Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Eraem Vire Studaa 2012 and more


  • This topic is locked This topic is locked
2 replies to this topic

#1 Troychu

Troychu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 23 January 2015 - 09:53 PM

Hello everyone,

 

My computer seems to have been infected with a whole lot of stuff at the start of the year. I've started seeing a lot of BSODs and random program crashes the past week. I've noticed some strange occurrences when web surfing and streaming videos. While finally scanning my system this evening, I noticed MANY processes that I have never seen before. I suddenly found some txt files pointing to a possible cryptolocker virus or similar. This problem has been escalated since a reformat would not solve my problem here. My desktop is currently running in safemode with networking enabled, as I do not want anything else harmed if I am in fact infected with a cryptolocker virus. 

 

Here are the log files

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by Troy (administrator) on CIRNO on 23-01-2015 21:33:44
Running from E:\My Stuff\My Downloads
Loaded Profiles: False (Available profiles: Troy) <==== ATTENTION (Temporary Profile?)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => E:\Programz\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Launch LCore] => E:\Programz\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-06-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [608104 2013-04-22] (Razer USA Ltd)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ynafheuhk] => C:\Users\Troy\AppData\Roaming\Owziuc\ginuefa.exe [518749 2015-01-23] (Erdoaem Corniratu)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\nitcila-x32: C:\Users\Troy\AppData\Local\nitcila.dll [X]
HKU\S-1-5-18\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-19] (Valve Corporation)
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Troy\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Troy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fe6e7c0.exe ()
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> E:\Programz\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> E:\Programz\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Programz\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Programz\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> E:\Programz\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @raidcall.com/RCplugin -> C:\Users\Troy\AppData\LocalLow\raidcall\plugins\webplugin.dll (Raidcall)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-27]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [hggdpanmljeggkemjindpapdacpppnkb] - C:\ProgramData\Click2Save\hggdpanmljeggkemjindpapdacpppnkb.crx [Not Found]
CHR StartMenuInternet: Google Chrome - C:\Users\Troy\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\39.0.2171.46\remoting_host.exe [56648 2014-10-29] (Google Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S2 HiPatchService; E:\Programz\HiPatchService.exe [8704 2012-06-24] (Hi-Rez Studios) [File not signed]
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
S3 iPod Service; E:\Programz\iPod\bin\iPodService.exe [641352 2013-11-02] (Apple Inc.)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-16] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-16] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4390376 2011-07-17] (INCA Internet Co., Ltd.) [File not signed]
S3 osppsvc; E:\Programz\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-01-15] ()
S2 SQLWriter; E:\Programz\Microsoft SQL Server\90\Shared\sqlwriter.exe [129624 2012-02-11] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2012-07-19] (Microsoft Corporation) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-04-16] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-06-27] (FNet Co., Ltd.)
S1 HWiNFO32; E:\Programz\HWiNFO32\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [331264 2011-12-05] (Intel® Corporation) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-23] (ASUSTeK Computer Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2012-01-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-22] (ManyCam LLC)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.) [File not signed]
S3 RDID1053; C:\Windows\System32\Drivers\rdwm1053.sys [81792 2009-09-18] (Roland Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [25600 2012-10-09] (Razer USA Ltd)
S3 rzjstk; C:\Windows\System32\DRIVERS\rzjstk.sys [19968 2013-04-18] (Razer USA Ltd)
S3 rzkeypadendpt; C:\Windows\System32\DRIVERS\rzkeypadendpt.sys [24576 2013-04-18] (Razer USA Ltd)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [23040 2012-10-09] (Razer USA Ltd)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-01-23] ()
S3 BS275569243; \??\C:\Users\Troy\AppData\Local\Temp\NTFS.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\E:\Aura Kingdoms\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
U3 uxldqpog; \??\C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp\uxldqpog.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 20:55 - 2015-01-23 20:54 - 00190152 _____ (ESET) C:\Users\Troy\Desktop\ESETPoweliksCleaner.exe
2015-01-23 20:47 - 2015-01-23 20:47 - 00000000 ____D () C:\Windows\ERUNT
2015-01-23 20:40 - 2015-01-23 20:41 - 00000000 ____D () C:\AdwCleaner
2015-01-23 20:38 - 2015-01-22 08:42 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Troy\Desktop\TDSSKiller.exe
2015-01-23 20:36 - 2015-01-23 20:36 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Owziuc
2015-01-23 20:22 - 2015-01-23 21:33 - 00000000 ____D () C:\FRST
2015-01-23 20:03 - 2015-01-23 20:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-23 20:03 - 2015-01-23 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-01-23 20:03 - 2015-01-23 20:03 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-23 19:50 - 2015-01-23 19:50 - 00037814 _____ () C:\ComboFix.txt
2015-01-23 19:24 - 2015-01-23 19:50 - 00000000 ____D () C:\Qoobox
2015-01-23 19:24 - 2015-01-23 19:49 - 00000000 ____D () C:\Windows\erdnt
2015-01-23 19:24 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-23 19:24 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-23 19:24 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-23 19:24 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-23 19:24 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-23 19:24 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-23 19:24 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-23 19:24 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-23 19:08 - 2015-01-23 19:08 - 00008542 _____ () C:\Users\Troy\HELP_DECRYPT.HTML
2015-01-23 19:08 - 2015-01-23 19:08 - 00008542 _____ () C:\HELP_DECRYPT.HTML
2015-01-23 19:08 - 2015-01-23 19:08 - 00004214 _____ () C:\Users\Troy\HELP_DECRYPT.TXT
2015-01-23 19:08 - 2015-01-23 19:08 - 00004214 _____ () C:\HELP_DECRYPT.TXT
2015-01-23 19:08 - 2015-01-23 19:08 - 00000272 _____ () C:\Users\Troy\HELP_DECRYPT.URL
2015-01-23 19:08 - 2015-01-23 19:08 - 00000272 _____ () C:\HELP_DECRYPT.URL
2015-01-23 19:07 - 2015-01-23 19:07 - 00008542 _____ () C:\Users\Troy\Downloads\HELP_DECRYPT.HTML
2015-01-23 19:07 - 2015-01-23 19:07 - 00008542 _____ () C:\Users\Troy\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-23 19:07 - 2015-01-23 19:07 - 00008542 _____ () C:\Users\Troy\AppData\Local\HELP_DECRYPT.HTML
2015-01-23 19:07 - 2015-01-23 19:07 - 00008542 _____ () C:\Users\Troy\AppData\Local\Apps\HELP_DECRYPT.HTML
2015-01-23 19:07 - 2015-01-23 19:07 - 00008542 _____ () C:\Users\Troy\AppData\HELP_DECRYPT.HTML
2015-01-23 19:07 - 2015-01-23 19:07 - 00004214 _____ () C:\Users\Troy\Downloads\HELP_DECRYPT.TXT
2015-01-23 19:07 - 2015-01-23 19:07 - 00004214 _____ () C:\Users\Troy\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-23 19:07 - 2015-01-23 19:07 - 00004214 _____ () C:\Users\Troy\AppData\Local\HELP_DECRYPT.TXT
2015-01-23 19:07 - 2015-01-23 19:07 - 00004214 _____ () C:\Users\Troy\AppData\Local\Apps\HELP_DECRYPT.TXT
2015-01-23 19:07 - 2015-01-23 19:07 - 00004214 _____ () C:\Users\Troy\AppData\HELP_DECRYPT.TXT
2015-01-23 19:07 - 2015-01-23 19:07 - 00000272 _____ () C:\Users\Troy\Downloads\HELP_DECRYPT.URL
2015-01-23 19:07 - 2015-01-23 19:07 - 00000272 _____ () C:\Users\Troy\AppData\Roaming\HELP_DECRYPT.URL
2015-01-23 19:07 - 2015-01-23 19:07 - 00000272 _____ () C:\Users\Troy\AppData\Local\HELP_DECRYPT.URL
2015-01-23 19:07 - 2015-01-23 19:07 - 00000272 _____ () C:\Users\Troy\AppData\Local\Apps\HELP_DECRYPT.URL
2015-01-23 19:07 - 2015-01-23 19:07 - 00000272 _____ () C:\Users\Troy\AppData\HELP_DECRYPT.URL
2015-01-23 19:05 - 2015-01-23 19:05 - 00008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-23 19:05 - 2015-01-23 19:05 - 00004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-23 19:05 - 2015-01-23 19:05 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-23 19:05 - 2012-08-02 22:32 - 00518749 _____ (Erdoaem Corniratu) C:\Windows\SysWOW64\yvpimuukc.exe
2015-01-23 19:04 - 2015-01-23 19:04 - 00000000 ___HD () C:\fe6e7c0
2015-01-21 18:52 - 2015-01-23 20:57 - 00002856 _____ () C:\Windows\PFRO.log
2015-01-21 18:52 - 2015-01-23 20:43 - 00000392 _____ () C:\Windows\setupact.log
2015-01-21 18:52 - 2015-01-21 18:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-19 01:36 - 2015-01-19 01:36 - 00000951 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-01-19 01:36 - 2015-01-19 01:36 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2015-01-18 22:17 - 2015-01-18 22:17 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201501182217178240.log
2015-01-18 22:17 - 2015-01-18 22:17 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\library_dir
2015-01-18 22:17 - 2015-01-18 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-18 22:17 - 2015-01-18 22:17 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-01-18 22:16 - 2015-01-18 22:16 - 00000000 ____D () E:\Programz\AMD
2015-01-14 18:59 - 2015-01-14 18:59 - 00226062 _____ () C:\Windows\SysWOW64\CrashDump - 01-14-2015 23h 59m 38s.dmp
2015-01-13 21:37 - 2015-01-13 21:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2015-01-13 04:51 - 2015-01-14 00:02 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-12 21:52 - 2015-01-23 19:07 - 00000000 ____D () C:\Users\Troy\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-01-12 21:52 - 2015-01-12 21:52 - 00002510 _____ () C:\Users\Troy\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-01-12 21:52 - 2015-01-12 21:52 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-01-12 21:14 - 2015-01-21 19:00 - 01233116 _____ () C:\Windows\system32\CFG275569243
2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
2015-01-12 21:08 - 2015-01-23 19:59 - 00269256 ____N () C:\Windows\Minidump\012315-106377-01.dmp
2015-01-12 21:08 - 2015-01-23 19:47 - 00270819 ____N () C:\Windows\Minidump\012315-106174-01.dmp
2015-01-12 21:07 - 2015-01-12 21:07 - 00000000 ____D () C:\found.000
2015-01-12 20:45 - 2015-01-12 20:45 - 00000991 _____ () C:\Users\Troy\Desktop\WinDirStat.lnk
2015-01-12 20:45 - 2015-01-12 20:45 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-01-12 20:45 - 2015-01-12 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-01-12 20:45 - 2015-01-12 20:45 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2015-01-10 18:45 - 2015-01-10 18:45 - 00000000 ____D () C:\Users\Troy\AppData\Local\AXworks
2015-01-10 17:56 - 2015-01-10 18:44 - 00000248 _____ () C:\Windows\SysWOW64\0-G
2015-01-10 17:56 - 2015-01-10 18:32 - 00000000 ____D () C:\Users\Troy\AppData\Local\AZworks
2015-01-04 13:10 - 2015-01-04 13:10 - 00000000 ____D () C:\ProgramData\UixaSoze
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 21:04 - 2009-07-14 00:13 - 00794900 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 20:57 - 2012-06-27 14:50 - 00000000 ____D () C:\Program Files (x86)\Trillian
2015-01-23 20:57 - 2009-07-13 23:45 - 00017472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 20:57 - 2009-07-13 23:45 - 00017472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 20:56 - 2013-05-28 19:01 - 00000000 ____D () C:\Windows\pss
2015-01-23 20:44 - 2012-06-27 14:25 - 01129790 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 20:43 - 2014-11-16 14:10 - 00000000 ____D () C:\Users\Troy\AppData\Local\Deployment
2015-01-23 20:43 - 2014-03-24 17:09 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-23 20:43 - 2014-01-23 17:36 - 00000964 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-23 20:43 - 2014-01-23 17:36 - 00000948 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-23 20:43 - 2013-06-17 23:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-23 20:43 - 2012-06-30 00:33 - 00000000 ____D () C:\Users\Troy\AppData\Local\CrashDumps
2015-01-23 20:43 - 2012-06-27 14:47 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\uTorrent
2015-01-23 20:43 - 2012-06-27 14:36 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-01-23 20:43 - 2012-06-27 14:34 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-01-23 20:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 20:31 - 2012-06-27 14:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-23 20:22 - 2012-06-27 14:46 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000UA.job
2015-01-23 20:18 - 2014-06-25 18:37 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Curse Client
2015-01-23 20:18 - 2013-01-06 16:43 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Dropbox
2015-01-23 19:59 - 2012-07-08 17:45 - 00000000 ____D () C:\Windows\Minidump
2015-01-23 19:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-23 19:29 - 2009-07-13 21:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 28311552 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 125304832 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 125304832 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 08912896 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 08912896 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-23 19:29 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-23 19:27 - 2012-06-27 14:38 - 00000000 ____D () C:\ProgramData\Temp
2015-01-23 19:08 - 2013-01-06 16:46 - 00000000 ___RD () C:\Users\Troy\Dropbox
2015-01-23 19:07 - 2014-11-11 21:03 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\AMD
2015-01-23 19:07 - 2014-10-02 18:26 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\SYSTEMAX Software Development
2015-01-23 19:07 - 2014-07-24 18:18 - 00000000 ____D () C:\Users\Troy\AppData\Local\Skype
2015-01-23 19:07 - 2014-07-23 17:45 - 00000000 ____D () C:\Users\Troy\AppData\Local\TERA-Diagnostic
2015-01-23 19:07 - 2014-05-07 21:56 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\NCSOFT
2015-01-23 19:07 - 2014-03-05 22:32 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\HexChat
2015-01-23 19:07 - 2013-10-20 23:41 - 00000000 ____D () C:\Users\Troy\AppData\Local\Blizzard
2015-01-23 19:07 - 2013-10-20 19:35 - 00000000 ____D () C:\Users\Troy\AppData\Local\Battle.net
2015-01-23 19:07 - 2013-10-16 13:24 - 00000000 ____D () C:\Users\Troy\AppData\Local\FluxSoftware
2015-01-23 19:07 - 2013-09-30 23:20 - 00000000 ____D () C:\Users\Troy\AppData\Local\Blizzard Entertainment
2015-01-23 19:07 - 2013-08-28 20:24 - 00000000 ____D () C:\Users\Troy\AppData\Local\Mixxx
2015-01-23 19:07 - 2013-06-29 17:00 - 00000000 ____D () C:\Users\Troy\AppData\Local\Apple Computer
2015-01-23 19:07 - 2013-06-21 17:06 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Wacom
2015-01-23 19:07 - 2013-04-30 21:38 - 00000000 ____D () C:\Users\Troy\AppData\Local\Origin
2015-01-23 19:07 - 2013-04-14 15:21 - 00000000 ____D () C:\Users\Troy\Desktop\Aimbot
2015-01-23 19:07 - 2013-04-14 15:18 - 00000000 ____D () C:\Users\Troy\Desktop\Hentai
2015-01-23 19:07 - 2013-02-11 23:42 - 00000000 ____D () C:\Riot Games
2015-01-23 19:07 - 2013-01-30 18:14 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Blender Foundation
2015-01-23 19:07 - 2013-01-20 18:48 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Mumble
2015-01-23 19:07 - 2013-01-15 00:38 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Malwarebytes
2015-01-23 19:07 - 2012-12-30 21:21 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-01-23 19:07 - 2012-12-30 12:41 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Synthesia
2015-01-23 19:07 - 2012-12-05 16:37 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\OBS
2015-01-23 19:07 - 2012-11-30 19:17 - 00000000 ____D () C:\Sites
2015-01-23 19:07 - 2012-11-25 00:09 - 00000000 ____D () C:\Users\Troy\AppData\Local\Skyrim
2015-01-23 19:07 - 2012-11-13 18:35 - 00000000 ____D () C:\Users\Troy\AppData\Local\Sony
2015-01-23 19:07 - 2012-11-13 18:34 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Sony
2015-01-23 19:07 - 2012-11-07 20:48 - 00000000 ____D () C:\Users\Troy\AppData\Local\Geckofx
2015-01-23 19:07 - 2012-09-20 17:17 - 00000000 ____D () C:\Users\Troy\AppData\Local\ESN Sonar
2015-01-23 19:07 - 2012-09-20 12:23 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Origin
2015-01-23 19:07 - 2012-09-03 20:50 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Screaming Bee
2015-01-23 19:07 - 2012-08-23 23:12 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Notepad++
2015-01-23 19:07 - 2012-08-22 20:12 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\ManyCam
2015-01-23 19:07 - 2012-08-09 02:42 - 00000000 ____D () C:\Users\Troy\AppData\Local\PassMark
2015-01-23 19:07 - 2012-08-02 19:40 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Tencent
2015-01-23 19:07 - 2012-07-19 17:18 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Rainmeter
2015-01-23 19:07 - 2012-07-18 16:00 - 00000000 __RHD () C:\Users\Troy\AppData\Roaming\SecuROM
2015-01-23 19:07 - 2012-07-17 23:30 - 00000000 ____D () C:\Users\Troy\AppData\Local\FalloutNV
2015-01-23 19:07 - 2012-07-16 17:35 - 00000000 ____D () C:\Users\Troy\AppData\Local\Dxtory Software
2015-01-23 19:07 - 2012-07-16 12:51 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\ASUS
2015-01-23 19:07 - 2012-07-04 11:52 - 00000000 ____D () C:\Users\Troy\AppData\Local\PunkBuster
2015-01-23 19:07 - 2012-07-04 11:12 - 00000000 ____D () C:\Users\Troy\AppData\Local\Adobe
2015-01-23 19:07 - 2012-06-28 23:56 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\.minecraft
2015-01-23 19:07 - 2012-06-28 23:55 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\.techniclauncher
2015-01-23 19:07 - 2012-06-28 02:12 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Mozilla
2015-01-23 19:07 - 2012-06-28 02:12 - 00000000 ____D () C:\Users\Troy\AppData\Local\Mozilla
2015-01-23 19:07 - 2012-06-27 23:27 - 00000000 ____D () C:\Users\Troy\AppData\Local\SplitMediaLabs
2015-01-23 19:07 - 2012-06-27 23:26 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\SplitMediaLabs
2015-01-23 19:07 - 2012-06-27 14:52 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Skype
2015-01-23 19:07 - 2012-06-27 14:52 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Launchy
2015-01-23 19:07 - 2012-06-27 14:50 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Trillian
2015-01-23 19:07 - 2012-06-27 14:48 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Winamp
2015-01-23 19:07 - 2012-06-27 14:46 - 00000000 ____D () C:\Users\Troy\AppData\Local\Google
2015-01-23 19:07 - 2012-06-27 14:38 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Adobe
2015-01-23 19:07 - 2012-06-27 14:37 - 00000000 ____D () C:\Users\Troy\AppData\Local\cFos
2015-01-23 19:05 - 2014-09-25 17:22 - 00000000 ____D () C:\ArcheAge
2015-01-23 19:05 - 2014-01-11 13:47 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-23 19:05 - 2014-01-11 13:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-23 19:05 - 2013-09-09 16:34 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions
2015-01-23 19:05 - 2013-06-27 17:59 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-23 19:05 - 2013-02-20 23:52 - 00000000 ____D () C:\AMD
2015-01-23 19:05 - 2013-01-15 03:02 - 00000000 ____D () C:\Perfect World Entertainment
2015-01-23 19:05 - 2012-11-06 18:08 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-23 19:05 - 2012-10-01 00:34 - 00000000 ____D () C:\ProgramData\Razer
2015-01-23 19:05 - 2012-09-20 12:23 - 00000000 ____D () C:\ProgramData\Origin
2015-01-23 19:05 - 2012-08-10 00:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-23 19:05 - 2012-08-09 02:42 - 00000000 ____D () C:\ProgramData\Passmark
2015-01-23 19:05 - 2012-08-02 19:40 - 00000000 ____D () C:\ProgramData\Tencent
2015-01-23 19:05 - 2012-06-27 23:26 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2015-01-23 19:05 - 2012-06-27 22:54 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2015-01-23 19:05 - 2012-06-27 14:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-23 19:05 - 2012-06-27 14:37 - 00000000 ____D () C:\ProgramData\cFos
2015-01-23 19:05 - 2012-06-27 14:33 - 00000000 ____D () C:\ProgramData\Intel
2015-01-23 19:01 - 2009-07-14 00:08 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-23 16:26 - 2012-06-27 14:34 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-01-23 07:59 - 2013-09-05 06:32 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-23 03:22 - 2012-06-27 14:46 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000Core.job
2015-01-22 23:31 - 2014-11-12 03:31 - 03353776 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-22 23:31 - 2012-06-27 14:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 23:31 - 2012-06-27 14:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 23:31 - 2012-06-27 14:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-20 22:19 - 2012-06-27 16:29 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Media Player Classic
2015-01-19 18:00 - 2012-10-17 21:49 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\.purple
2015-01-19 01:17 - 2013-09-07 21:45 - 00000000 ____D () C:\Users\Troy\AppData\Local\gtk-2.0
2015-01-18 22:41 - 2012-12-30 23:09 - 00145920 _____ () C:\Users\Troy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-18 22:23 - 2014-03-18 20:38 - 00000000 ____D () C:\Program Files (x86)\RaidCall
2015-01-16 10:05 - 2013-09-05 06:32 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-16 10:05 - 2013-09-05 06:32 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-16 10:05 - 2013-09-05 06:32 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-16 10:05 - 2013-09-05 06:32 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 20:28 - 2013-07-02 20:13 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\vlc
2015-01-12 22:42 - 2012-07-04 11:52 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-01-12 22:42 - 2012-07-04 11:51 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-01-12 21:12 - 2014-01-25 15:47 - 00000000 ____D () E:\Programz\Elsword
2015-01-12 21:10 - 2014-08-03 14:25 - 00003250 _____ () C:\Windows\System32\Tasks\SamsungMagician
2015-01-12 21:10 - 2014-06-14 01:02 - 00000000 ____D () C:\Program Files (x86)\Samsung SSD Magician
2015-01-12 21:04 - 2012-11-06 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-12 21:04 - 2012-08-16 16:28 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-12 21:03 - 2012-11-29 13:46 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-01-12 21:02 - 2014-07-15 18:15 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-01-12 21:02 - 2012-08-27 23:28 - 00000000 ____D () E:\Programz\Fraps
2015-01-10 11:38 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-08 18:51 - 2012-07-04 11:51 - 00283032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-01-07 21:39 - 2012-06-27 14:36 - 00000600 _____ () C:\lucid.log
2015-01-07 00:03 - 2012-07-04 11:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-06 04:36 - 2012-06-27 14:53 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-01 12:17 - 2014-10-01 22:03 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 12:17 - 2012-06-27 14:49 - 00000000 ____D () C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
2013-11-24 20:18 - 2013-11-24 20:21 - 2044723200 _____ () E:\Programz\bns_1.72.4010.4_setup_bin.7z.001.ttd
2012-08-24 22:54 - 2012-08-24 22:54 - 0000096 _____ () E:\Programz\HiPatchService.config
2012-06-27 22:54 - 2012-06-24 13:42 - 0008704 _____ (Hi-Rez Studios) E:\Programz\HiPatchService.exe
2012-06-27 22:54 - 2012-06-24 13:40 - 0103936 _____ (Hi-Rez Studios Inc.) E:\Programz\HirezUtils.dll
2012-06-27 22:54 - 2012-06-24 13:40 - 0026112 _____ (Microsoft) E:\Programz\PatcherData.dll
2012-06-27 22:54 - 2012-06-24 13:42 - 0369664 _____ (Microsoft) E:\Programz\PatcherEngine.dll
2012-06-27 22:54 - 2012-06-24 13:42 - 0081408 _____ (Microsoft) E:\Programz\PatcherMisc.dll
2012-06-28 20:23 - 2012-06-28 20:20 - 4609827 _____ () E:\Programz\RemoveWAT22.ZIP
2009-07-13 18:19 - 2009-07-13 20:52 - 0000206 _____ () C:\Windows\system32\config\systemprofile\AppData\Roaming\PBS275569243.ini
2014-01-16 00:31 - 2014-01-16 00:31 - 0000040 _____ () C:\ProgramData\DT0001.dat
2015-01-23 19:05 - 2015-01-23 19:05 - 0008542 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-23 19:05 - 2015-01-23 19:05 - 0045413 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-23 19:05 - 2015-01-23 19:05 - 0004214 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-23 19:05 - 2015-01-23 19:05 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
 
Files to move or delete:
====================
C:\ProgramData\DT0001.dat
C:\Users\Troy\jagex_cl_runescape_LIVE.dat
C:\Users\Troy\jagex_cl_runescape_LIVE1.dat
C:\Users\Troy\jagex_cl_runescape_LIVE2.dat
C:\Users\Troy\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\Troy\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Troy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6m6k6h.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 10:34
 
==================== End Of Log ============================

 

 

 

Addition file here

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by Troy at 2015-01-23 21:33:58
Running from E:\My Stuff\My Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - BitTorrent Inc.)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems Incorporated)
Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Idea Factory)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
ASRock eXtreme Tuner v0.1.181 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version:  - )
ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version:  - )
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.0.8.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.0.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.3 - EA Digital Illusions CE AB)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blacklight Retribution (HKLM-x32\...\Blacklight Retribution) (Version:  - Perfect World Entertainment)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.65a-release - Blender Foundation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
China English Patch (HKLM-x32\...\{0D0A03F7-A654-4AF4-B837-42255DCA74D7}) (Version: 1.0.0.0 - LokiReborn)
Chrome Remote Desktop Host (HKLM-x32\...\{8432E4EF-ABFB-48C8-B77B-24728E71D3DD}) (Version: 39.0.2171.46 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Elsword version v4.0115.4.1 (HKLM-x32\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v4.0115.4.1 - Kill3rCombo)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
EPSON NX125 NX127 Series Printer Uninstall (HKLM\...\EPSON NX125 NX127 Series) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GameFly (x32 Version: 1.1.912 - GameFly, Inc.) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heaven DX11 Benchmark version 3.0 (HKLM\...\Unigine Heaven DX11 Benchmark (Basic Edition)_is1) (Version: 3.0 - Unigine Corp.)
HexChat (x64) (HKLM\...\HexChat (x64)_is1) (Version: 2.9.6 - HexChat)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HWiNFO32 Version 4.00 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.00 - Martin Malík - REALiX)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
KCP-0.5.3.3 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.5.3.3 - Haruhichan.com)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
LAV Filters 0.58.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.58.0 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.1.9 - Hermann Schinagl)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
ManyCam 3.0.80 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.80 - ManyCam LLC)
MeasureUp Certification Preparation (HKLM-x32\...\InstallShield_{77FA07DF-7646-41FF-A0C6-C0DC5DED0946}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (HKLM-x32\...\InstallShield_{1B53F089-10BA-4538-B977-8CF8A5343E04}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (x32 Version: 10.03 - MeasureUp Inc.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2012 (HKLM-x32\...\{9600393b-6ede-469b-a522-689fce1461d1}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.27 - mIRC Co. Ltd.)
Mixxx 1.11.0 (HKLM-x32\...\Mixxx (1.11.0)) (Version: 1.11.0 - The Mixxx Development Team)
MKVToolNix 5.9.0 (HKLM-x32\...\MKVToolNix) (Version: 5.9.0 - Moritz Bunkus)
Mobile Mouse Server (HKLM-x32\...\{333AE9D2-1A42-4012-BEC3-DFF9BEBF5CDD}) (Version: 3.0.1 - RPA Tech, Inc)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MSI Afterburner 2.2.2 (HKLM-x32\...\Afterburner) (Version: 2.2.2 - MSI Co., LTD)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NETGEAR Live Parental Controls Management Utility 2.1.5 (HKLM-x32\...\NETGEAR Live Parental Controls Management Utility) (Version: 2.1.5 - )
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140617.86661 - Square Enix Ltd)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.2.2 - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1213.0 - 腾讯科技(深圳)有限公司)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.9.5 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version:  - Enterbrain)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Secure Download Manager (HKLM-x32\...\{6CEF2BC6-8929-44EE-8360-175513E1A49A}) (Version: 3.0.5 - e-academy Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
TEdit 3 (HKLM-x32\...\{43B24867-0D47-4995-80F9-5435F1B959FF}) (Version: 1.0.0.0 - BinaryConstruct)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.41 - En Masse Entertainment)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Uninstall LSI (HKLM-x32\...\{62B332E9-239D-4692-BDE2-0CC1CF2833DA}_is1) (Version: 3.1c - Aequus Gaming Ltd.)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinSCP 5.1.1 (HKLM-x32\...\winscp3_is1) (Version: 5.1.1 - Martin Prikryl)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
XSplit Broadcaster (HKLM-x32\...\{AB814B94-929B-4CEB-99F7-62C1CFE664CA}) (Version: 1.3.1308.2203 - SplitMediaLabs)
xy-VSFilter 3.0.0.211 (HKLM-x32\...\xy-VSFilter_is1) (Version: 3.0.0.211 - xy-VSFilter Team)
剑灵_腾讯 (HKLM-x32\...\剑灵_腾讯) (Version:  - Tencent)
天色*アイルノーツ (HKLM-x32\...\{EDA20972-7B40-43AE-8713-6A01667F1A8D}) (Version:  - ゆずソフト)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-01-23 19:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {24BF4F42-41B2-4461-9AC1-4E7F01F01584} - System32\Tasks\{FC0E7C16-C51D-4734-AEAB-9D590ED1C8C3} => pcalua.exe -a "C:\Program Files (x86)\HmelyoffLabs\unins000.exe"
Task: {2594BEAD-9334-4902-A7CF-CB540FAEC28E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000Core => C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {3D07B16B-C1D7-44F2-ABDD-26DC54D295ED} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-03-24] ()
Task: {43661CDB-A877-4B43-B996-798C815B02D3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {4FAFFBD5-53C2-4B22-9F6B-6C64423EC42C} - System32\Tasks\CCleanerSkipUAC => E:\Programz\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {59512DF1-57DF-4172-8846-8E06CA08423B} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] ()
Task: {6B1B7334-F0DC-4DD2-8F13-926441F2F38F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {80E287C9-872E-445A-B783-94D5F0F85883} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8EF0FEBE-9CA3-4031-8CA0-A19B1A3E9DCC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-22] (Adobe Systems Incorporated)
Task: {9970B937-38E1-45F1-8797-9A7907C98933} - System32\Tasks\{5B5F0BE0-3B4B-4B81-BB3A-05B90A1655BD} => pcalua.exe -a E:\Programz\RebirthRO\Setup.exe -d E:\Programz\RebirthRO
Task: {A99E489F-8B1B-4C3F-9745-7C1A0A9D657F} - System32\Tasks\{0D3263FE-112D-4F8B-9E24-634D9A2E88D4} => pcalua.exe -a "E:\My Stuff\My Downloads\Office 2010 Toolkit.exe"
Task: {CB2945BB-55E8-4CA8-929C-109CC21F3733} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000UA => C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {EAC911A8-413B-4DBD-A404-03F9D20803B8} - System32\Tasks\{D8F49D5D-B51D-4905-BD27-757D768DBDA1} => pcalua.exe -a "E:\My Stuff\My Downloads\setup (2).exe" -d "E:\My Stuff\My Downloads"
Task: {FD504485-EBAB-43D1-A061-B30ED8DE4E5B} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung SSD Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000Core.job => C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309291612-180584173-1631443723-1000UA.job => C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () E:\Programz\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () E:\Programz\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2004-09-30 13:15 - 2004-09-30 13:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Troy\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "E:\Programz\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Google Update => "C:\Users\Troy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: ManyCam => "E:\Programz\Manycam\Bin\ManyCam.exe" /silent
MSCONFIG\startupreg: MusicManager => "C:\Users\Troy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: VIRTU MVP => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide
MSCONFIG\startupreg: Ynafheuhk => "C:\Users\Troy\AppData\Roaming\Owziuc\ginuefa.exe"
MSCONFIG\startupreg: {047c1586-04b7-8dad-bb6e-dd0db593f645} => "C:\ProgramData\Microsoft\{047c1586-04b7-8dad-bb6e-dd0db593f645}\{047c1586-04b7-8dad-bb6e-dd0db593f645}.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-309291612-180584173-1631443723-500 - Administrator - Disabled)
ASPNET (S-1-5-21-309291612-180584173-1631443723-1002 - Limited - Enabled)
Guest (S-1-5-21-309291612-180584173-1631443723-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-309291612-180584173-1631443723-1006 - Limited - Enabled)
Troy (S-1-5-21-309291612-180584173-1631443723-1000 - Administrator - Enabled) => C:\Users\Troy
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 09:30:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (01/23/2015 08:57:47 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/23/2015 08:43:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launchy.exe, version: 0.0.0.0, time stamp: 0x4bb7837a
Faulting module name: HsSrv.dll, version: 1.0.10.917, time stamp: 0x4c930239
Exception code: 0x40000015
Fault offset: 0x00017aaf
Faulting process id: 0x1754
Faulting application start time: 0xLaunchy.exe0
Faulting application path: Launchy.exe1
Faulting module path: Launchy.exe2
Report Id: Launchy.exe3
 
Error: (01/23/2015 08:43:44 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (01/23/2015 08:43:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (01/23/2015 08:43:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.2.2.0, time stamp: 0x4e32f719
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e6605e
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0x790
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report Id: AutoKMS.exe3
 
Error: (01/23/2015 08:43:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
   at System.Management.ManagementObjectCollection+ManagementObjectEnumerator.MoveNext()
   at OfficeToolkit.Logic.ActivationOffice.ActivateKMSOnly()
   at AutoKMS.AutoKMS.RunAutoKMS()
   at AutoKMS.Program.Main()
 
Error: (01/23/2015 08:43:31 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (01/23/2015 08:41:27 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (01/23/2015 08:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: e44nycy4.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: e44nycy4.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1cb0
Faulting application start time: 0xe44nycy4.exe0
Faulting application path: e44nycy4.exe1
Faulting module path: e44nycy4.exe2
Report Id: e44nycy4.exe3
 
 
System errors:
=============
Error: (01/23/2015 09:30:58 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (01/23/2015 09:30:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068stisvc{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (01/23/2015 08:59:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (01/23/2015 08:57:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
Error: (01/23/2015 08:57:53 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (01/23/2015 08:57:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (01/23/2015 08:57:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AsrAppCharger
discache
ElbyCDIO
HWiNFO32
spldr
Wanarpv6
 
Error: (01/23/2015 08:57:39 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084TermService{F9A874B6-F8A8-4D73-B5A8-AB610816828B}
 
Error: (01/23/2015 08:45:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/23/2015 08:44:35 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 09:30:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (01/23/2015 08:57:47 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/23/2015 08:43:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launchy.exe0.0.0.04bb7837aHsSrv.dll1.0.10.9174c9302394000001500017aaf175401d037772fb8879dC:\Program Files (x86)\Launchy\Launchy.exeC:\Windows\SysWOW64\HsSrv.dll6f529fff-a36a-11e4-bf13-bc5ff4369720
 
Error: (01/23/2015 08:43:44 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (01/23/2015 08:43:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/23/2015 08:43:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.2.2.04e32f719KERNELBASE.dll6.1.7600.1720650e6605ee04343520000c41f79001d0377728234600C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\syswow64\KERNELBASE.dll6adddf57-a36a-11e4-bf13-bc5ff4369720
 
Error: (01/23/2015 08:43:39 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
   at System.Management.ManagementObjectCollection+ManagementObjectEnumerator.MoveNext()
   at OfficeToolkit.Logic.ActivationOffice.ActivateKMSOnly()
   at AutoKMS.AutoKMS.RunAutoKMS()
   at AutoKMS.Program.Main()
 
Error: (01/23/2015 08:43:31 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (01/23/2015 08:41:27 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2
 
Error: (01/23/2015 08:33:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: e44nycy4.exe2.1.19357.052e7ea83e44nycy4.exe2.1.19357.052e7ea83c0000005000011aa1cb001d03775ca805935E:\My Stuff\My Downloads\e44nycy4.exeE:\My Stuff\My Downloads\e44nycy4.exe0c7f4711-a369-11e4-b071-bc5ff4369720
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-23 19:28:35.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-23 19:28:35.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-11 03:30:43.120
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-07-11 03:30:43.104
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8086.38 MB
Available physical RAM: 6669.24 MB
Total Pagefile: 16172.76 MB
Available Pagefile: 15069.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:28.7 GB) NTFS
Drive e: (KONA KASE) (Fixed) (Total:1397.26 GB) (Free:434.37 GB) NTFS
Drive g: () (Removable) (Total:7.46 GB) (Free:7.24 GB) NTFS
Drive s: (Aincrad) (Fixed) (Total:2794.39 GB) (Free:2384.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5EA8A7E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 0435D8CB)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 1397.3 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

 

 

 

Thank you in advance



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 PM

Posted 25 January 2015 - 02:24 PM

Hey, :)
Can you do the following steps in normal mode please? ;)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 PM

Posted 29 January 2015 - 10:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users