Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe Usage = Slowdown of entire PC, infected?


  • This topic is locked This topic is locked
27 replies to this topic

#1 sideswipe999

sideswipe999

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 28 January 2015 - 06:16 PM

Hello! Ran into the issue in the past day, not sure what's causing it but have ran both MSE and MBAM in safe mode, both removing a handful of items, nothing looked serious overall but the problem persists. On a clean boot it will run alright for a while but then the explorer.exe process will start shooting up over 4,790,000 usage, and I can shut the process down without restarting the windows explorer, so I'm assuming its some kind of duplicate process or something. I've attached preliminary logs here, any help you can give me is greatly appreciated. If you require more info, ill try my best to help!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Dash (administrator) on DASH-PC on 28-01-2015 18:10:45
Running from C:\Users\Dash\Desktop
Loaded Profiles: Dash (Available profiles: Dash)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Users\Dash\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Dash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Dropbox, Inc.) C:\Users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-28] (Logitech Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [456768 2013-10-18] (BillP Studios)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-27] (Valve Corporation)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [Spotify Web Helper] => C:\Users\Dash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [Google Update] => C:\Users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-19] (Google Inc.)
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Dash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001 -> {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001 -> {8633286E-EFFF-4DB1-97EF-69057F3CF579} URL = https://www.google.com/search?q={searchTerms}
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Discogs
FF Homepage: www.gametz.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: @talk.google.com/O1DPlugin -> C:\Users\Dash\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dash\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dash\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dash\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4101860393-3531364293-1392072032-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dash\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dash\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\searchplugins\discogs.xml
FF SearchPlugin: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\searchplugins\lastfm.xml
FF SearchPlugin: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\searchplugins\the-pirate-bay.xml
FF SearchPlugin: C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\searchplugins\youtube-video-search.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-04-20]
FF Extension: Classic Theme Restorer - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-09]
FF Extension: Hover Hound - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\jid0-PEBvWWKP6g5gzvk2gsdrh097hv0@jetpack.xpi [2014-07-25]
FF Extension: YouTube Center Developer Build - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-01-16]
FF Extension: Enhanced Steam - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\jid1-YdiFiTEkQgInxA@jetpack.xpi [2015-01-22]
FF Extension: Advertising Cookie Opt-out - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\optout@google.com.xpi [2012-02-29]
FF Extension: Greasemonkey - C:\Users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\18rczjjw.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-02-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-01-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-22]
CHR Extension: (Google Docs) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-22]
CHR Extension: (Google Drive) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-22]
CHR Extension: (YouTube) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-22]
CHR Extension: (Google Search) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-22]
CHR Extension: (Google Sheets) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-22]
CHR Extension: (Google Wallet) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-22]
CHR Extension: (Gmail) - C:\Users\Dash\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-22]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-27] ()
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-01-31] () <==== ATTENTION (zero size file/folder)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
S1 boptihqz; \??\C:\Windows\system32\drivers\boptihqz.sys [X]
S1 cxvtkaec; \??\C:\Windows\system32\drivers\cxvtkaec.sys [X]
S1 edglemgl; \??\C:\Windows\system32\drivers\edglemgl.sys [X]
S1 fvuvvxyj; \??\C:\Windows\system32\drivers\fvuvvxyj.sys [X]
S1 gykjlksx; \??\C:\Windows\system32\drivers\gykjlksx.sys [X]
S1 kvhbduvx; \??\C:\Windows\system32\drivers\kvhbduvx.sys [X]
S1 lqgfhupx; \??\C:\Windows\system32\drivers\lqgfhupx.sys [X]
S1 rlgwuled; \??\C:\Windows\system32\drivers\rlgwuled.sys [X]
S1 uhusbvqb; \??\C:\Windows\system32\drivers\uhusbvqb.sys [X]
S1 zedunnua; \??\C:\Windows\system32\drivers\zedunnua.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 18:10 - 2015-01-28 18:12 - 00023399 _____ () C:\Users\Dash\Desktop\FRST.txt
2015-01-28 17:34 - 2015-01-28 18:10 - 00000000 ____D () C:\FRST
2015-01-28 17:33 - 2015-01-28 17:32 - 02130432 _____ (Farbar) C:\Users\Dash\Desktop\FRST64.exe
2015-01-28 17:22 - 2015-01-28 18:01 - 00000000 ____D () C:\Windows\FrameworkUpdate
2015-01-28 17:22 - 2015-01-28 17:23 - 00000000 ___HD () C:\8b026b6f
2015-01-26 16:33 - 2015-01-26 16:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 23:15 - 2015-01-25 23:32 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\MM5_Saves
2015-01-25 22:44 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\IronCode
2015-01-25 21:02 - 2015-01-25 21:02 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\com.bossa.ddd
2015-01-25 18:12 - 2015-01-25 18:12 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Cinders
2015-01-24 21:40 - 2015-01-24 21:40 - 00000000 ____D () C:\Users\Dash\AppData\Local\Cat_Goes_Fishing
2015-01-23 23:48 - 2015-01-24 01:00 - 00000000 ____D () C:\Users\Dash\Documents\Loot Hunter
2015-01-23 02:52 - 2015-01-25 00:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-23 02:52 - 2015-01-25 00:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 17:18 - 2015-01-22 17:18 - 02471776 _____ (mIRC Co. Ltd.) C:\Users\Dash\Downloads\mirc738.exe
2015-01-22 17:18 - 2015-01-22 17:18 - 00000955 _____ () C:\Users\Public\Desktop\mIRC.lnk
2015-01-22 17:18 - 2015-01-22 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-01-22 16:50 - 2015-01-28 07:43 - 00003018 _____ () C:\Windows\System32\Tasks\EVGAPrecision
2015-01-22 16:11 - 2015-01-28 01:40 - 00000000 ____D () C:\Users\Dash\Desktop\Info
2015-01-22 16:10 - 2015-01-22 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-21 20:55 - 2015-01-21 23:52 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Wrack
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Users\Dash\AppData\Local\Targem
2015-01-19 23:35 - 2015-01-19 23:35 - 00000000 ____D () C:\Users\Dash\AppData\Local\SuperToyCars
2015-01-18 14:00 - 2015-01-18 14:00 - 00000000 ____D () C:\Users\Dash\Documents\Fruitbat Factory
2015-01-15 20:56 - 2015-01-16 06:10 - 00000000 ____D () C:\Users\Dash\AppData\Local\unhack
2015-01-14 16:58 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:58 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:58 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:58 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:58 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:58 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:58 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:58 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:58 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:58 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:58 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:58 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 02:19 - 2015-01-13 02:19 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\nbr
2015-01-11 09:45 - 2015-01-25 22:38 - 00000000 ____D () C:\Users\Dash\Desktop\Nate
2015-01-09 23:10 - 2015-01-09 23:10 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Blasted Fortress
2015-01-07 01:49 - 2015-01-07 03:50 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\RealHorrorStories.GameORE
2015-01-06 00:42 - 2015-01-06 00:42 - 00000000 ____D () C:\Users\Dash\Documents\Carmageddon Reincarnation
2015-01-04 04:04 - 2015-01-05 21:48 - 00034950 _____ () C:\Windows\DirectX.log
2015-01-04 04:04 - 2015-01-04 04:04 - 00000000 ____D () C:\Users\Dash\AppData\Local\Two Worlds II
2015-01-04 02:34 - 2015-01-04 02:34 - 00014848 ___SH () C:\Users\Dash\Documents\Thumbs.db
2015-01-02 21:27 - 2015-01-02 23:17 - 00000000 ____D () C:\Users\Dash\AppData\Local\ShadowsofWar
2014-12-31 18:44 - 2014-12-31 18:44 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Yacht Club Games
2014-12-30 23:32 - 2014-12-30 23:32 - 00000000 ____D () C:\Users\Dash\AppData\Local\FF4
2014-12-30 16:34 - 2014-12-30 16:34 - 00000000 ____D () C:\Users\Dash\AppData\Local\FF3_Win32
2014-12-29 22:34 - 2014-12-29 22:34 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\A Bird Story
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-28 18:10 - 2009-07-13 23:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 18:10 - 2009-07-13 23:45 - 00020528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 18:06 - 2011-08-21 19:10 - 02059150 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 18:04 - 2013-07-27 09:13 - 00000000 ___RD () C:\Users\Dash\Dropbox
2015-01-28 18:04 - 2013-07-27 09:06 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Dropbox
2015-01-28 18:04 - 2011-08-22 10:17 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 18:03 - 2014-12-15 06:03 - 00015848 _____ () C:\Windows\setupact.log
2015-01-28 18:03 - 2012-02-29 22:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 18:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 18:02 - 2014-12-19 02:51 - 00062304 _____ () C:\Windows\PFRO.log
2015-01-28 17:44 - 2014-03-24 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 17:37 - 2009-07-14 00:13 - 00786730 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 17:34 - 2012-04-21 09:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA.job
2015-01-28 17:25 - 2013-07-22 16:02 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2015-01-28 17:24 - 2013-04-20 12:01 - 00000000 ____D () C:\ProgramData\InstallMate
2015-01-28 17:24 - 2012-02-13 17:17 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-28 17:24 - 2011-08-21 17:09 - 00000000 ____D () C:\ProgramData\HP
2015-01-28 17:23 - 2014-12-15 01:23 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-28 17:23 - 2014-11-02 17:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-28 17:23 - 2014-09-09 20:28 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-28 17:23 - 2013-04-17 08:57 - 00000000 ____D () C:\ProgramData\Hitman Pro
2015-01-28 17:23 - 2012-08-08 19:23 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-28 17:23 - 2012-07-24 14:03 - 00000000 ____D () C:\ProgramData\Desura
2015-01-28 07:45 - 2014-12-19 09:47 - 00134656 ___SH () C:\Users\Dash\Desktop\Thumbs.db
2015-01-28 07:42 - 2012-02-29 22:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 07:20 - 2012-04-25 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-28 07:16 - 2011-08-21 17:42 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Azureus
2015-01-28 06:05 - 2011-08-21 17:44 - 00000000 ____D () C:\Users\Dash\Desktop\Torrents
2015-01-28 01:40 - 2013-11-13 08:58 - 00000000 ____D () C:\Users\Dash\Desktop\Music to Sort
2015-01-28 01:01 - 2014-02-05 22:37 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\mIRC
2015-01-28 00:58 - 2014-02-05 22:37 - 00000000 ____D () C:\Program Files (x86)\mIRC
2015-01-27 19:49 - 2014-02-18 00:20 - 00000000 ____D () C:\Users\Dash\Desktop\Game Collection
2015-01-27 19:42 - 2012-04-21 09:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core.job
2015-01-27 19:27 - 2012-10-22 11:58 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Spotify
2015-01-27 18:04 - 2014-01-25 22:17 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Mp3tag
2015-01-27 18:04 - 2012-10-22 12:00 - 00000000 ____D () C:\Users\Dash\AppData\Local\Spotify
2015-01-27 16:15 - 2012-07-24 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2015-01-27 16:15 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-27 16:05 - 2012-07-24 14:03 - 00000000 ____D () C:\Program Files (x86)\Desura
2015-01-26 22:04 - 2011-08-21 17:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-26 22:04 - 2011-08-21 17:01 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-26 03:40 - 2011-08-21 17:45 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-25 04:05 - 2012-06-30 01:22 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Skype
2015-01-25 00:25 - 2014-09-07 15:57 - 00000000 ____D () C:\Users\Dash\AppData\Local\Adobe
2015-01-24 01:22 - 2012-06-30 01:22 - 00000000 ____D () C:\ProgramData\Skype
2015-01-24 01:21 - 2014-09-19 22:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-22 20:32 - 2011-08-21 20:53 - 00000000 ____D () C:\Users\Dash\Documents\My Games
2015-01-22 16:10 - 2012-02-29 22:17 - 00000000 ____D () C:\Users\Dash\AppData\Local\Google
2015-01-22 16:10 - 2012-02-29 22:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-21 15:43 - 2014-01-24 20:04 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-21 15:34 - 2014-11-02 17:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-21 15:34 - 2014-07-21 22:32 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 15:34 - 2014-07-21 22:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-21 15:34 - 2014-07-21 22:32 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-21 15:34 - 2013-10-16 08:37 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-21 15:33 - 2013-08-14 20:49 - 00000000 ____D () C:\ProgramData\Origin
2015-01-21 04:10 - 2011-08-22 10:31 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-21 00:09 - 2013-08-14 20:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-14 17:13 - 2011-08-21 18:50 - 00778852 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 17:06 - 2013-07-11 05:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:59 - 2011-08-21 18:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 00:36 - 2013-01-16 21:34 - 00000000 ____D () C:\Users\Dash\Documents\Space
2015-01-09 00:35 - 2012-01-06 22:42 - 00000000 ____D () C:\Users\Dash\Documents\Bioshock
2015-01-07 03:55 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-05 03:45 - 2011-08-21 17:02 - 00000000 ____D () C:\Users\Dash\AppData\Local\Last.fm
2015-01-05 03:21 - 2012-10-01 22:33 - 00000000 ____D () C:\Users\Dash\Documents\Katie
2015-01-03 23:20 - 2014-04-10 00:01 - 00000000 ____D () C:\Users\Dash\AppData\Local\Battle.net
2014-12-31 16:58 - 2014-04-24 09:02 - 00000000 ____D () C:\Users\Dash\AppData\Roaming\RenPy
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-30 23:32 - 2013-10-18 10:10 - 00000000 ____D () C:\Users\Dash\Documents\Square Enix
 
==================== Files in the root of some directories =======
 
2014-12-19 17:55 - 2014-12-19 22:00 - 0004221 _____ () C:\Users\Dash\AppData\Roaming\SpeedRunnersLog.txt
2012-02-14 15:03 - 2014-11-26 15:01 - 0100286 _____ () C:\Users\Dash\AppData\Local\ars.cache
2012-02-14 15:03 - 2014-11-26 15:01 - 1542687 _____ () C:\Users\Dash\AppData\Local\census.cache
2011-11-04 14:25 - 2011-11-04 14:25 - 0000036 _____ () C:\Users\Dash\AppData\Local\housecall.guid.cache
2014-06-30 19:40 - 2014-06-30 19:40 - 0000218 _____ () C:\Users\Dash\AppData\Local\recently-used.xbel
2011-12-31 03:14 - 2012-05-01 21:54 - 0007600 _____ () C:\Users\Dash\AppData\Local\Resmon.ResmonCfg
2013-01-31 05:46 - 2013-02-07 12:43 - 0125424 _____ () C:\Users\Dash\AppData\Local\soulseek-client.dat
2014-08-05 18:06 - 2014-11-26 14:57 - 0000010 _____ () C:\Users\Dash\AppData\Local\sponge.last.runtime.cache
 
Some content of TEMP:
====================
C:\Users\Dash\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpzys2.dll
C:\Users\Dash\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Dash\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Dash\AppData\Local\Temp\mirc738.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\conhost.exe
C:\Windows\SysWOW64\csrss.exe
C:\Windows\SysWOW64\dwm.exe
C:\Windows\SysWOW64\lsass.exe
C:\Windows\SysWOW64\lsm.exe
C:\Windows\SysWOW64\nvvsvc.exe
C:\Windows\SysWOW64\services.exe
C:\Windows\SysWOW64\smss.exe
C:\Windows\SysWOW64\spoolsv.exe
C:\Windows\SysWOW64\taskhost.exe
C:\Windows\SysWOW64\winlogon.exe
C:\Windows\System32\nvapi.dll
C:\Windows\System32\nvd3dum.dll
C:\Windows\System32\nvspcap.dll
C:\Windows\System32\olepro32.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 04:11
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 29 January 2015 - 08:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 

 

 

Please post the addition.txt as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 29 January 2015 - 02:19 PM

Sorry about that, thought I had!

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by Dash at 2015-01-28 18:12:27
Running from C:\Users\Dash\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
8-Bit Commando (HKLM-x32\...\Steam App 287860) (Version:  - 2DEngine)
A Story About My Uncle (HKLM-x32\...\Steam App 278360) (Version:  - Gone North Games)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIM 7 (HKLM-x32\...\AIM_7) (Version:  - )
Amazon Music (HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
Among the Sleep (HKLM-x32\...\Steam App 250620) (Version:  - Krillbite Studio)
Angry Video Game Nerd Adventures (HKLM-x32\...\Steam App 237740) (Version:  - FreakZone Games)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\Avisynth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blacklight - Tango Down (HKLM-x32\...\GFWL_{58410A6D-3D5F-47E1-9872-661000008200}) (Version: 1.0.0000.130 - Ignition Entertainment)
Blacklight - Tango Down (x32 Version: 1.0.0000.130 - Ignition Entertainment) Hidden
Blacklight: Tango Down (x32 Version: 1.0.0003.130 - Ignition Entertainment) Hidden
Blackthorne (HKLM-x32\...\{C563EEF9-17FF-4563-8B78-82AF0C4577CE}) (Version: 1.0.0 - Blizzard Entertainment)
Blade Symphony (HKLM-x32\...\Steam App 225600) (Version:  - Puny Human Games)
Blockstorm (HKLM-x32\...\Steam App 263060) (Version:  - GhostShark)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cave Story+ (HKLM-x32\...\Steam App 200900) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12284.0 - Cisco Consumer Products LLC)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Claire (HKLM-x32\...\Steam App 252830) (Version:  - Hailstorm Games)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Gates (HKLM-x32\...\Steam App 333730) (Version:  - DFour Games)
Deep Dungeons of Doom (HKLM-x32\...\Steam App 325090) (Version:  - Bossa Studios)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Deluge 1.3.6 (HKLM-x32\...\Deluge) (Version:  - )
Desura (HKLM-x32\...\Desura) (Version: 100.62 - Desura) <==== ATTENTION!
Desura: Battlepaths (HKLM-x32\...\Desura_80625126080544) (Version: Full - Key17Games)
Desura: Diablo II (HKLM-x32\...\Desura_214748364832) (Version:  - Blizzard Entertainment)
Desura: Diablo II: Lord of Destruction (HKLM-x32\...\Desura_59373627899936) (Version:  - Blizzard Entertainment)
Desura: Jamestown: Legend of the Lost Colony (HKLM-x32\...\Desura_69703024246816) (Version:  - Final Form Games)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Direct Show Ogg Vorbis Filter (remove only) (HKLM-x32\...\OggDS) (Version:  - )
DLC Quest (HKLM-x32\...\Steam App 230050) (Version:  - Going Loud Studios)
Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version:  - WayForward)
Dr.Green (HKLM-x32\...\Steam App 340290) (Version:  - Johan Aronsson)
Dropbox (HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duke Nukem (HKLM-x32\...\Steam App 240160) (Version:  - 3D Realms)
Duke Nukem 2 (HKLM-x32\...\Steam App 240180) (Version:  - 3D Realms)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.98 - Etron Technology) Hidden
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
FINAL FANTASY IV (HKLM-x32\...\Steam App 312750) (Version:  - Square Enix)
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Geeks3D.com FurMark 1.9.2 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D.com)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Gemini Rue (HKLM-x32\...\Steam App 80310) (Version:  - )
Gigantic Army (HKLM-x32\...\Steam App 278930) (Version:  - ASTRO PORT)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Gone Home (HKLM-x32\...\Steam App 232430) (Version:  - The Fullbright Company)
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Home (HKLM-x32\...\Steam App 215670) (Version:  - )
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Last Inua (HKLM-x32\...\Steam App 331980) (Version:  - Glowforth)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Lethal League (HKLM-x32\...\Steam App 261180) (Version:  - Team Reptile)
Life of Pixel (HKLM-x32\...\Steam App 327260) (Version:  - Super Icon Ltd)
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Lone Survivor (HKLM-x32\...\Steam App 209830) (Version:  - )
Magic 2014  (HKLM-x32\...\Steam App 213850) (Version:  - Stainless Games)
Magicians & Looters (HKLM-x32\...\Steam App 284180) (Version:  - Morgopolis Studios)
Majestic Nights (HKLM-x32\...\Steam App 284140) (Version:  - Epiphany Games)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1008 - Marvell)
MediaInfo 0.7.53 (HKLM\...\MediaInfo) (Version: 0.7.53 - MediaArea.net)
Mercenary Kings (HKLM-x32\...\Steam App 218820) (Version:  - Tribute Games Inc.)
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
METAL SLUG X (HKLM-x32\...\Steam App 312610) (Version:  - DotEmu)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Oniken (HKLM-x32\...\Steam App 252010) (Version:  - JoyMasher)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version:  - Q-Games)
POSTAL (HKLM-x32\...\Steam App 232770) (Version:  - Running With Scissors)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM-x32\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.08.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise of the Triad (HKLM-x32\...\Steam App 217140) (Version:  - Interceptor Entertainment)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
Saturday Morning RPG (HKLM-x32\...\Steam App 263320) (Version:  - Mighty Rabbit Studios)
ScrewDrivers Client v4 (HKLM-x32\...\ScrewDrivers Client v4) (Version: 4.2.01.44 - triCerat, Inc.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version:  - Yacht Club Games)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
Spotify (HKU\S-1-5-21-4101860393-3531364293-1392072032-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stranded (HKLM-x32\...\Steam App 295250) (Version:  - Peter Moorhead)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )
Terrian Saga: KR-17 (HKLM-x32\...\Steam App 278640) (Version:  - Wonderfling)
The Apogee Throwback Pack (HKLM-x32\...\Steam App 238050) (Version:  - Interceptor Entertainment)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - )
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)
VobSub 2.23 (HKLM-x32\...\VobSub) (Version: 2.23 - Gabest)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.1 - BillP Studios)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version:  - )
Wrack (HKLM-x32\...\Steam App 253610) (Version:  - Final Boss Entertainment)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Ys I (HKLM-x32\...\Steam App 223810) (Version:  - Nihon Falcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Dash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dash\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\gameux.dll No File
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4101860393-3531364293-1392072032-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

26-01-2015 22:00:06 Removed DefianceRuntimes
28-01-2015 03:52:43 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02BD3CA2-199A-4A0D-90E9-2BE82D02A867} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {30569059-1668-405A-B58C-F18807A981E1} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-07-17] ()
Task: {36D8B745-3534-41CF-9C35-51626DE38E08} - System32\Tasks\{EF2906CB-AD07-479F-AF7F-1265E67D78C3} => pcalua.exe -a C:\PROGRA~2\triCerat\SIMPLI~1\SCREWD~1\INSTAL~1.EXE -d C:\Windows\system32 -c -i "C:\PROGRA~2\triCerat\SIMPLI~1\SCREWD~1\sdica6.dll"
Task: {3FBD0115-0E58-4554-9B99-DFE45A37F36D} - System32\Tasks\Amazon Music Helper => C:\Users\Dash\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-08] ()
Task: {44681DA8-C19F-4F33-86ED-D052401FC838} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {4672C3D0-57C0-4361-95FC-95138266B92F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core => C:\Users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19] (Google Inc.)
Task: {48E2BDA1-A71A-4E3E-8758-941D6D046AB9} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {58AC229E-8671-4229-B24F-B04378D66814} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {64F795F6-1D10-475E-B5C4-81FF817903F1} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {73305D71-2AEF-4E1A-A942-2CCCD60B6190} - System32\Tasks\{1D8D0E69-19E1-47FF-BD3F-CC14F448FA22} => pcalua.exe -a "C:\Program Files (x86)\EVGA Precision\uninstall.exe"
Task: {79506A3E-BA1D-4431-85C7-A6387D454FD5} - System32\Tasks\{2A6D20AA-0C80-4166-9DD1-AA46B902D9A4} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.114/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
Task: {A78817F4-D099-46AA-BB64-608958F1A4CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {B45C742F-02CC-4B5B-A8FB-F3BC4EE42D47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {BB829A20-CD66-4223-94A3-155E5E3E9C0D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BD7D449D-DE16-469B-B7A5-C15D55794ABC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {ECB2512A-AAEB-4009-9F34-AD5BA4F04E99} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA => C:\Users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core.job => C:\Users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA.job => C:\Users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-13 08:31 - 2013-12-19 13:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-11-05 23:52 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-07-27 19:48 - 2013-07-27 19:56 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-17 19:28 - 2013-07-17 19:28 - 00627016 _____ () C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
2014-12-26 20:37 - 2014-12-08 01:27 - 06277952 _____ () C:\Users\Dash\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-15 11:49 - 2013-05-15 11:49 - 00071680 _____ () C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
2013-05-15 11:48 - 2013-05-15 11:48 - 00056832 _____ () C:\Program Files (x86)\EVGA Precision X\RTFC.dll
2013-05-15 11:49 - 2013-05-15 11:49 - 00216064 _____ () C:\Program Files (x86)\EVGA Precision X\RTCore.dll
2013-05-15 11:49 - 2013-05-15 11:49 - 00127488 _____ () C:\Program Files (x86)\EVGA Precision X\RTUI.dll
2013-05-15 11:49 - 2013-05-15 11:49 - 00587776 _____ () C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
2014-08-05 18:07 - 2014-08-05 18:07 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2013-04-20 12:01 - 2013-07-15 12:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-08-29 14:04 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 14:04 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 14:04 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 14:04 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 16:10 - 2014-11-11 13:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-01 19:53 - 2014-12-01 19:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-01 19:53 - 2014-12-01 19:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-01 19:53 - 2014-12-01 19:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-04-30 22:20 - 2015-01-27 13:59 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 14:04 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-08-22 10:23 - 2015-01-27 13:59 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-08-05 18:07 - 2014-08-05 18:07 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Dash\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-28 18:04 - 2015-01-28 18:04 - 00043008 _____ () c:\users\dash\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpzys2.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Dash\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Dash\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Dash\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-08-22 10:23 - 2015-01-15 18:42 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dash\Desktop\FRST64.exe:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Dash\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet

========================= Accounts: ==========================

Administrator (S-1-5-21-4101860393-3531364293-1392072032-500 - Administrator - Disabled)
Dash (S-1-5-21-4101860393-3531364293-1392072032-1001 - Administrator - Enabled) => C:\Users\Dash
Guest (S-1-5-21-4101860393-3531364293-1392072032-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4101860393-3531364293-1392072032-1005 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2015 06:04:51 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (01/28/2015 05:22:39 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].

Error: (01/28/2015 05:18:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 163c

Start Time: 01d03b481b909d8b

Termination Time: 30

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/28/2015 05:51:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2aa0

Start Time: 01d03ae864c6ce9c

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/28/2015 04:56:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Faulting module name: SpotifyWebHelper.exe, version: 0.9.15.27, time stamp: 0x54803b75
Exception code: 0xc0000005
Fault offset: 0x00012397
Faulting process id: 0xdd4
Faulting application start time: 0xSpotifyWebHelper.exe0
Faulting application path: SpotifyWebHelper.exe1
Faulting module path: SpotifyWebHelper.exe2
Report Id: SpotifyWebHelper.exe3

Error: (01/27/2015 02:28:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/27/2015 02:28:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/27/2015 02:28:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/26/2015 04:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153
Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x17ec
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/26/2015 05:12:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/28/2015 06:04:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (01/28/2015 06:04:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (01/28/2015 06:03:57 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (01/28/2015 05:45:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (01/28/2015 05:44:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 24%
Total physical RAM: 8175.12 MB
Available physical RAM: 6168.74 MB
Total Pagefile: 16348.42 MB
Available Pagefile: 14245.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:101.68 GB) NTFS
Drive d: (BackUp) (Fixed) (Total:931.41 GB) (Free:323.34 GB) NTFS
Drive f: (Main BackUp) (Fixed) (Total:2794.39 GB) (Free:191.22 GB) NTFS
Drive h: () (Removable) (Total:0.95 GB) (Free:0.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9C352078)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 37515CF3)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9C352060)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 973.8 MB) (Disk ID: 6E697373)
No partition Table on disk 3.

==================== End Of Log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 30 January 2015 - 03:56 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Desura
    
    
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 30 January 2015 - 05:57 AM

ComboFix 15-01-29.01 - Dash 01/30/2015   5:07.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8175.5927 [GMT -5:00]
Running from: c:\users\Dash\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dash\AppData\Roaming\SpeedRunnersLog.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-28 to 2015-01-30  )))))))))))))))))))))))))))))))
.
.
2015-01-30 10:12 . 2015-01-30 10:12    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-01-30 10:12 . 2015-01-30 10:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-01-30 08:44 . 2015-01-30 08:44    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0DA6714-FC36-4963-A213-01572B9F3F1B}\offreg.dll
2015-01-30 07:56 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0DA6714-FC36-4963-A213-01572B9F3F1B}\mpengine.dll
2015-01-29 04:13 . 2015-01-29 04:13    --------    d-----w-    c:\users\Dash\AppData\Roaming\CrystalIdea Software
2015-01-29 03:11 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-29 00:49 . 2015-01-29 00:49    --------    d-----w-    c:\program files (x86)\Ruiware
2015-01-28 22:34 . 2015-01-28 23:12    --------    d-----w-    C:\FRST
2015-01-28 22:22 . 2015-01-28 23:01    --------    d-----w-    c:\windows\FrameworkUpdate
2015-01-28 22:22 . 2015-01-28 22:23    --------    d-----w-    C:\8b026b6f
2015-01-26 04:15 . 2015-01-26 04:32    --------    d-----w-    c:\users\Dash\AppData\Roaming\MM5_Saves
2015-01-26 03:44 . 2015-01-26 03:44    --------    d-----w-    c:\users\Dash\AppData\Roaming\IronCode
2015-01-26 02:02 . 2015-01-26 02:02    --------    d-----w-    c:\users\Dash\AppData\Roaming\com.bossa.ddd
2015-01-25 23:12 . 2015-01-25 23:12    --------    d-----w-    c:\users\Dash\AppData\Roaming\Cinders
2015-01-25 02:40 . 2015-01-25 02:40    --------    d-----w-    c:\users\Dash\AppData\Local\Cat_Goes_Fishing
2015-01-23 07:52 . 2015-01-29 00:44    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 07:52 . 2015-01-29 00:44    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-22 01:55 . 2015-01-22 04:52    --------    d-----w-    c:\users\Dash\AppData\Roaming\Wrack
2015-01-21 20:34 . 2015-01-21 20:34    --------    d-----w-    c:\program files (x86)\Common Files\Java
2015-01-20 06:04 . 2015-01-20 06:04    --------    d-----w-    c:\users\Dash\AppData\Local\Targem
2015-01-20 04:35 . 2015-01-20 04:35    --------    d-----w-    c:\users\Dash\AppData\Local\SuperToyCars
2015-01-16 01:56 . 2015-01-16 11:10    --------    d-----w-    c:\users\Dash\AppData\Local\unhack
2015-01-13 07:19 . 2015-01-13 07:19    --------    d-----w-    c:\users\Dash\AppData\Roaming\nbr
2015-01-10 04:10 . 2015-01-10 04:10    --------    d-----w-    c:\users\Dash\AppData\Roaming\Blasted Fortress
2015-01-07 06:49 . 2015-01-07 08:50    --------    d-----w-    c:\users\Dash\AppData\Roaming\RealHorrorStories.GameORE
2015-01-04 09:04 . 2015-01-04 09:04    --------    d-----w-    c:\users\Dash\AppData\Local\Two Worlds II
2015-01-03 02:27 . 2015-01-03 04:17    --------    d-----w-    c:\users\Dash\AppData\Local\ShadowsofWar
2014-12-31 23:44 . 2014-12-31 23:44    --------    d-----w-    c:\users\Dash\AppData\Roaming\Yacht Club Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 08:42 . 2014-03-24 23:29    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-21 20:34 . 2014-11-02 22:48    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 21:59 . 2011-08-21 23:44    113365784    ----a-w-    c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2010-11-21 03:27    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-19 07:15    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-19 07:15    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-11-28 03:55 . 2011-08-22 17:23    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-11-28 03:55 . 2011-08-22 17:23    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-11-27 01:43 . 2014-12-10 22:57    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 22:57    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 22:57    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 22:57    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 22:57    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 22:57    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 22:57    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 22:57    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 22:57    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 22:57    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 22:57    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 22:57    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 22:57    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 22:57    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 22:57    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 22:57    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 22:57    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 22:57    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 22:57    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 22:57    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 22:57    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 22:57    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 22:57    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 22:57    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 22:57    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 22:57    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 22:57    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 22:57    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 22:57    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 22:57    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 22:57    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 22:57    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 22:57    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 22:57    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 22:57    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 22:57    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-03-24 23:28    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-03-24 23:28    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2011-08-30 03:09    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-18 19:56 . 2014-11-18 19:56    1202848    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 22:56    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 09:36    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 09:36    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 22:56    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 09:36    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 09:36    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 22:56    119296    ----a-w-    c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-01-29 1945280]
"Spotify Web Helper"="c:\users\Dash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-10 1676344]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Dash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 boptihqz;boptihqz;c:\windows\system32\drivers\boptihqz.sys;c:\windows\SYSNATIVE\drivers\boptihqz.sys [x]
R1 cxvtkaec;cxvtkaec;c:\windows\system32\drivers\cxvtkaec.sys;c:\windows\SYSNATIVE\drivers\cxvtkaec.sys [x]
R1 edglemgl;edglemgl;c:\windows\system32\drivers\edglemgl.sys;c:\windows\SYSNATIVE\drivers\edglemgl.sys [x]
R1 fvuvvxyj;fvuvvxyj;c:\windows\system32\drivers\fvuvvxyj.sys;c:\windows\SYSNATIVE\drivers\fvuvvxyj.sys [x]
R1 gykjlksx;gykjlksx;c:\windows\system32\drivers\gykjlksx.sys;c:\windows\SYSNATIVE\drivers\gykjlksx.sys [x]
R1 kvhbduvx;kvhbduvx;c:\windows\system32\drivers\kvhbduvx.sys;c:\windows\SYSNATIVE\drivers\kvhbduvx.sys [x]
R1 lqgfhupx;lqgfhupx;c:\windows\system32\drivers\lqgfhupx.sys;c:\windows\SYSNATIVE\drivers\lqgfhupx.sys [x]
R1 rlgwuled;rlgwuled;c:\windows\system32\drivers\rlgwuled.sys;c:\windows\SYSNATIVE\drivers\rlgwuled.sys [x]
R1 uhusbvqb;uhusbvqb;c:\windows\system32\drivers\uhusbvqb.sys;c:\windows\SYSNATIVE\drivers\uhusbvqb.sys [x]
R1 zedunnua;zedunnua;c:\windows\system32\drivers\zedunnua.sys;c:\windows\SYSNATIVE\drivers\zedunnua.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-30 05:44    1086280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\xlplymqm.default-1422490049549\
FF - prefs.js: browser.startup.homepage - www.gametz.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Desura_214748364832 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_59373627899936 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_69703024246816 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_80625126080544 - c:\program files (x86)\Desura\desura.exe
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\00\15\16*\03c"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-30  05:13:50
ComboFix-quarantined-files.txt  2015-01-30 10:13
.
Pre-Run: 98,785,312,768 bytes free
Post-Run: 98,909,704,192 bytes free
.
- - End Of File - - 9CE0D67EAB534F94466A5088969844CD
A36C5E4F47E84449FF07ED3517B43A31
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 30 January 2015 - 06:21 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 30 January 2015 - 06:47 PM

ComboFix 15-01-29.01 - Dash 01/30/2015  18:16:48.4.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8175.6232 [GMT -5:00]
Running from: c:\users\Dash\Desktop\ComboFix.exe
Command switches used :: c:\users\Dash\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-28 to 2015-01-30  )))))))))))))))))))))))))))))))
.
.
2015-01-30 23:22 . 2015-01-30 23:22    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-01-30 23:22 . 2015-01-30 23:22    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-01-30 23:22 . 2015-01-30 23:22    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-01-30 11:20 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AEA23DD8-67CF-4ECF-8417-A7D1047C20DB}\mpengine.dll
2015-01-30 11:08 . 2015-01-30 11:08    53248    ----a-w-    c:\windows\SysWow64\zlib.dll
2015-01-30 11:08 . 2015-01-30 11:08    --------    d-----w-    c:\programdata\Foolish IT
2015-01-30 11:08 . 2015-01-30 11:08    --------    d-----w-    c:\program files (x86)\Foolish IT
2015-01-29 04:13 . 2015-01-29 04:13    --------    d-----w-    c:\users\Dash\AppData\Roaming\CrystalIdea Software
2015-01-29 03:11 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-29 00:49 . 2015-01-29 00:49    --------    d-----w-    c:\program files (x86)\Ruiware
2015-01-28 22:34 . 2015-01-28 23:12    --------    d-----w-    C:\FRST
2015-01-28 22:22 . 2015-01-28 23:01    --------    d-----w-    c:\windows\FrameworkUpdate
2015-01-28 22:22 . 2015-01-28 22:23    --------    d-----w-    C:\8b026b6f
2015-01-26 04:15 . 2015-01-26 04:32    --------    d-----w-    c:\users\Dash\AppData\Roaming\MM5_Saves
2015-01-26 03:44 . 2015-01-26 03:44    --------    d-----w-    c:\users\Dash\AppData\Roaming\IronCode
2015-01-26 02:02 . 2015-01-26 02:02    --------    d-----w-    c:\users\Dash\AppData\Roaming\com.bossa.ddd
2015-01-25 23:12 . 2015-01-25 23:12    --------    d-----w-    c:\users\Dash\AppData\Roaming\Cinders
2015-01-25 02:40 . 2015-01-25 02:40    --------    d-----w-    c:\users\Dash\AppData\Local\Cat_Goes_Fishing
2015-01-23 07:52 . 2015-01-29 00:44    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 07:52 . 2015-01-29 00:44    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-22 01:55 . 2015-01-22 04:52    --------    d-----w-    c:\users\Dash\AppData\Roaming\Wrack
2015-01-21 20:34 . 2015-01-21 20:34    --------    d-----w-    c:\program files (x86)\Common Files\Java
2015-01-20 06:04 . 2015-01-20 06:04    --------    d-----w-    c:\users\Dash\AppData\Local\Targem
2015-01-20 04:35 . 2015-01-20 04:35    --------    d-----w-    c:\users\Dash\AppData\Local\SuperToyCars
2015-01-16 01:56 . 2015-01-16 11:10    --------    d-----w-    c:\users\Dash\AppData\Local\unhack
2015-01-13 07:19 . 2015-01-13 07:19    --------    d-----w-    c:\users\Dash\AppData\Roaming\nbr
2015-01-10 04:10 . 2015-01-10 04:10    --------    d-----w-    c:\users\Dash\AppData\Roaming\Blasted Fortress
2015-01-07 06:49 . 2015-01-07 08:50    --------    d-----w-    c:\users\Dash\AppData\Roaming\RealHorrorStories.GameORE
2015-01-04 09:04 . 2015-01-04 09:04    --------    d-----w-    c:\users\Dash\AppData\Local\Two Worlds II
2015-01-03 02:27 . 2015-01-03 04:17    --------    d-----w-    c:\users\Dash\AppData\Local\ShadowsofWar
2014-12-31 23:44 . 2014-12-31 23:44    --------    d-----w-    c:\users\Dash\AppData\Roaming\Yacht Club Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-30 08:42 . 2014-03-24 23:29    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-21 20:34 . 2014-11-02 22:48    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 21:59 . 2011-08-21 23:44    113365784    ----a-w-    c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2010-11-21 03:27    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-19 07:15    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-19 07:15    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-11-28 03:55 . 2011-08-22 17:23    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-11-28 03:55 . 2011-08-22 17:23    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-11-27 01:43 . 2014-12-10 22:57    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 22:57    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 22:57    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 22:57    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 22:57    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 22:57    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 22:57    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 22:57    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 22:57    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 22:57    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 22:57    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 22:57    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 22:57    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 22:57    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 22:57    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 22:57    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 22:57    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 22:57    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 22:57    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 22:57    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 22:57    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 22:57    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 22:57    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 22:57    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 22:57    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 22:57    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 22:57    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 22:57    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 22:57    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 22:57    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 22:57    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 22:57    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 22:57    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 22:57    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 22:57    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 22:57    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-03-24 23:28    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-03-24 23:28    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2011-08-30 03:09    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-18 19:56 . 2014-11-18 19:56    1202848    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 22:56    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 09:36    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 09:36    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 22:56    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 09:36    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 09:36    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 22:56    119296    ----a-w-    c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\8b026b6f ----
.
.
---- Directory of c:\windows\FrameworkUpdate ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-01-29 1945280]
"Spotify Web Helper"="c:\users\Dash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-10 1676344]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Dash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 boptihqz;boptihqz;c:\windows\system32\drivers\boptihqz.sys;c:\windows\SYSNATIVE\drivers\boptihqz.sys [x]
R1 cxvtkaec;cxvtkaec;c:\windows\system32\drivers\cxvtkaec.sys;c:\windows\SYSNATIVE\drivers\cxvtkaec.sys [x]
R1 edglemgl;edglemgl;c:\windows\system32\drivers\edglemgl.sys;c:\windows\SYSNATIVE\drivers\edglemgl.sys [x]
R1 fvuvvxyj;fvuvvxyj;c:\windows\system32\drivers\fvuvvxyj.sys;c:\windows\SYSNATIVE\drivers\fvuvvxyj.sys [x]
R1 gykjlksx;gykjlksx;c:\windows\system32\drivers\gykjlksx.sys;c:\windows\SYSNATIVE\drivers\gykjlksx.sys [x]
R1 kvhbduvx;kvhbduvx;c:\windows\system32\drivers\kvhbduvx.sys;c:\windows\SYSNATIVE\drivers\kvhbduvx.sys [x]
R1 lqgfhupx;lqgfhupx;c:\windows\system32\drivers\lqgfhupx.sys;c:\windows\SYSNATIVE\drivers\lqgfhupx.sys [x]
R1 rlgwuled;rlgwuled;c:\windows\system32\drivers\rlgwuled.sys;c:\windows\SYSNATIVE\drivers\rlgwuled.sys [x]
R1 uhusbvqb;uhusbvqb;c:\windows\system32\drivers\uhusbvqb.sys;c:\windows\SYSNATIVE\drivers\uhusbvqb.sys [x]
R1 zedunnua;zedunnua;c:\windows\system32\drivers\zedunnua.sys;c:\windows\SYSNATIVE\drivers\zedunnua.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-30 05:44    1086280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
2015-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\xlplymqm.default-1422490049549\
FF - prefs.js: browser.startup.homepage - www.gametz.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Desura_214748364832 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_59373627899936 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_69703024246816 - c:\program files (x86)\Desura\desura.exe
AddRemove-Desura_80625126080544 - c:\program files (x86)\Desura\desura.exe
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\00\15\16*\03c"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\users\Dash\AppData\Local\Amazon Music\Amazon Music Helper.exe
c:\program files (x86)\EVGA Precision X\EVGAPrecision.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2015-01-30  18:29:29 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-30 23:29
ComboFix2.txt  2015-01-30 10:13
.
Pre-Run: 98,908,741,632 bytes free
Post-Run: 98,585,645,056 bytes free
.
- - End Of File - - B16C6AB15145986DCBB9615353B00A2E
A36C5E4F47E84449FF07ED3517B43A31
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 02 February 2015 - 05:16 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
 
 
Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 04 February 2015 - 03:52 AM

ComboFix 15-02-02.01 - Dash 02/04/2015   3:43.5.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8175.5490 [GMT -5:00]
Running from: c:\users\Dash\Desktop\ComboFix.exe
Command switches used :: c:\users\Dash\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-04 to 2015-02-04  )))))))))))))))))))))))))))))))
.
.
2015-02-04 08:49 . 2015-02-04 08:49    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2015-02-04 08:49 . 2015-02-04 08:49    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-02-04 08:49 . 2015-02-04 08:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-04 07:31 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F29A831B-BDFF-4E21-B79C-B93367256F36}\mpengine.dll
2015-02-03 07:30 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-03 03:27 . 2015-02-03 04:40    --------    d-----w-    c:\users\Dash\AppData\Roaming\SickBrick
2015-02-02 23:32 . 2015-02-02 23:32    25136    ----a-w-    c:\windows\DCEBoot64.exe
2015-02-01 12:13 . 2013-09-28 02:56    285208    ----a-w-    c:\windows\system32\drivers\tmcomm.sys
2015-01-31 09:05 . 2015-01-31 09:05    --------    d-----w-    c:\users\Dash\AppData\Local\GhostCrabGames
2015-01-30 11:08 . 2015-01-30 11:08    53248    ----a-w-    c:\windows\SysWow64\zlib.dll
2015-01-30 11:08 . 2015-01-30 11:08    --------    d-----w-    c:\programdata\Foolish IT
2015-01-30 11:08 . 2015-01-30 11:08    --------    d-----w-    c:\program files (x86)\Foolish IT
2015-01-29 04:13 . 2015-01-29 04:13    --------    d-----w-    c:\users\Dash\AppData\Roaming\CrystalIdea Software
2015-01-29 00:49 . 2015-01-29 00:49    --------    d-----w-    c:\program files (x86)\Ruiware
2015-01-28 22:34 . 2015-01-28 23:12    --------    d-----w-    C:\FRST
2015-01-28 22:22 . 2015-01-28 23:01    --------    d-----w-    c:\windows\FrameworkUpdate
2015-01-28 22:22 . 2015-01-28 22:23    --------    d-----w-    C:\8b026b6f
2015-01-26 04:15 . 2015-01-26 04:32    --------    d-----w-    c:\users\Dash\AppData\Roaming\MM5_Saves
2015-01-26 03:44 . 2015-01-26 03:44    --------    d-----w-    c:\users\Dash\AppData\Roaming\IronCode
2015-01-26 02:02 . 2015-01-26 02:02    --------    d-----w-    c:\users\Dash\AppData\Roaming\com.bossa.ddd
2015-01-25 23:12 . 2015-01-25 23:12    --------    d-----w-    c:\users\Dash\AppData\Roaming\Cinders
2015-01-25 02:40 . 2015-01-25 02:40    --------    d-----w-    c:\users\Dash\AppData\Local\Cat_Goes_Fishing
2015-01-23 07:52 . 2015-01-29 00:44    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 07:52 . 2015-01-29 00:44    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-22 01:55 . 2015-01-22 04:52    --------    d-----w-    c:\users\Dash\AppData\Roaming\Wrack
2015-01-21 20:34 . 2015-01-21 20:34    --------    d-----w-    c:\program files (x86)\Common Files\Java
2015-01-20 06:04 . 2015-01-20 06:04    --------    d-----w-    c:\users\Dash\AppData\Local\Targem
2015-01-20 04:35 . 2015-01-20 04:35    --------    d-----w-    c:\users\Dash\AppData\Local\SuperToyCars
2015-01-16 01:56 . 2015-01-16 11:10    --------    d-----w-    c:\users\Dash\AppData\Local\unhack
2015-01-13 07:19 . 2015-01-13 07:19    --------    d-----w-    c:\users\Dash\AppData\Roaming\nbr
2015-01-10 04:10 . 2015-01-10 04:10    --------    d-----w-    c:\users\Dash\AppData\Roaming\Blasted Fortress
2015-01-07 06:49 . 2015-01-07 08:50    --------    d-----w-    c:\users\Dash\AppData\Roaming\RealHorrorStories.GameORE
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-02 10:45 . 2014-03-24 23:29    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-21 20:34 . 2014-11-02 22:48    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 21:59 . 2011-08-21 23:44    113365784    ----a-w-    c:\windows\system32\MRT.exe
2014-12-31 11:14 . 2010-11-21 03:27    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-19 07:15    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-19 07:15    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-11-28 03:55 . 2011-08-22 17:23    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2014-11-28 03:55 . 2011-08-22 17:23    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2014-11-28 03:55 . 2011-08-22 17:23    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2014-11-27 01:43 . 2014-12-10 22:57    389296    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 22:57    25059840    ----a-w-    c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 22:57    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 22:57    66560    ----a-w-    c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 22:57    580096    ----a-w-    c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 22:57    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 22:57    2885120    ----a-w-    c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 22:57    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 22:57    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 22:57    34304    ----a-w-    c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 22:57    633856    ----a-w-    c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 22:57    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 22:57    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 22:57    6039552    ----a-w-    c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 22:57    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 22:57    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 22:57    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 22:57    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 22:57    199680    ----a-w-    c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 22:57    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 22:57    501248    ----a-w-    c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 22:57    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 22:57    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 22:57    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 22:57    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 22:57    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 22:57    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 22:57    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 22:57    2125312    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 22:57    14412800    ----a-w-    c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 22:57    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 22:57    4299264    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 22:57    2358272    ----a-w-    c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 22:57    2052096    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 22:57    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 22:57    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 22:57    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 22:57    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-11-21 11:14 . 2014-03-24 23:28    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-03-24 23:28    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2011-08-30 03:09    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-18 19:56 . 2014-11-18 19:56    1202848    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 22:56    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 09:36    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 09:36    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 22:56    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 09:36    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 09:36    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 22:56    119296    ----a-w-    c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 22:55    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\8b026b6f ----
.
.
---- Directory of c:\windows\FrameworkUpdate ----
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-01-31 2874560]
"Spotify Web Helper"="c:\users\Dash\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-10 1676344]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Dash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dash\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       c:\windows\DCEBoot64.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 boptihqz;boptihqz;c:\windows\system32\drivers\boptihqz.sys;c:\windows\SYSNATIVE\drivers\boptihqz.sys [x]
R1 cxvtkaec;cxvtkaec;c:\windows\system32\drivers\cxvtkaec.sys;c:\windows\SYSNATIVE\drivers\cxvtkaec.sys [x]
R1 edglemgl;edglemgl;c:\windows\system32\drivers\edglemgl.sys;c:\windows\SYSNATIVE\drivers\edglemgl.sys [x]
R1 fvuvvxyj;fvuvvxyj;c:\windows\system32\drivers\fvuvvxyj.sys;c:\windows\SYSNATIVE\drivers\fvuvvxyj.sys [x]
R1 gykjlksx;gykjlksx;c:\windows\system32\drivers\gykjlksx.sys;c:\windows\SYSNATIVE\drivers\gykjlksx.sys [x]
R1 kvhbduvx;kvhbduvx;c:\windows\system32\drivers\kvhbduvx.sys;c:\windows\SYSNATIVE\drivers\kvhbduvx.sys [x]
R1 lqgfhupx;lqgfhupx;c:\windows\system32\drivers\lqgfhupx.sys;c:\windows\SYSNATIVE\drivers\lqgfhupx.sys [x]
R1 rlgwuled;rlgwuled;c:\windows\system32\drivers\rlgwuled.sys;c:\windows\SYSNATIVE\drivers\rlgwuled.sys [x]
R1 uhusbvqb;uhusbvqb;c:\windows\system32\drivers\uhusbvqb.sys;c:\windows\SYSNATIVE\drivers\uhusbvqb.sys [x]
R1 zedunnua;zedunnua;c:\windows\system32\drivers\zedunnua.sys;c:\windows\SYSNATIVE\drivers\zedunnua.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision X\RTCore64.sys;c:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-30 05:44    1086280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-01 03:32]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001Core.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101860393-3531364293-1392072032-1001UA.job
- c:\users\Dash\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-21 20:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Dash\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Dash\AppData\Roaming\Mozilla\Firefox\Profiles\xlplymqm.default-1422490049549\
FF - prefs.js: browser.startup.homepage - www.gametz.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-OggDS - c:\windows\system32\OggDSuninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\00\15\16*\03c"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-04  03:50:48
ComboFix-quarantined-files.txt  2015-02-04 08:50
ComboFix2.txt  2015-01-30 23:29
ComboFix3.txt  2015-01-30 10:13
.
Pre-Run: 92,452,311,040 bytes free
Post-Run: 92,177,522,688 bytes free
.
- - End Of File - - 31E6B9175C5F03290C33E46F4652D549
A36C5E4F47E84449FF07ED3517B43A31
 



#10 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 04 February 2015 - 07:01 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/31/2015
Scan Time: 6:30:52 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.31.02
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dash

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 720592
Time Elapsed: 3 hr, 3 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 7
PUP.RiskwareTool.CK, C:\Users\Dash\Desktop\Nate\Adobe\Adobe Premiere\Adobe Premiere Pro CC 7.0.0\Crack\Patch by PainteR\adobe.photoshop.cc-patch-painter.zip, No Action By User, [98b97d7a3c4dcb6bf43017afb848ba46],
RiskWare.Tool.CK, C:\Users\Dash\Desktop\Nate\Adobe\After Effects\Adobe After Effects CC\Crack\Keygen\keygen-CORE\keygen.exe, No Action By User, [242d2dca414894a23104668114ed22de],
PUP.RiskwareTool.CK, C:\Users\Dash\Desktop\Nate\Adobe\After Effects\Adobe After Effects CC\Crack\Keygen\keygen-XFORCE\xf-mccs6.exe, No Action By User, [d67b36c1dcad68ce7f2b5d79c23e11ef],
PUP.RiskwareTool.CK, C:\Users\Dash\Desktop\Nate\Adobe\After Effects\Adobe After Effects CC\Crack\Patch by PainteR\adobe.photoshop.cc-patch-painter.zip, No Action By User, [7dd4867147424beb3ce88d39817f33cd],
PUP.RiskwareTool.CK, C:\Users\Dash\Desktop\Nate\Adobe\After Effects\Adobe After Effects CC\Crack\Patch by PainteR\adobe.photoshop.cc-patch-painter\adobe.photoshop.cc-patch-painter.exe, No Action By User, [420fdf184544c1759391d2f44eb21ae6],
PUP.Optional.OpenCandy, D:\Installers and Tools\Freemake Video Convertor\FreemakeVideoConverter_4.1.5.1.exe, No Action By User, [1140b93ea8e175c1c824f63c2ed354ac],
PUP.Optional.Conduit.A, C:\Program Files (x86)\Vuze\.install4j\user\mism.exe, Quarantined, [a4adfff821685cda1a3804a9f60b3bc5],

Physical Sectors: 0
(No malicious items detected)


(end)



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 04 February 2015 - 10:03 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 04 February 2015 - 10:51 AM

Gotcha. Seems like my friends folder had em in. Haven't run any of these, nor did I DL them on my system. So not the cause of the issue here, nor directly my doing. If you don't wish to help any further, just let me know.



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 05 February 2015 - 03:27 AM

Please run MBAM again and remove the detected malware.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 sideswipe999

sideswipe999
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:05 PM

Posted 05 February 2015 - 07:08 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/5/2015
Scan Time: 4:14:55 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.05.04
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dash

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 694241
Time Elapsed: 2 hr, 44 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 AM

Posted 05 February 2015 - 08:13 AM

Then proceed with ESET


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users