932.log
2014-12-15 20:22 - 2014-12-15 20:22 - 00000197 _____ () C:\Windows\system32\2014-12-15-12-22-06.053-AvastVBoxSVC.exe-2892.log
2014-12-15 17:07 - 2014-12-15 17:07 - 00000197 _____ () C:\Windows\system32\2014-12-15-09-07-06.008-AvastVBoxSVC.exe-2860.log
2014-12-14 16:29 - 2014-12-14 16:29 - 00000197 _____ () C:\Windows\system32\2014-12-14-08-29-10.056-AvastVBoxSVC.exe-2828.log
2014-12-14 12:29 - 2014-12-14 12:30 - 00000197 _____ () C:\Windows\system32\2014-12-14-04-29-30.067-AvastVBoxSVC.exe-2872.log
2014-12-14 00:24 - 2014-12-14 00:24 - 00000197 _____ () C:\Windows\system32\2014-12-13-16-24-02.076-AvastVBoxSVC.exe-3012.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 02:33 - 2013-09-25 21:24 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Battle.net
2015-01-13 02:33 - 2013-09-19 00:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 02:10 - 2014-03-05 14:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 01:51 - 2013-09-26 22:53 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Deployment
2015-01-13 01:47 - 2013-09-18 21:17 - 01673438 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 00:57 - 2013-09-18 23:58 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\vlc
2015-01-13 00:40 - 2014-11-01 20:01 - 00000000 __SHD () C:\Users\Winston Cruz\wc
2015-01-12 23:51 - 2014-03-09 20:43 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Viber
2015-01-12 23:49 - 2013-09-18 21:30 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\uTorrent
2015-01-12 18:09 - 2014-04-04 10:59 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\CrashDumps
2015-01-12 17:12 - 2013-09-18 21:18 - 00000000 ____D () C:\Users\Winston Cruz
2015-01-12 16:27 - 2009-07-14 13:13 - 00786070 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 16:21 - 2014-04-10 11:47 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\TSVNCache
2015-01-12 16:21 - 2014-03-09 20:45 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\ViberPC
2015-01-12 16:21 - 2014-03-05 14:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-12 16:21 - 2013-12-05 16:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-12 16:21 - 2013-09-18 21:40 - 00000000 ___RD () C:\Users\Winston Cruz\Dropbox
2015-01-12 16:21 - 2013-09-18 21:26 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\Dropbox
2015-01-12 16:21 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 16:21 - 2009-07-14 12:51 - 00117564 _____ () C:\Windows\setupact.log
2015-01-11 15:34 - 2010-11-21 11:47 - 00404096 _____ () C:\Windows\PFRO.log
2015-01-11 12:42 - 2013-09-18 21:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-11 12:02 - 2014-03-05 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-11 12:02 - 2013-09-18 21:19 - 00001198 _____ () C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 20:43 - 2013-09-18 21:39 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\Skype
2015-01-10 12:56 - 2014-12-09 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-10 12:40 - 2013-09-18 21:19 - 00001413 _____ () C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-10 11:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Help
2015-01-10 11:18 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:18 - 2009-07-14 12:45 - 00020640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 05:35 - 2013-10-03 23:54 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-10 05:35 - 2013-10-03 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-10 05:35 - 2013-09-25 21:00 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-09 19:30 - 2014-01-12 13:10 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\TS3Client
2015-01-09 14:00 - 2014-08-25 16:41 - 00058368 ___SH () C:\Users\Winston Cruz\Thumbs.db
2015-01-03 04:05 - 2013-09-16 21:41 - 00000000 ____D () C:\Users\Winston Cruz\Documents\My Games
2015-01-03 03:44 - 2013-09-28 01:55 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 22:13 - 2013-10-04 21:31 - 00000000 ____D () C:\Users\Winston Cruz\Documents\Square Enix
2015-01-01 16:46 - 2013-11-20 22:46 - 00000000 ____D () C:\Users\Winston Cruz\Documents\Bandicam
2014-12-29 13:11 - 2013-09-21 18:48 - 00000000 ____D () C:\Windows\AutoKMS
2014-12-29 01:00 - 2013-10-22 19:26 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\CuteRank
2014-12-29 00:43 - 2013-10-22 15:38 - 00000000 ____D () C:\Program Files (x86)\CuteRank
2014-12-27 12:38 - 2013-12-05 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-27 02:44 - 2014-04-18 14:02 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Package Cache
2014-12-27 02:44 - 2014-04-05 16:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-24 20:19 - 2013-10-06 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-24 20:19 - 2013-10-06 01:02 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-24 20:19 - 2013-10-06 00:56 - 00006873 _____ () C:\ProgramData\hpzinstall.log
2014-12-22 16:49 - 2013-09-30 13:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-22 15:09 - 2014-09-18 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-22 15:09 - 2013-09-18 21:39 - 00000000 ____D () C:\ProgramData\Skype
2014-12-20 16:07 - 2014-06-23 14:33 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\OBS
2014-12-17 13:51 - 2013-09-18 21:27 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-15 15:50 - 2014-06-23 14:30 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-15 15:42 - 2014-08-17 13:51 - 00000000 ____D () C:\Users\Winston Cruz\AppData\Local\Adobe
2014-12-15 13:27 - 2013-09-19 00:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-15 13:27 - 2013-09-19 00:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 13:27 - 2013-09-19 00:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\Winston Cruz\AppData\Local\Temp\bbacabfbbbee.exe
C:\Users\Winston Cruz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg68gt2.dll
C:\Users\Winston Cruz\AppData\Local\Temp\Quarantine.exe
C:\Users\Winston Cruz\AppData\Local\Temp\SpOrder.dll
C:\Users\Winston Cruz\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 05:43
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Winston Cruz at 2015-01-13 02:34:34
Running from C:\Users\Winston Cruz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
1310 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden
1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.1.419 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlePing (HKLM-x32\...\{DB480AC3-1578-B8DC-3F8F-786A2A4E3BC7}) (Version: 1.3.5.8 - BattlePing)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Curse Client (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CuteRank 3.5.7 (HKLM-x32\...\CuteRank) (Version: 3.5.7 - CuteRank.Net)
Demonbuddy (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\{73110f8a-dee0-4248-a7c1-11b5faf06036}) (Version: 1.0.1788.355 - Bossland GmbH)
Demonbuddy (x32 Version: 1.0.1788.355 - Bossland GmbH) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hero Academy (HKLM-x32\...\Steam App 209270) (Version:  - Robot Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Honorbuddy (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\{2f987c34-7585-4033-b5f1-b2e4e05fc916}) (Version: 2.5.12479.763 - Bossland GmbH)
Honorbuddy (x32 Version: 2.5.12479.763 - Bossland GmbH) Hidden
HOTSLogsUploader (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\99a83d131490dc73) (Version: 1.0.0.10 - HOTSLogsUploader)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LINE (HKLM-x32\...\LINE) (Version: 3.7.0.34 - LINE Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.22.00.158 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OGG to MP3 Converter (HKLM-x32\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version:  - www.oggtomp3converter.com)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
QM for Windows (Version 4) (HKLM-x32\...\QM for Windows (Version 4)) (Version:  - Prentice-Hall)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.2.22.0 - Razer Inc.)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Update Wizard (Redistributable) 4.5 (HKLM-x32\...\Software Update Wizard (Redistributable)) (Version: 4.5 - PowerProgrammer)
SplashID Safe 6.2 (HKLM-x32\...\SplashID Safe) (Version: 6.2 - SplashData)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.23 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TortoiseSVN 1.8.5.25224 (64 bit) (HKLM\...\{57FCA88C-D94A-490A-B8C6-8ECC3A9A48D2}) (Version: 1.8.25224 - TortoiseSVN)
Unity Web Player (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Viber (HKU\S-1-5-21-1546886429-1528316237-1301858924-1001\...\Viber) (Version: 3.0.0.134193 - Viber Media Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wunderlist (HKLM-x32\...\{1FD680C8-3B2B-4103-94D9-31EAA6BF6133}) (Version: 3.2.2.0 - 6 Wunderkinder GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{1b4fbb42-74ae-4f32-afe4-729186bebd58}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Local\Workspace\wbetoolsax64.dll No File
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1546886429-1528316237-1301858924-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
06-12-2014 21:47:08 Installed Realtek Ethernet Diagnostic Utility
06-12-2014 21:48:13 Installed Realtek Ethernet Controller Driver
06-12-2014 21:51:32 Windows Update
06-12-2014 22:33:09 Installed DirectX
17-12-2014 11:11:46 Removed Java 7 Update 71
26-12-2014 19:03:05 Scheduled Checkpoint
27-12-2014 02:44:02 Honorbuddy
27-12-2014 02:44:09 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
03-01-2015 05:57:54 Scheduled Checkpoint
09-01-2015 14:31:50 Removed Adobe Reader XI (11.0.10).
09-01-2015 16:06:26 Installed Wunderlist
09-01-2015 16:11:13 Installed Wunderlist
10-01-2015 10:25:45 LavasoftWeCompanion
10-01-2015 11:06:58 LavasoftWeCompanion
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {067ECFE6-4C9C-4EFE-80FE-8ED4F9B0D93D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-03] (Synaptics Incorporated)
Task: {0C4DE9C7-3644-4C27-8A26-6CC2606DDD16} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-02] (AVAST Software)
Task: {13C8A142-CAB4-455A-A413-E4A9A699972D} - System32\Tasks\{90C94D23-6189-487D-B021-96B852D46A3D} => pcalua.exe -a "C:\Users\Winston Cruz\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=amt
Task: {1D6283AE-3F37-47AD-9AEB-1ED25CD68C60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)
Task: {43596C8D-12C8-4C8F-8B10-E1156E8B61E3} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {49A2F5F9-2617-4463-B555-669070B866D8} - System32\Tasks\{33EB07C4-A76A-4B4E-B16A-AC5AA024186C} => pcalua.exe -a "C:\Users\Winston Cruz\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=amt
Task: {640ECE64-4A89-415D-850F-B9D65A66E0AD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6D8E6A37-D274-4048-B004-E23470163143} - System32\Tasks\{FFE0DE87-5985-415B-85FF-3CF92F55A62E} => pcalua.exe -a "C:\Users\Winston Cruz\Downloads\setup.exe" -d "C:\Users\Winston Cruz\Downloads"
Task: {8EA39E83-6A4E-498F-BD92-8E7CC956C40B} - System32\Tasks\avastBCLRestartS-1-5-21-1546886429-1528316237-1301858924-1001 => Firefox.exe 
Task: {9078808D-528F-4C7F-8CD2-750B9310AA90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {99158169-0F80-41A1-9A0C-4115329EE794} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05] (Google Inc.)
Task: {C3300C71-3639-426C-A87D-3DFDDF5F28C2} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {CEC0C2CE-6AF0-42B4-8ADC-4118B822C188} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E2790E8B-0658-41DF-BF02-62E325D1AD5F} - \AutoKMS No Task File <==== ATTENTION
Task: {F9384B73-1926-448E-99D1-FE420E600D12} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-05 16:07 - 2014-12-13 16:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-10 06:22 - 2014-12-10 06:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-12-02 15:45 - 2014-12-02 15:45 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-02 15:45 - 2014-12-02 15:45 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00076016 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-02-18 21:16 - 2014-02-18 21:16 - 00088816 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-09 20:45 - 2014-03-06 04:05 - 00936456 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe
2014-10-10 04:01 - 2014-10-10 04:01 - 00016384 ____N () C:\Users\Winston Cruz\AppData\Local\Apps\2.0\8RHAJJ5E.AP0\MAW2VQV8.TKZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2013-09-26 22:56 - 2013-09-26 22:54 - 00035840 _____ () C:\Users\Winston Cruz\AppData\Local\Apps\2.0\8RHAJJ5E.AP0\MAW2VQV8.TKZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-10 04:01 - 2014-10-10 04:01 - 00099840 ____N () C:\Users\Winston Cruz\AppData\Local\Apps\2.0\8RHAJJ5E.AP0\MAW2VQV8.TKZ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2014-12-02 15:45 - 2014-12-02 15:45 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-12 16:22 - 2015-01-12 16:22 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-27 21:28 - 2012-11-20 16:13 - 00264192 _____ () C:\Program Files (x86)\Razer\Razer Cortex\D3DX8Wrapper.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 43532288 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\libViber.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00770048 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\libGLESv2.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00098304 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\qfacebook.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00172032 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\libexif.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00049152 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\libEGL.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00876544 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\platforms\qwindows.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00024576 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qgif.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00024576 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qico.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00204800 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qjpeg.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00221184 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qmng.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00016384 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qsvg.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00016384 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qtga.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00311296 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qtiff.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00016384 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\imageformats\qwbmp.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00638976 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\sqldrivers\qsqlite.dll
2014-09-16 12:25 - 2014-09-16 12:25 - 00032768 _____ () C:\Users\Winston Cruz\AppData\Local\Viber\4.3.0.1453\iconengines\qsvgicon.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00750080 _____ () C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-12 16:21 - 2015-01-12 16:21 - 00043008 _____ () c:\Users\Winston Cruz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpg68gt2.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00047616 _____ () C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00863744 _____ () C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 08:22 - 2014-10-22 08:22 - 00200704 _____ () C:\Users\Winston Cruz\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-02 15:45 - 2014-12-02 15:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-29 15:17 - 2014-11-12 02:48 - 01171456 _____ () E:\Steam\libavcodec-56.dll
2014-08-29 15:17 - 2014-11-12 02:48 - 00442368 _____ () E:\Steam\libavutil-54.dll
2014-08-29 15:17 - 2014-11-12 02:48 - 00332800 _____ () E:\Steam\libavresample-2.dll
2013-08-21 14:18 - 2014-11-12 02:47 - 00774656 _____ () E:\Steam\SDL2.dll
2014-05-25 20:03 - 2014-11-19 04:23 - 02227904 _____ () E:\Steam\video.dll
2014-08-29 15:17 - 2014-11-12 02:48 - 00403968 _____ () E:\Steam\libavformat-56.dll
2014-08-29 15:17 - 2014-11-12 02:48 - 00485888 _____ () E:\Steam\libswscale-3.dll
2013-09-21 10:35 - 2014-11-19 04:23 - 00690880 _____ () E:\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-11-12 02:48 - 34589888 _____ () E:\Steam\bin\libcef.dll
2014-08-15 15:41 - 2014-11-12 02:48 - 00837824 _____ () E:\Steam\bin\ffmpegsumo.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libcef.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libGLESv2.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00907776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\platforms\qwindows.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\libEGL.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qgif.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qico.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qjpeg.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qmng.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qsvg.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\imageformats\qtiff.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick.2\qtquick2plugin.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2014-12-12 09:43 - 2014-12-12 09:43 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5383\qml\QtQml\Models.2\modelsplugin.dll
2014-12-15 13:27 - 2014-12-15 13:27 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
2014-02-18 20:32 - 2014-02-18 20:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-12-12 23:12 - 2014-12-06 09:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 23:12 - 2014-12-06 09:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 23:12 - 2014-12-06 09:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 23:12 - 2014-12-06 09:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
2013-05-22 07:24 - 2014-12-19 14:36 - 23950848 _____ () E:\World of Warcraft\Utils\libcef.dll
2014-12-12 23:12 - 2014-12-06 09:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B755D674
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Mobile Broadband HL Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: WebUpdate4 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RazerFPSStartup.lnk => C:\Windows\pss\RazerFPSStartup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Winston Cruz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Winston Cruz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DIMDownloading your update...1300677038363 => "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\winston cruz\appdata\roaming\corel\messages\540215253_610005\en\messagecache1\workflow"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HDD Regenerator => "C:\Program Files (x86)\HDD Regenerator\Shell.exe" /1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSPM Startup => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RazerCortex => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: RzSBHelper => C:\Program Files (x86)\Razer\SwitchBlade\RzSBHelper.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Steam => "E:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Winston Cruz\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: Viber => "C:\Users\Winston Cruz\AppData\Local\Viber\Viber.exe" StartMinimized
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1546886429-1528316237-1301858924-500 - Administrator - Disabled)
Guest (S-1-5-21-1546886429-1528316237-1301858924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1546886429-1528316237-1301858924-1002 - Limited - Enabled)
Winston Cruz (S-1-5-21-1546886429-1528316237-1301858924-1001 - Administrator - Enabled) => C:\Users\Winston Cruz
 
==================== Faulty Device Manager Devices =============
 
Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/12/2015 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wow.exe, version: 6.0.3.19342, time stamp: 0x548f8e55
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7bafa
Exception code: 0xc0000005
Fault offset: 0x00035f2c
Faulting process id: 0x30c
Faulting application start time: 0xWow.exe0
Faulting application path: Wow.exe1
Faulting module path: Wow.exe2
Report Id: Wow.exe3
 
Error: (01/12/2015 04:21:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/12/2015 04:21:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 06:13:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Wow.exe version 6.0.3.19342 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3934
 
Start Time: 01d02deba98e3629
 
Termination Time: 32
 
Application Path: E:\World of Warcraft\Wow.exe
 
Report Id:
 
Error: (01/11/2015 09:46:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/11/2015 09:44:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 03:35:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/11/2015 03:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 00:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 00:42:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
 
System errors:
=============
Error: (01/12/2015 04:21:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
RzFilter
 
Error: (01/12/2015 04:21:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
%%3
 
Error: (01/12/2015 04:21:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error: 
%%2
 
Error: (01/12/2015 04:21:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
%%2
 
Error: (01/12/2015 04:21:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
%%3
 
Error: (01/11/2015 09:44:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
RzFilter
 
Error: (01/11/2015 09:44:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: 
%%3
 
Error: (01/11/2015 09:44:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error: 
%%2
 
Error: (01/11/2015 09:44:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Log Rotator Service service failed to start due to the following error: 
%%2
 
Error: (01/11/2015 09:44:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (01/12/2015 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wow.exe6.0.3.19342548f8e55KERNELBASE.dll6.1.7601.175144ce7bafac000000500035f2c30c01d02e4782d8cfe4E:\World of Warcraft\Wow.exeC:\Windows\syswow64\KERNELBASE.dll22fdda7c-9a43-11e4-ab6c-fcaa140fdf05
 
Error: (01/12/2015 04:21:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/12/2015 04:21:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/12/2015 06:13:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Wow.exe6.0.3.19342393401d02deba98e362932E:\World of Warcraft\Wow.exe
 
Error: (01/11/2015 09:46:04 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/11/2015 09:44:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 03:35:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/11/2015 03:34:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 00:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/11/2015 00:42:31 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 60%
Total physical RAM: 8108.88 MB
Available physical RAM: 3172.32 MB
Total Pagefile: 16215.95 MB
Available Pagefile: 10160.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (POSEIDON) (Fixed) (Total:111.69 GB) (Free:10.85 GB) NTFS
Drive d: (ZEUS) (Fixed) (Total:785.02 GB) (Free:159.06 GB) NTFS
Drive e: (ATHENA) (Fixed) (Total:539 GB) (Free:190.17 GB) NTFS
Drive f: (OIZYS) (Fixed) (Total:539 GB) (Free:469.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 18478008)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 816CC4FF)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4E40F64D)
Partition 1: (Not Active) - (Size=1078 GB) - (Type=42)
Partition 2: (Active) - (Size=785 GB) - (Type=42)
Partition 3: (Not Active) - (Size=1112 KB) - (Type=42)
 
==================== End Of Log ============================


#4 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 12 January 2015 - 01:41 PM

Hello Sir! I am at this phase now but i seem to be stuck. I have downloaded the Gmer and it created a random filename, but when i try to run it it crashes.

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

 

********************************************************************************************************************************************************



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 13 January 2015 - 10:02 AM

Skip Gmer and TDSS-Killer, run aswMBR instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 13 January 2015 - 10:17 AM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-13 23:11:30
-----------------------------
23:11:30.907    OS Version: Windows x64 6.1.7601 Service Pack 1
23:11:30.907    Number of processors: 4 586 0x3C03
23:11:30.908    ComputerName: PANTHEON  UserName: 
23:11:31.110    Initialize success
23:11:31.118    VM: initialized successfully
23:11:31.119    VM: Intel CPU supported 
23:11:48.296    VM: supported disk I/O ataport.SYS
23:11:51.128    AVAST engine defs: 15011300
23:12:03.647    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:12:03.657    Disk 0 Vendor: Crucial_CT120M500SSD1 MU02 Size: 114473MB BusType: 11
23:12:03.665    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
23:12:03.671    Disk 1 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 11
23:12:03.683    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-1
23:12:03.689    Disk 2 Vendor: WDC_WD2002FAEX-007BA0 05.01D05 Size: 1907729MB BusType: 11
23:12:03.705    VM: Disk 0 MBR read successfully
23:12:03.712    Disk 0 MBR scan
23:12:03.722    Disk 0 Windows 7 default MBR code
23:12:03.729    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:12:03.739    Disk 0 default boot code
23:12:03.748    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
23:12:03.758    Disk 0 scanning C:\Windows\system32\drivers
23:12:05.609    Service scanning
23:12:11.822    Modules scanning
23:12:11.835    Disk 0 trace - called modules:
23:12:11.863    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:12:11.871    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072de060]
23:12:11.879    3 CLASSPNP.SYS[fffff8800197843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006e32060]
23:12:12.223    AVAST engine scan C:\Windows
23:12:12.609    AVAST engine scan C:\Windows\system32
23:12:49.510    AVAST engine scan C:\Windows\system32\drivers
23:12:52.211    AVAST engine scan C:\Users\Winston Cruz
23:14:59.825    AVAST engine scan C:\ProgramData
23:16:01.739    Disk 0 statistics 5445740/0/18 @ 19.22 MB/s
23:16:01.740    Scan finished successfully
23:16:31.093    Disk 0 MBR has been saved successfully to "E:\User Files\MBR.dat"
23:16:31.125    The log file has been saved successfully to "E:\User Files\aswMBR.txt"


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 13 January 2015 - 10:34 AM

OK, what symptoms are you facing?

TrackID is an app for Android Cellphones...

 

Please describe your problem.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 13 January 2015 - 10:47 AM

Hello there! Actually i accidentally clicked a link that gave me a lot of viruses and malwares, that includes DOS popping out and either telling me that they are installing some files to my computer OR retrieving some files from my computer (or am i imagining it)?

 

I am dead scared of this since i have my documents other personal files in this desktop. I tried scanning with a lot of malware programs + antivirus but everything it says seems to say its not infected.

 

I googled most of them and "maybe" fixed it.

 

Now, when i use ANY browser i seem to come up with this ?trackid. at every search. its pretty annoying.

 

I will send screenshots so you will understand.

 

Is there nothing wrong anymore in my computer as what the log says? 

Attached Files


Edited by toncruz, 13 January 2015 - 10:47 AM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 13 January 2015 - 10:53 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 13 January 2015 - 12:33 PM

ComboFix 15-01-08.01 - Winston Cruz 01/14/2015   0:40.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8109.4300 [GMT 8:00]
Running from: c:\users\Winston Cruz\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\networkdlllsp.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-13 to 2015-01-13  )))))))))))))))))))))))))))))))
.
.
2015-01-13 17:19 . 2015-01-13 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-11 06:33 . 2015-01-11 06:33 -------- d-----w- c:\program files\Cobian Backup 11
2015-01-11 05:44 . 2015-01-12 18:34 -------- d-----w- C:\FRST
2015-01-11 04:00 . 2015-01-11 07:34 -------- d-----w- C:\AdwCleaner
2015-01-10 03:10 . 2015-01-10 03:10 -------- d-----w- c:\programdata\Malwarebytes
2015-01-10 02:29 . 2014-12-16 04:10 358736 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-01-10 02:29 . 2014-12-16 04:10 312424 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-09 08:11 . 2015-01-10 01:50 -------- d-----w- c:\users\Winston Cruz\AppData\Local\Wunderlist
2015-01-09 08:11 . 2015-01-09 08:11 -------- d-----w- c:\program files (x86)\Wunderlist
2015-01-05 05:32 . 2015-01-13 15:07 -------- d-----w- c:\windows\SysWow64\DCS
2014-12-28 18:17 . 2015-01-01 22:52 -------- d-----w- C:\Jumpshot
2014-12-28 18:08 . 2015-01-01 14:58 -------- d-----w- c:\windows\jumpshot.com
2014-12-27 04:37 . 2014-12-13 00:47 620176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-12-26 21:11 . 2014-12-26 21:11 -------- d-----w- c:\users\Winston Cruz\AppData\Local\Bossland
2014-12-26 18:44 . 2014-12-26 18:44 6446080 ----a-r- c:\users\Winston Cruz\AppData\Roaming\Microsoft\Installer\{6D8FB164-2A7D-43B2-A59E-E16BF568ACB0}\DesktopIcon.exe
2014-12-20 11:25 . 2014-12-20 11:25 -------- d-----w- c:\users\Winston Cruz\AppData\Local\RzStats
2014-12-19 03:22 . 2014-12-19 03:22 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2014-12-16 18:13 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-16 18:13 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-15 05:27 . 2013-09-18 16:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-15 05:27 . 2013-09-18 16:14 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-13 10:08 . 2014-12-06 14:31 3293136 ----a-w- c:\windows\system32\nvapi64.dll
2014-12-13 10:08 . 2014-12-06 14:31 2897824 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-12-13 10:08 . 2014-12-06 14:31 17264312 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-12-13 10:08 . 2014-12-06 14:31 16040184 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-12-13 10:08 . 2014-12-06 14:31 14128496 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-12-13 10:08 . 2013-12-05 08:07 74056 ----a-w- c:\windows\system32\OpenCL.dll
2014-12-13 10:08 . 2013-12-05 08:07 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-12-13 08:03 . 2013-12-05 08:07 6859408 ----a-w- c:\windows\system32\nvcpl.dll
2014-12-13 08:03 . 2013-12-05 08:07 3513488 ----a-w- c:\windows\system32\nvsvc64.dll
2014-12-13 08:03 . 2014-12-06 14:32 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2014-12-13 08:03 . 2013-12-05 08:07 935240 ----a-w- c:\windows\system32\nvvsvc.exe
2014-12-13 08:03 . 2013-12-05 08:07 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-12-13 08:03 . 2013-12-05 08:07 386368 ----a-w- c:\windows\system32\nvmctray.dll
2014-12-13 00:12 . 2014-07-11 17:13 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-03-24 18:10 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-07-11 17:13 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-03-24 18:10 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-12 23:11 . 2014-05-30 15:08 4151176 ----a-w- c:\windows\system32\nvcoproc.bin
2014-12-09 22:21 . 2014-10-27 13:28 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2014-12-02 07:45 . 2013-09-18 13:31 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-12-02 07:45 . 2014-12-02 07:45 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-12-02 07:45 . 2014-12-02 07:45 43152 ----a-w- c:\windows\avastSS.scr
2014-12-02 07:45 . 2014-09-29 14:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-12-02 07:45 . 2014-09-29 14:37 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-12-02 07:45 . 2013-09-18 13:31 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-12-02 07:45 . 2013-09-18 13:31 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-12-02 07:45 . 2013-09-18 13:31 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-12-02 07:45 . 2013-09-18 13:31 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-12-02 07:45 . 2013-09-18 13:31 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-22 10:46 . 2014-12-06 14:31 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-17 22:18 . 2014-12-06 14:31 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-11-17 21:37 . 2014-12-08 15:58 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2014-11-13 00:20 . 2014-12-06 14:31 1876296 ----a-w- c:\windows\system32\nvdispco6434475.dll
2014-11-13 00:20 . 2014-12-06 14:31 1540424 ----a-w- c:\windows\system32\nvdispgenco6434475.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2013-09-18 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2013-09-18 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viber"="c:\users\Winston Cruz\AppData\Local\Viber\Viber.exe" [2014-03-05 936456]
"uTorrent"="c:\users\Winston Cruz\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-21 1385808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"RazerCortex"="c:\program files (x86)\Razer\Razer Cortex\RazerCortex.exe" [2014-12-06 60640]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-11-03 585536]
.
c:\users\Winston Cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-11-10 0]
Dropbox.lnk - c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
R1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x]
R4 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files\Cobian Backup 11\cbVSCService11.exe;c:\program files\Cobian Backup 11\cbVSCService11.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe;c:\program files (x86)\Razer\Razer Cortex\RzKLService.exe [x]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzhnet;Razer Inc. External Display Driver;c:\windows\system32\Drivers\rzhnet.sys;c:\windows\SYSNATIVE\Drivers\rzhnet.sys [x]
S3 rzjstk;Razer Virtual Joystick Driver;c:\windows\system32\DRIVERS\rzjstk.sys;c:\windows\SYSNATIVE\DRIVERS\rzjstk.sys [x]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 15:11 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-18 05:27]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 06:43]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-05 06:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-12-02 07:45 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 02:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: paypal.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Winston Cruz\AppData\Roaming\Mozilla\Firefox\Profiles\tq4mva7t.default\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Battle.net - c:\program files (x86)\Battle.net\Battle.net
Wow6432Node-HKCU-Run-Web Companion - c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Winston Cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Completion time: 2015-01-14  01:30:08 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-13 17:30
.
Pre-Run: 10,996,649,984 bytes free
Post-Run: 10,345,824,256 bytes free
.
- - End Of File - - 9CAC11CFFA173BD312C3A5D00B6418DD
A36C5E4F47E84449FF07ED3517B43A31


#11 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 13 January 2015 - 01:10 PM

Good news it seems to be gone from my computer, combo might have killed it off. 

 

But is it possible that you can explain what happened? Like what logs were you looking at or observing, etc.? 

 

I wanted to learn on this so ill understnad the situation better next time.

 

Also, is it ok if i reformat now? Or should we proceed to check if my other files in other drives are safe? Thanks. 



#12 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 13 January 2015 - 09:39 PM

Oops nevermind i spoke too soon, its still here.



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 14 January 2015 - 03:42 AM

one second, do you plan to format and reinstall?Then we can skip all this and proceed after you´ve reinstaleld.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 toncruz

toncruz
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:17 PM

Posted 14 January 2015 - 04:22 AM

No. i want to check if my computer can be saved right now.

 

But if you tell me that the malware, virus, adware are not going to infect my other drives then i guess reformatting is an option.


Edited by toncruz, 14 January 2015 - 04:23 AM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:17 AM

Posted 14 January 2015 - 05:18 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users