Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with iexplore.exe virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 egusick

egusick

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 15 February 2015 - 04:49 AM

Hi there,

 

I'm having multiple instances of iexplore.exe running in the background, and issues with random audio ads popping up. When I try to end the process manually, it just keeps popping back up. How do I get rid of the virus?

 

Best,

Shaun



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 15 February 2015 - 04:57 AM

Hello egusick, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan
  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     
STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan
  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.
     
======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)

Posted Image

#3 egusick

egusick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 15 February 2015 - 05:12 AM

Hi Adam, sure you can call me Shaun. That was fast! See below

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Shaun (administrator) on SHAUN-PC on 15-02-2015 18:03:28
Running from C:\Users\Shaun\Desktop
Loaded Profiles: Shaun (Available profiles: Shaun)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\05wdatmk.default\extensions\startup.service@mozilla.com\svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Shaun\AppData\Local\FluxSoftware\Flux\flux.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
() C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe
() D:\Browser Downloads\ClipCube-0.2.2\ClipCube.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(TP-LINK TECHNOLOGIES CO., LTD. ) C:\Program Files (x86)\TP-LINK\Common\TWCU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\ColdTurkey\ct_notify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RoboHippo LLC) C:\Program Files (x86)\HippoVNC\WinVNC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\ColdTurkey\ct_notify2.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(RoboHippo LLC) C:\Program Files (x86)\HippoVNC\WinVNC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10135584 2010-03-26] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271168 2012-03-27] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ColdTurkey_notify] => C:\Program Files\ColdTurkey\ct_notify.exe [47616 2012-05-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [F.lux] => C:\Users\Shaun\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [FBackup Scheduler] => [X]
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [FBackup 4] => [X]
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [ZoomInfo Contact Contributor] => C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\launch.bat [108 2013-08-21] ()
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [Google Update] => C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [328568 2010-09-06] (BitTorrent, Inc.)
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Run: [ClipCube] => D:\Browser Downloads\ClipCube-0.2.2\ClipCube.exe [444928 2010-08-14] ()
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\MountPoints2: {63c23d36-debe-11e1-87c9-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\MountPoints2: {a7609492-b921-11df-a34e-6cf049d83233} - H:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Utility.lnk
ShortcutTarget: TP-LINK Wireless Utility.lnk -> C:\Program Files (x86)\TP-LINK\Common\TWCU.exe (TP-LINK TECHNOLOGIES CO., LTD. )
Startup: C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-316848397-360787003-3543451247-1000] => localhost:8080
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
Toolbar: HKU\S-1-5-21-316848397-360787003-3543451247-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-316848397-360787003-3543451247-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Shaun\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-316848397-360787003-3543451247-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-316848397-360787003-3543451247-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-316848397-360787003-3543451247-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shaun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\searchplugins\kickassto.xml
FF Extension: Pocket - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\isreaditlater@ideashower.com [2015-01-06]
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2013-12-18]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\elemhidehelper@adblockplus.org.xpi [2013-01-11]
FF Extension: MEGA - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\firefox@mega.co.nz.xpi [2015-01-18]
FF Extension: Dolphin Deals - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\firefox@sqeedolphindeals.com.xpi [2014-08-13]
FF Extension: YouTube Enhancer Plus - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2014-02-16]
FF Extension: Lazarus: Form Recovery - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\lazarus@interclue.com.xpi [2014-02-16]
FF Extension: Flagfox - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-05-08]
FF Extension: Gmail Manager - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2013-01-11]
FF Extension: Boomerang for GMail - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi [2013-01-11]
FF Extension: Modify Headers - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2013-01-19]
FF Extension: Adblock Plus - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-11]
FF Extension: Greasemonkey - C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-10-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-19]

Chrome:
=======
CHR HomePage: Default -> about:blank
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1416315610&from=free&uid=C300-CTFDDAC064MAG_00000000102702FC0162"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Shaun\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Shaun\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Shaun\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Shaun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-25]
CHR Extension: (Gom VPN - Bypass blocked sites) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-25]
CHR Extension: (6900000) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpoojffmcggmdcbglffoihbdcaidine [2013-10-10]
CHR Extension: (Skype Click to Call) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-26]
CHR Extension: (FacebookJS) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo [2011-07-24]
CHR Extension: (Google Wallet) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 cntlm; C:\Program Files\Cntlm\cygrunsrv.exe [43008 2007-11-24] () [File not signed]
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-27] (CrashPlan) [File not signed]
R2 Firefox Service; C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\05wdatmk.default\extensions\startup.service@mozilla.com\svc.exe [83456 2011-03-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
R2 hippovnc_service; C:\Program Files (x86)\HippoVNC\WinVNC.exe [1692160 2010-02-15] (RoboHippo LLC) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 KCTRP; C:\Program Files\ColdTurkey\KCTRP_srv.exe [39936 2012-05-05] () [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2010-10-04] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [12600 2012-03-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [291696 2012-03-27] (Microsoft Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [341792 2011-12-21] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-07] (Electronic Arts)
R2 RalinkRegistryWriter; C:\Program Files (x86)\TP-LINK\Common\RaRegistry.exe [185632 2010-07-30] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\TP-LINK\Common\RaRegistry64.exe [212256 2010-07-30] (Ralink Technology, Corp.)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
S3 arusb_win7x; C:\Windows\System32\DRIVERS\arusb_win7x.sys [769024 2009-11-26] (Atheros Communications, Inc.)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-11] (Microsoft Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-08] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-08] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-21] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [98688 2012-03-21] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-11] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-08-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-07-29] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-08-23] (Trusteer Ltd.)
S3 SaiH0464; C:\Windows\System32\DRIVERS\SaiH0464.sys [178432 2008-03-31] (Saitek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-09-06] () [File not signed]
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [50768 2010-08-25] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [566864 2010-08-25] (Paragon)
U3 azhi2zcy; C:\Windows\System32\Drivers\azhi2zcy.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 18:01 - 2015-02-15 18:01 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Shaun\Desktop\tdsskiller.exe
2015-02-15 17:59 - 2015-02-15 18:00 - 00048540 _____ () C:\Users\Shaun\Desktop\Addition.txt
2015-02-15 17:54 - 2015-02-15 17:54 - 00328888 _____ () C:\Windows\Minidump\021515-51651-01.dmp
2015-02-15 17:52 - 2015-02-15 18:03 - 00034836 _____ () C:\Users\Shaun\Desktop\FRST.txt
2015-02-15 17:52 - 2015-02-15 18:03 - 00000000 ____D () C:\FRST
2015-02-15 17:52 - 2015-02-15 17:52 - 00035103 _____ () C:\Users\Shaun\Downloads\FRST.txt
2015-02-15 17:51 - 2015-02-15 17:51 - 02134528 _____ (Farbar) C:\Users\Shaun\Desktop\FRST64.exe
2015-02-15 17:41 - 2015-02-15 17:41 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-02-15 17:38 - 2015-02-06 05:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-15 17:38 - 2015-02-06 05:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-15 17:38 - 2015-02-06 05:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-15 17:38 - 2015-02-06 05:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-15 17:20 - 2015-02-15 17:21 - 00000000 ____D () C:\Users\Shaun\AppData\Local\NVIDIA
2015-02-15 17:20 - 2015-02-15 17:20 - 00001374 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-02-15 17:20 - 2015-02-15 17:20 - 00000000 ____D () C:\Users\Shaun\AppData\Local\NVIDIA Corporation
2015-02-15 16:52 - 2015-01-16 14:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-15 16:52 - 2015-01-16 14:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-15 16:52 - 2015-01-16 14:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-15 16:52 - 2015-01-16 14:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-15 16:52 - 2014-11-22 18:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-15 16:52 - 2014-11-22 18:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-15 16:52 - 2014-11-22 18:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-15 16:30 - 2015-02-15 16:30 - 34603752 _____ (NVIDIA Corporation) C:\Users\Shaun\Downloads\GeForce_Experience_v2.2.2.0.exe
2015-02-14 22:35 - 2015-02-14 22:35 - 00003086 _____ () C:\Windows\System32\Tasks\{FEF0E3C8-4100-4181-9398-904AF4956119}
2015-02-14 15:15 - 2015-02-14 15:15 - 00388608 _____ (Trend Micro Inc.) C:\Users\Shaun\Downloads\HijackThis.exe
2015-02-12 23:45 - 2015-02-12 23:45 - 00000657 _____ () C:\Users\Public\Desktop\Sunless Sea.lnk
2015-02-09 22:49 - 2015-02-09 22:49 - 00000202 _____ () C:\Users\Shaun\Desktop\Evolve.url
2015-02-08 21:41 - 2015-02-08 21:41 - 00000955 _____ () C:\Users\Shaun\Desktop\Dragon Age Inquisition.lnk
2015-02-08 21:41 - 2015-02-08 21:41 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Dragon Age Inquisition
2015-02-08 21:24 - 2015-02-08 21:24 - 00000000 ____D () C:\Program Files (x86)\R.G. Gamblers
2015-02-07 17:07 - 2015-02-07 17:07 - 12951423 _____ (Dennis Meuwissen ) C:\Users\Shaun\Downloads\dvdflick_setup_1.3.0.7.exe
2015-02-07 17:05 - 2015-02-15 18:01 - 00000000 ____D () C:\Users\Shaun\AppData\Local\CrashDumps
2015-01-31 22:14 - 2010-12-27 10:35 - 00000000 ____D () C:\Users\Shaun\Desktop\Indonesia 9th
2015-01-31 22:09 - 2015-01-31 22:12 - 24811958 _____ () C:\Users\Shaun\Desktop\Indonesia_9th.rar
2015-01-30 13:45 - 2015-01-30 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-30 13:45 - 2015-01-30 13:45 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-26 23:58 - 2015-01-26 23:58 - 00001107 _____ () C:\Users\Shaun\Desktop\Child of Light - Shortcut.lnk
2015-01-26 23:27 - 2015-01-26 23:28 - 00000000 ____D () C:\Users\Shaun\Desktop\xinput1_3
2015-01-26 22:25 - 2015-01-26 22:25 - 00000930 _____ () C:\Users\Shaun\Desktop\Child of Light.lnk
2015-01-26 22:25 - 2015-01-26 22:25 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Child of Light
2015-01-19 21:41 - 2015-01-27 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-18 21:47 - 2015-01-18 21:47 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\TheBannerSaga
2015-01-18 21:14 - 2015-01-18 21:39 - 00000000 ____D () C:\Users\Shaun\Desktop\George Michael

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 18:03 - 2010-09-06 02:14 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\uTorrent
2015-02-15 18:02 - 2011-04-17 01:53 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\TeraCopy
2015-02-15 18:02 - 2009-07-14 13:13 - 00786854 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 17:58 - 2014-11-18 22:08 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-15 17:58 - 2011-05-17 22:48 - 00000000 ____D () C:\Users\Shaun\AppData\Local\LogMeIn Hamachi
2015-02-15 17:58 - 2010-09-11 22:20 - 00000000 ___RD () C:\Users\Shaun\Documents\My Dropbox
2015-02-15 17:58 - 2010-09-11 22:18 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Dropbox
2015-02-15 17:58 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 17:57 - 2013-03-14 09:58 - 00069851 _____ () C:\Windows\setupact.log
2015-02-15 17:57 - 2012-09-23 06:05 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-15 17:57 - 2011-01-28 01:13 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 17:57 - 2010-12-11 19:55 - 00000000 ____D () C:\Windows\SysWOW64\logishrd
2015-02-15 17:57 - 2010-12-11 19:55 - 00000000 ____D () C:\Windows\system32\logishrd
2015-02-15 17:57 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 17:54 - 2010-10-29 12:40 - 00000000 ____D () C:\Windows\Minidump
2015-02-15 17:42 - 2012-02-03 07:31 - 00000926 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA.job
2015-02-15 17:41 - 2010-09-06 00:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 17:41 - 2010-09-06 00:43 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-15 17:40 - 2010-10-02 05:55 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Skype
2015-02-15 17:39 - 2010-09-06 00:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-15 17:24 - 2010-12-11 20:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA.job
2015-02-15 17:21 - 2011-01-28 01:13 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 17:20 - 2010-09-06 00:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-15 16:54 - 2013-01-11 20:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-15 16:52 - 2012-11-28 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-15 15:44 - 2009-07-14 12:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 15:44 - 2009-07-14 12:45 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 15:40 - 2010-09-06 00:30 - 01068611 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 23:42 - 2012-02-03 07:31 - 00000904 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core.job
2015-02-14 22:39 - 2011-11-11 18:04 - 00218185 _____ () C:\Windows\DirectX.log
2015-02-14 22:37 - 2014-02-22 17:23 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-14 22:35 - 2010-10-02 05:53 - 00000000 ____D () C:\ProgramData\Skype
2015-02-14 22:32 - 2010-09-06 04:14 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\vlc
2015-02-14 21:24 - 2010-12-11 20:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core.job
2015-02-14 15:06 - 2010-09-06 03:39 - 00000000 ____D () C:\Windows\pss
2015-02-14 12:33 - 2010-09-11 22:18 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 23:48 - 2010-09-21 01:00 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Winamp
2015-02-12 23:45 - 2013-04-25 07:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-02-12 23:45 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-11 18:49 - 2011-08-05 07:46 - 00245706 _____ () C:\Windows\PFRO.log
2015-02-10 19:43 - 2013-01-11 20:57 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-10 19:43 - 2013-01-11 20:57 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 19:43 - 2011-07-13 06:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-09 22:49 - 2013-12-26 23:04 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-08 21:41 - 2014-07-06 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Gamblers
2015-02-08 01:20 - 2010-09-06 04:14 - 00000000 ____D () C:\Users\Shaun\AppData\Roaming\DVD Flick
2015-02-07 17:16 - 2011-01-28 01:13 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-07 17:16 - 2011-01-28 01:13 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-07 17:00 - 2012-11-22 23:34 - 00000000 ____D () C:\Program Files\Soluto
2015-02-07 17:00 - 2011-07-19 18:51 - 00000000 ____D () C:\ProgramData\Soluto
2015-02-07 16:44 - 2010-09-23 07:04 - 00068208 _____ () C:\Windows\system32\lvcoinst.log
2015-02-06 05:01 - 2013-04-01 00:19 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-06 05:01 - 2013-04-01 00:19 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-06 05:01 - 2012-11-28 08:03 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-06 05:01 - 2012-11-28 08:03 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-06 05:01 - 2010-09-06 00:43 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-06 05:01 - 2010-09-06 00:42 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-06 03:07 - 2010-07-09 16:17 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-06 03:07 - 2010-07-09 16:17 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-06 03:07 - 2010-07-09 16:17 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-06 03:07 - 2010-07-09 16:17 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-06 03:07 - 2010-07-09 16:17 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-06 03:06 - 2010-07-09 16:17 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 20:50 - 2012-11-28 08:05 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 21:19 - 2010-12-11 20:12 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA
2015-02-04 21:19 - 2010-12-11 20:12 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core
2015-02-01 15:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-30 18:26 - 2013-02-07 06:24 - 00000000 ____D () C:\ProgramData\Origin
2015-01-30 15:27 - 2013-02-14 22:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-28 21:13 - 2012-04-26 07:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 20:34 - 2010-10-05 06:00 - 00000000 ____D () C:\Users\Shaun\Documents\My Games
2015-01-27 20:33 - 2013-01-02 20:56 - 00000000 ____D () C:\ProgramData\Orbit
2015-01-26 22:25 - 2014-10-09 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics

==================== Files in the root of some directories =======

2011-04-27 03:19 - 2011-04-27 03:19 - 0003584 _____ () C:\Users\Shaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-15 05:59 - 2012-04-15 05:59 - 0004096 ____H () C:\Users\Shaun\AppData\Local\keyfile3.drm
2011-07-19 18:52 - 2012-03-21 16:47 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some content of TEMP:
====================
C:\Users\Shaun\AppData\Local\Temp\0ersuyrd.p4l.exe
C:\Users\Shaun\AppData\Local\Temp\2f2b780b-973d-47ae-aa6e-281be0d953a7.exe
C:\Users\Shaun\AppData\Local\Temp\32urq325.td0.exe
C:\Users\Shaun\AppData\Local\Temp\3hkuzwpn.qna.exe
C:\Users\Shaun\AppData\Local\Temp\3piyenvo.sxo.exe
C:\Users\Shaun\AppData\Local\Temp\520f4561-a80c-4f0f-9ce0-def629a8698e.exe
C:\Users\Shaun\AppData\Local\Temp\5jwdcptb.1xu.exe
C:\Users\Shaun\AppData\Local\Temp\6ad46d56-3ad5-458a-954d-092314e29ad6.exe
C:\Users\Shaun\AppData\Local\Temp\90040eff-eb89-4297-94b5-aeaa56dc0cfe.exe
C:\Users\Shaun\AppData\Local\Temp\a1321edb-3530-409e-bf23-522a43fb5885.exe
C:\Users\Shaun\AppData\Local\Temp\al4j4pls.swx.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup2781.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup2857.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup2948.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup3095.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup3167.exe
C:\Users\Shaun\AppData\Local\Temp\amisetup3248.exe
C:\Users\Shaun\AppData\Local\Temp\aqi5yxfo.dll
C:\Users\Shaun\AppData\Local\Temp\co5xelto.gw3.exe
C:\Users\Shaun\AppData\Local\Temp\devuldtv.2ua.exe
C:\Users\Shaun\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm52qps.dll
C:\Users\Shaun\AppData\Local\Temp\e8e0a718-d2d5-428d-82cd-518c67331b6a.exe
C:\Users\Shaun\AppData\Local\Temp\f21b7212-7964-4c67-9569-3b824e81eac0.exe
C:\Users\Shaun\AppData\Local\Temp\fygci4cr.dll
C:\Users\Shaun\AppData\Local\Temp\hdtosyj0.gzh.exe
C:\Users\Shaun\AppData\Local\Temp\jfukwaq4.dll
C:\Users\Shaun\AppData\Local\Temp\ke045wg3.hue.exe
C:\Users\Shaun\AppData\Local\Temp\lht1ffbk.ryc.exe
C:\Users\Shaun\AppData\Local\Temp\mt3abl1c.ebr.exe
C:\Users\Shaun\AppData\Local\Temp\njddqdmp.31g.exe
C:\Users\Shaun\AppData\Local\Temp\objjhv2z.ggf.exe
C:\Users\Shaun\AppData\Local\Temp\p1wzskab.tny.exe
C:\Users\Shaun\AppData\Local\Temp\pr3s0l1k.xx5.exe
C:\Users\Shaun\AppData\Local\Temp\qydddsb3.qzl.exe
C:\Users\Shaun\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Shaun\AppData\Local\Temp\snhbz11s.bwv.exe
C:\Users\Shaun\AppData\Local\Temp\srv86548.exe
C:\Users\Shaun\AppData\Local\Temp\tnz05xhj.4f4.exe
C:\Users\Shaun\AppData\Local\Temp\w3kp103e.dk1.exe
C:\Users\Shaun\AppData\Local\Temp\yfe0fxfk.plu.exe
C:\Users\Shaun\AppData\Local\Temp\zgnzvgod.dma.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. Check to make sure user is administrator or see Addition.txt for additional information.


LastRegBack: 2015-01-18 18:45

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Shaun at 2015-02-15 17:59:40
Running from C:\Users\Shaun\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Free AVI Converter version  2.5.0.5 (HKLM-x32\...\{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1) (Version:  - )
µTorrent (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alien Isolation (HKLM-x32\...\Alien Isolation_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed ® III (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.00 - Ubisoft)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Belvedere 0.7.1 (HKLM-x32\...\Belvedere) (Version: 0.7.1 - Lifehacker)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty Black Ops 2 (HKLM-x32\...\{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1) (Version: 1.0 - Treyarch)
CameraHelperMsi (x32 Version: 13.10.1217.0 - Logitech) Hidden
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
CDisplayEx 1.4 (HKLM-x32\...\CDisplayEx_is1) (Version:  - )
Child of Light (HKLM-x32\...\Child of Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cold Turkey version 0.7 (HKLM\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 0.7 - Felix Belzile)
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
CrashPlan (HKLM\...\{BA4F07DC-4D9E-4D68-A133-7363E7161B76}) (Version: 3.2.1 - CrashPlan)
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.0.0.0 - Electronic Arts)
CyberGhost VPN Patch 4.7.19 (HKLM\...\CyberGhost VPN_is1) (Version:  - CyberGhost S.R.L.)
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 3 - Illustrate)
dBpoweramp FLAC Codec (HKLM-x32\...\dBpoweramp FLAC Codec) (Version: Release 14 (FLAC 1.2.1) - Illustrate)
dBpoweramp m4a Codec (HKLM-x32\...\dBpoweramp m4a Codec) (Version: Release 14 r2 - Illustrate)
dBpoweramp Monkeys Audio Codec (HKLM-x32\...\dBpoweramp Monkeys Audio Codec) (Version:  - )
dBpoweramp Musepack Codec (HKLM-x32\...\dBpoweramp Musepack Codec) (Version:  - )
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 13.1 - Illustrate)
dBpoweramp WavPack Codec (HKLM-x32\...\dBpoweramp WavPack Codec) (Version:  - )
Desktop Lighter (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\{CFA2CFAB-4B51-47D5-8ECF-5C007F37DB94}) (Version: 1.4 - DiMXSoft)
DiskAid 4.11 (HKLM-x32\...\DiskAid_is1) (Version: 4.11 - DigiDNA)
Divinity - Original Sin (HKLM-x32\...\1207664923_is1) (Version: 2.5.0.11 - GOG.com)
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
Divinity - Original Sin (HKLM-x32\...\Steam App 230230) (Version:  - Larian Studios)
Dragon Age Inquisition (HKLM-x32\...\Dragon Age Inquisition_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
Dropbox (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ɱ³öÖØΧ3ÈËÀà¸ïÃü (HKLM-x32\...\¡¶É±³öÖØΧ3ÈËÀà¸ïÃü¡·ÓÎÏÀ°¿ÏèÖÐÎÄÍêÕûÓ²ÅÌ°æ_is1) (Version:  - ɱ³öÖØΧ3ÈËÀà¸ïÃü)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Evernote v. 4.1 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.1.0.3345 - Evernote Corp.)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Explorer Suite III (HKLM\...\Explorer Suite_is1) (Version:  - )
f.lux (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
facebookJS (HKLM-x32\...\facebookJS) (Version:  - )
FEZ v1.04 (HKLM-x32\...\FEZ v1.041.04) (Version: 1.04 - Friends in War)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
FSS Google Books Downloader version 1.4.5.7 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.4.5.7 - FreeSmartSoft Ltd.)
Google Book Downloader (HKLM-x32\...\{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}) (Version: 0.6.9 - adma)
Google Chrome (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Handbrake 0.9.4 (HKLM-x32\...\Handbrake) (Version: 0.9.4 - )
Hitman Absolution (HKLM-x32\...\Hitman Absolution_is1) (Version:  - )
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
iBackup Viewer 1.10 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version:  - iMacTools)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
iConcertCal (HKLM-x32\...\{ADCA2156-B646-428E-92F2-D63D4A67B90F}) (Version: 2.9.0 - iConcertCal)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.2.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.210 - Sun Microsystems, Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LIMBO (HKLM-x32\...\LIMBO) (Version:  - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
LookInMyPC (HKLM-x32\...\LookInMyPC) (Version:  - )
LWS VideoEffects (Version: 13.00.1774.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max Payne 3 (HKLM-x32\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Metal Gear Solid (HKLM-x32\...\Metal Gear Solid) (Version:  - )
Metro: Last Light © Deep Silver version 1 (HKLM-x32\...\TWV0cm9MYXN0TGlnaHQ=_is1) (Version: 1 - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Outlook 2003 (HKLM-x32\...\{90E00409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Mozilla Firefox 35.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-GB)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 0.12.1 - MusicBrainz)
myPhoneDesktop 1.5.1 (HKLM-x32\...\4142-5230-3826-1062) (Version: 1.5.1 - jProductivity, LLC)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Nitro Pro 7 (HKLM\...\{1179B5C1-663C-43EC-A97A-3942D5F6A7DE}) (Version: 7.0.2.8 - Nitro PDF Software)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.9.0105 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RapeLay (HKLM-x32\...\{CA31F991-DBD2-4DE1-B6D2-30105F23CBBC}) (Version: 1.03 - ILLUSION)
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1201.94 - Trusteer)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1108.77 - Trusteer) Hidden
Real Alternative 2.0.2 Lite (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6077 - Realtek Semiconductor Corp.)
Richard & Alice (HKLM-x32\...\GOGPACKRICHARDANDALICE_is1) (Version: 2.0.0.5 - GOG.com)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.5 - Rockstar Games)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SSD Boost Manager (HKLM-x32\...\{E856CDFC-A5EF-3346-8815-F46A545401E2}) (Version: 1.0.0.0 - -)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.0.0.16117 - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.0.0.1 - GOG.com)
tagtraum industries beaTunes 2.1.19 (HKLM-x32\...\beaTunes-2.1.19) (Version:  - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeraCopy 2.12 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
The Sims 4 Deluxe Edition version 1.0 Update 1 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.0 Update 1 - GMT-MAX.ORG)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Walking Dead Episode 2 - Starved for Help (HKLM-x32\...\The Walking Dead_is1) (Version:  - )
The Walking Dead: Season 2 (HKLM-x32\...\VGhlV2Fsa2luZ0RlYWRTZWFzb24y_is1) (Version: 1 - )
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Total War ROME II (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
TP-LINK Wireless Utility (HKLM-x32\...\{5BE5DB79-685E-46FD-A231-CD7467B69DD7}) (Version: 1.5.6.0 - TP-LINK)
tricomfi (HKLM-x32\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!
Unity Web Player (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft)
VideoStream Server v1.0.1 (HKLM-x32\...\VideoStream Server_is1) (Version:  - )
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Wasteland 2 (HKLM-x32\...\Wasteland 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Winamp (HKLM-x32\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Essentials Pack (HKLM-x32\...\Winamp Essentials Pack) (Version: v5.58 - Christoph Grether)
WinDirStat 1.1.2 (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Leaf Imaging Ltd. Image  (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010  - Leaf Imaging Ltd.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
X2X Free Video Trim 2.0 (HKLM-x32\...\{D1F94690-C59F-4BF1-A9C5-012DCCE8364D}_is1) (Version:  - x2xsoft.com)
XCOM: Enemy Within (HKLM-x32\...\WENPTUVuZW15V2l0aGlu_is1) (Version: 1 - )
ZoomInfo Contact Contributor (HKU\S-1-5-21-316848397-360787003-3543451247-1000\...\ZoomInfo Contact Contributor) (Version: 45 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\tricomfi\tivesen.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-316848397-360787003-3543451247-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Shaun\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

15-02-2015 16:07:32 Automatic creation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-11-19 18:59 - 2014-11-19 18:59 - 00000000 ____R C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00991C1D-5206-49A9-A226-8028BCB6F61E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA => C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {0618EB05-3011-498C-86DD-29DA68D42A1C} - System32\Tasks\{C4F9A142-386B-4749-A8A5-0DAE310E492F} => pcalua.exe -a "C:\Program Files (x86)\Games\Gemini Rue\winsetup.exe" -d "C:\Program Files (x86)\Games\Gemini Rue"
Task: {07DE0DA6-02F3-477A-8FD2-DB88706C546B} - System32\Tasks\{A6137543-ECBC-44B7-A4DC-0F43CF1EB94A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {1AA75691-6B6F-4CDB-803E-F8B0F6A47AC0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA => C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2C8BD75C-DE9E-4247-8EA2-D8E032098CE6} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {4EE9C8DD-8870-447B-9DF1-40F0D9706CB0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {5F3F9299-A721-4B8F-9932-442F1B1F74AB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {60EE1926-A41C-49C6-A646-A7BE357932ED} - System32\Tasks\{05076B6A-85B4-4B16-95C6-874E48CDA590} => pcalua.exe -a "D:\Call of Duty Black Ops 2\redist\vcredist_x86.exe" -d "D:\Call of Duty Black Ops 2\redist"
Task: {6E71BC2A-AC53-4A25-809D-8C52723F578C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {708AF680-9136-4708-B1D9-6DD78E01F4B7} - System32\Tasks\{FEF0E3C8-4100-4181-9398-904AF4956119} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
Task: {7BE73312-2B55-4248-8528-AFD4AD3B27FF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7F24597D-13E4-436C-897A-BA865B7F5373} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {83B5EF2C-CF2A-44A5-9F35-92E0D35B3669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {8B653075-61F3-4F73-81C3-690C23CD5ECC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E7D142F-78B5-4735-9CCE-D10BFF79F445} - System32\Tasks\{D6103D55-6362-4E3E-8C4B-D77767F37A86} => pcalua.exe -a "D:\Browser Downloads\mb_utility_onoffchargesetup-intel-7series.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {A9D0E7E1-D15D-4836-AC70-007663455734} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core => C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {BBC6CE53-F9AF-49CC-BA8B-54FA72F54588} - System32\Tasks\Paragon Archive name arc_050811000556437 => C:\Program Files (x86)\Paragon_Software\Backup_and_Recovery_2010_Free_Advanced\program\scripts.exe
Task: {C3269649-C572-4BD8-9CC0-88DE0C450D10} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {CFA856A0-A528-4CB3-806F-B8D2D61D5101} - System32\Tasks\FSSUpdaterService => C:\Users\Shaun\AppData\Roaming\UpdaterService\FSSUpdaterService.exe [2014-07-23] () <==== ATTENTION
Task: {D9EACD18-C1D3-4C93-92A9-52F1552CBDBE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core => C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {ECC2F086-872B-455C-90AB-90B1E127C862} - System32\Tasks\My Backup xml => C:\Program Files\Macrium\Reflect\reflect.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core.job => C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA.job => C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\fba_The Backup.job => C:\Program Files (x86)\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core.job => C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA.job => C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\My Backup xml.job => C:\Program Files\Macrium\Reflect\reflect.exe
Task: C:\Windows\Tasks\Paragon Archive name arc_050811000556437.job => C:\Program Files (x86)\Paragon_Software\Backup_and_Recovery_2010_Free_Advanced\program\scripts.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-28 08:04 - 2015-02-06 03:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-03-27 00:58 - 2012-03-27 00:58 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-01-13 23:04 - 2015-01-13 23:04 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2011-05-06 09:03 - 2011-03-10 08:07 - 00083456 _____ () C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\05wdatmk.default\extensions\startup.service@mozilla.com\svc.exe
2014-06-20 13:30 - 2014-06-20 13:30 - 01624000 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe
2012-02-15 03:52 - 2010-08-14 03:27 - 00444928 ____N () D:\Browser Downloads\ClipCube-0.2.2\ClipCube.exe
2012-02-22 07:35 - 2012-05-02 09:59 - 00047616 _____ () C:\Program Files\ColdTurkey\ct_notify.exe
2012-02-22 07:35 - 2012-05-01 08:52 - 00022016 _____ () C:\Program Files\ColdTurkey\ct_notify2.exe
2011-09-27 14:23 - 2011-09-27 14:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 14:22 - 2011-09-27 14:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-20 13:30 - 2014-06-20 13:30 - 00106496 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\win32api.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00122880 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\pywintypes25.dll
2014-06-20 13:30 - 2014-06-20 13:30 - 00339968 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\pythoncom25.dll
2014-06-20 13:30 - 2014-06-20 13:30 - 00053248 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\_socket.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00655360 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\_ssl.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00323584 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\_hashlib.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00086016 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\_ctypes.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00159744 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\win32gui.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00015872 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\win32evtlog.pyd
2014-06-20 13:30 - 2014-06-20 13:30 - 00479232 _____ () C:\Users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\unicodedata.pyd
2012-08-23 21:54 - 2010-07-30 09:52 - 00918816 _____ () C:\Program Files (x86)\TP-LINK\Common\RaWLAPI.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\Shaun\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-15 17:57 - 2015-02-15 17:57 - 00043008 _____ () c:\users\shaun\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm52qps.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\Shaun\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\Shaun\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\Shaun\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-19 21:41 - 2015-01-27 21:30 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-09 15:26 - 2014-12-09 15:26 - 00133120 _____ () C:\Users\Shaun\AppData\Roaming\tricomfi\colers.dll
2009-07-14 05:03 - 2009-07-14 09:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:0CFF5F08

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-316848397-360787003-3543451247-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belvedere.lnk => C:\Windows\pss\Belvedere.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Evernote Clipper.lnk => C:\Windows\pss\Evernote Clipper.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\TP-LINK\QSS\jswtrayutil.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\Winampa.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-316848397-360787003-3543451247-500 - Administrator - Disabled)
Guest (S-1-5-21-316848397-360787003-3543451247-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-316848397-360787003-3543451247-1002 - Limited - Enabled)
Shaun (S-1-5-21-316848397-360787003-3543451247-1000 - Administrator - Enabled) => C:\Users\Shaun

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2015 05:57:40 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 05:54:24 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 05:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 35.0.1.5500, time stamp: 0x54c1f9f3
Faulting module name: mozalloc.dll, version: 35.0.1.5500, time stamp: 0x54c1f224
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xc24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/15/2015 04:07:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b0a88549-ac77-43c8-bd7f-36a4c884d9e7}

Error: (02/15/2015 03:37:22 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 11:32:58 AM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/14/2015 08:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: MSHTML.dll, version: 9.0.8112.16447, time stamp: 0x4fc9d776
Exception code: 0xc0000005
Fault offset: 0x00333f2b
Faulting process id: 0x18d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/14/2015 01:01:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5f707174-1561-4010-b7f8-b74df304e633}

Error: (02/14/2015 00:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0x1558
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (02/14/2015 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0x188c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (02/15/2015 05:58:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM

Error: (02/15/2015 05:57:39 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{33a5489b-b945-11df-b1a6-806e6f6e6963} cannot be read.

Error: (02/15/2015 05:57:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:55:19 on ‎15/‎02/‎2015 was unexpected.

Error: (02/15/2015 05:54:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
UimBus
Uim_IM

Error: (02/15/2015 05:54:50 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff80003b32ad5, 0xfffff8800f0c8ec0, 0x0000000000000000)C:\Windows\MEMORY.DMP021515-51651-01

Error: (02/15/2015 05:54:22 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on \\?\Volume{33a5489b-b945-11df-b1a6-806e6f6e6963} cannot be read.

Error: (02/15/2015 05:54:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:52:23 on ‎15/‎02/‎2015 was unexpected.

Error: (02/15/2015 05:41:42 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (02/15/2015 03:43:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (02/15/2015 03:39:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (02/15/2015 05:57:40 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 05:54:24 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 05:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425c2401d048f96c561792C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld8f71782-b4f6-11e4-938f-6cf049d83233

Error: (02/15/2015 04:07:28 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b0a88549-ac77-43c8-bd7f-36a4c884d9e7}

Error: (02/15/2015 03:37:22 PM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/15/2015 11:32:58 AM) (Source: cntlm) (EventID: 0) (User: NT AUTHORITY)
Description: cntlm: Parent proxy account username missing.

Error: (02/14/2015 08:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164474fc9cd53MSHTML.dll9.0.8112.164474fc9d776c000000500333f2b18d801d0484b460e992bC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8831d91c-b444-11e4-b0fe-6cf049d83233

Error: (02/14/2015 01:01:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {5f707174-1561-4010-b7f8-b74df304e633}

Error: (02/14/2015 00:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164474fc9cd53ntdll.dll6.1.7600.169154ec49d10c0000374000ce903155801d04812a4062218C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dll0e805b42-b406-11e4-b0fe-6cf049d83233

Error: (02/14/2015 00:55:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164474fc9cd53ntdll.dll6.1.7600.169154ec49d10c0000374000ce903188c01d04810ed29f0ddC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllc4279733-b405-11e4-b0fe-6cf049d83233


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 64%
Total physical RAM: 3963.49 MB
Available physical RAM: 1398.38 MB
Total Pagefile: 7925.13 MB
Available Pagefile: 5034.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:59.53 GB) (Free:1.33 GB) NTFS
Drive d: (Storage) (Fixed) (Total:931.51 GB) (Free:34.34 GB) NTFS
Drive e: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:117.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 3EE5C695)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3DC1DE7A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 30ACD825)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 egusick

egusick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 15 February 2015 - 05:13 AM

Here's TDSS

Attached Files



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 15 February 2015 - 05:29 AM

Hi Shaun, 

 

Did you set this proxy server? localhost:8080


Posted Image

#6 egusick

egusick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 15 February 2015 - 05:32 AM

Hi Adam, no I don't believe so.



#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 16 February 2015 - 02:43 AM

Apologies for the delay, Shaun.
 
Do you recognise the following programmes? If not, please uninstall in Step 2. If you do, there's no need to uninstall.

  • ɱ³öÖØΧ3ÈËÀà¸ïÃü
  • facebookJS
  • FSS Google Books Downloader 
     

Please consider the following suggestion, and proceed with the instructions below.
 

goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.
If you choose not to, please refrain from using the programme(s) during this process.

 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (W7/Vista)

  • Click the Windows Start Button 29Fou9c.jpg. Right-click Computer and click Properties.
  • Click System protection in the panel on the left. 
  • Click the System Protection tab, followed by Create.
  • In the System Protection dialog box, type a description, and click Create.
  • Upon completion, close the window.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • tricomfi 
    • ɱ³öÖØΧ3ÈËÀà¸ïÃü (if you do not recognise)
    • facebookJS (if you do not recognise)
    • FSS Google Books Downloader (if you do not recognise)
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
     

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 5
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
======================================================

STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • ComboFix.txt
  • Did the programmes uninstall OK?
  • JRT.txt
  • AdwCleaner[S0].txt

Posted Image

#8 egusick

egusick
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 17 February 2015 - 08:12 AM

Hi Adam, I had some trouble uninstalling ɱ³öÖØΧ3ÈËÀà¸ïÃü .... Revo said that there was no uninstaller file for the program. I did click past it, and removed a registry item associated with the program in bold. Logs below:

 

ComboFix.txt

 

ComboFix 15-02-16.01 - Shaun 16/02/2015  22:20:36.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.932.81.1033.18.3963.1750 [GMT 8:00]
Running from: c:\users\Shaun\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna7400688442549003054.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-16 to 2015-02-16  )))))))))))))))))))))))))))))))
.
.
2015-02-16 14:27 . 2015-02-16 14:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-02-16 12:27 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F16F1031-731E-4251-9321-A97005C81467}\mpengine.dll
2015-02-15 11:13 . 2015-02-15 11:13    --------    d-----w-    c:\users\Shaun\AppData\Roaming\Dragon Age Inquisition
2015-02-15 09:52 . 2015-02-15 10:04    --------    d-----w-    C:\FRST
2015-02-15 09:41 . 2015-02-15 09:41    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2015-02-15 09:20 . 2015-02-15 09:20    --------    d-----w-    c:\users\Shaun\AppData\Local\NVIDIA Corporation
2015-02-15 09:20 . 2015-02-15 09:21    --------    d-----w-    c:\users\Shaun\AppData\Local\NVIDIA
2015-02-15 08:52 . 2015-01-16 06:40    1316184    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2015-02-15 08:52 . 2015-01-16 06:40    1278920    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2015-02-15 08:52 . 2015-01-16 06:39    1756424    ----a-w-    c:\windows\system32\nvspbridge64.dll
2015-02-15 08:52 . 2015-01-16 06:39    1514528    ----a-w-    c:\windows\system32\nvspcap64.dll
2015-02-15 08:52 . 2014-11-22 10:46    38032    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2015-02-15 08:52 . 2014-11-22 10:46    35472    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2015-02-15 08:52 . 2014-11-22 10:46    32400    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2015-02-15 03:44 . 2014-12-02 10:26    11870360    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-08 13:24 . 2015-02-08 13:24    --------    d-----w-    c:\program files (x86)\R.G. Gamblers
2015-02-07 09:05 . 2015-02-16 12:55    --------    d-----w-    c:\users\Shaun\AppData\Local\CrashDumps
2015-01-30 05:45 . 2015-01-30 05:45    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2015-01-26 14:25 . 2015-01-26 14:25    --------    d-----w-    c:\users\Shaun\AppData\Roaming\Child of Light
2015-01-18 13:47 . 2015-01-18 13:47    --------    d-----w-    c:\users\Shaun\AppData\Roaming\TheBannerSaga
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-16 14:22 . 2014-11-18 14:08    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-10 11:43 . 2013-01-11 12:57    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-10 11:43 . 2011-07-12 22:19    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 21:01 . 2013-03-31 16:19    16017040    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2015-02-05 21:01 . 2013-03-31 16:19    14119744    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2015-02-05 21:01 . 2012-11-28 00:03    1540240    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2015-02-05 21:01 . 2010-09-05 16:43    18575880    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2015-02-05 21:01 . 2010-09-05 16:42    3299512    ----a-w-    c:\windows\system32\nvapi64.dll
2015-02-05 19:07 . 2010-07-09 08:17    6861128    ----a-w-    c:\windows\system32\nvcpl.dll
2015-02-05 19:07 . 2010-07-09 08:17    3517584    ----a-w-    c:\windows\system32\nvsvc64.dll
2015-02-05 19:07 . 2010-07-09 08:17    935056    ----a-w-    c:\windows\system32\nvvsvc.exe
2015-02-05 19:07 . 2010-07-09 08:17    62792    ----a-w-    c:\windows\system32\nvshext.dll
2015-02-05 19:07 . 2010-07-09 08:17    2558792    ----a-w-    c:\windows\system32\nvsvcr.dll
2015-02-05 19:06 . 2010-07-09 08:17    385168    ----a-w-    c:\windows\system32\nvmctray.dll
2015-02-05 12:50 . 2012-11-28 00:05    4236870    ----a-w-    c:\windows\system32\nvcoproc.bin
2015-01-14 03:32 . 2011-07-07 19:29    33856    ---ha-w-    c:\windows\system32\hamachi.sys
2014-12-31 11:14 . 2010-09-05 17:03    298120    ------w-    c:\windows\system32\MpSigStub.exe
2014-11-20 22:14 . 2014-11-18 14:07    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-20 22:14 . 2014-11-18 14:07    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-20 22:14 . 2014-11-18 14:07    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    152544    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Shaun\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"ZoomInfo Contact Contributor"="c:\users\Shaun\AppData\Local\ZoomInfoCEUtility\launch.bat" [2013-08-20 108]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-05 328568]
"ClipCube"="d:\browser downloads\ClipCube-0.2.2\ClipCube.exe" [2010-08-13 444928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"ColdTurkey_notify"="c:\program files\ColdTurkey\ct_notify.exe" [2012-05-02 47616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-3-27 217088]
TP-LINK Wireless Utility.lnk - c:\program files (x86)\TP-LINK\Common\TWCU.exe -s [2012-8-23 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisplayLastLogonInfo"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cntlm;Cntlm Authentication Proxy;c:\program files\Cntlm\cygrunsrv.exe;c:\program files\Cntlm\cygrunsrv.exe [x]
R2 KCTRP;KCTRP;c:\program files\ColdTurkey\KCTRP_srv.exe;c:\program files\ColdTurkey\KCTRP_srv.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 arusb_win7x;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7x.sys;c:\windows\SYSNATIVE\DRIVERS\arusb_win7x.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 SaiH0464;SaiH0464;c:\windows\system32\DRIVERS\SaiH0464.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH0464.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 Firefox Service;Firefox Service;c:\users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\05wdatmk.default\extensions\startup.service@mozilla.com\svc.exe;c:\users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\05wdatmk.default\extensions\startup.service@mozilla.com\svc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 hippovnc_service;hippovnc_service;c:\program files (x86)\HippoVNC\WinVNC.exe;c:\program files (x86)\HippoVNC\WinVNC.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\TP-LINK\Common\RaRegistry64.exe;c:\program files (x86)\TP-LINK\Common\RaRegistry64.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 11:43]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 15:05]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-27 15:05]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000Core.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 04:07]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-316848397-360787003-3543451247-1000UA.job
- c:\users\Shaun\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 04:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12    185824    ----a-w-    c:\users\Shaun\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-26 10135584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL =
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyServer = localhost:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-FBackup Scheduler - (no file)
Wow6432Node-HKCU-Run-FBackup 4 - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
SafeBoot-SolutoService
Toolbar-Locked - (no file)
AddRemove-Canon MP250 series User Registration - c:\program files (x86)\Canon\IJEREG\MP250 series\UNINST.EXE
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Musepack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Easy-PhotoPrint EX - c:\program files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe
AddRemove-FEZ v1.041.04 - c:\program files (x86)\1-click run\FEZ v1.04\uninstall.exe
AddRemove-LIMBO - c:\program files (x86)\LIMBO\Desintalar.exe
AddRemove-MP Navigator EX 3.0 - c:\program files (x86)\Canon\MP Navigator EX 3.0\Maint.exe
AddRemove-Steam App 230230 - D:\steam.exe
AddRemove-The Walking Dead_is1 - c:\program files (x86)\Telltale Games\The Walking Dead\unins000.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
AddRemove-{47D6F3E4-D158-4E47-84C4-0D6452DB2488}_is1 - d:\call of duty black ops 2\unins000.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-!¶E±3oOOI§3EEAa,iAu!・OIIA°?IeODIAIeOuO2AI°a_is1 - c:\deus ex human revolution\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\TP-LINK\Common\RaRegistry.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\users\Shaun\AppData\Local\ZoomInfoCEUtility\2163\coordinator.exe
c:\users\Shaun\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\users\Shaun\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
c:\program files\ColdTurkey\ct_notify2.exe
.
**************************************************************************
.
Completion time: 2015-02-16  22:42:02 - machine was rebooted
ComboFix-quarantined-files.txt  2015-02-16 14:42
.
Pre-Run: 1,580,548,096 bytes free
Post-Run: 1,835,118,592 bytes free
.
- - End Of File - - 05F97D26B68BEAD3353D3B1A6719AB23
A36C5E4F47E84449FF07ED3517B43A31
 

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Shaun on 17/02/2015 at 20:54:35.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDealsSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDealsSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDeals_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDeals_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_pdanet_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_pdanet_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDealsSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDealsSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDeals_Setup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDeals_Setup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_oovoo_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_pdanet_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_pdanet_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Shaun\appdata\locallow\minibar"
Successfully deleted: [Folder] "C:\Program Files (x86)\minibar"



~~~ FireFox

Emptied folder: C:\Users\Shaun\AppData\Roaming\mozilla\firefox\profiles\ywrljecr.default-1357908761323\minidumps [416 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Shaun\appdata\local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2015 at 20:58:29.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner[S0].txt

 

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 21:07:07
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Ultimate  (x64)
# Username : Shaun - SHAUN-PC
# Running from : C:\Users\Shaun\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Shaun\AppData\Roaming\updaterservice
Folder Deleted : C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\Extensions\isreaditlater@ideashower.com
File Deleted : C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\ywrljecr.default-1357908761323\foxydeal.sqlite

***** [ Scheduled tasks ] *****

Task Deleted : FSSUpdaterService

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16447


-\\ Mozilla Firefox v35.0.1 (x86 en-GB)


-\\ Google Chrome v

[C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Shaun\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2054 bytes] - [17/02/2015 21:04:26]
AdwCleaner[S0].txt - [2097 bytes] - [17/02/2015 21:07:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2156  bytes] ##########
 



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 17 February 2015 - 10:07 AM

Hello Shaun, 
 

I had some trouble uninstalling É±³öÖØΧ3ÈËÀà¸ïÃü .... Revo said that there was no uninstaller file for the program. I did click past it, and removed a registry item associated with the program in bold.

OK, thank you for letting me know. 
 
Please do the following. 
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

STEP 3
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM Scan log
  • ESET Online Scan log
  • RKreport.txt
  • FRST.txt
  • Addition.txt

Posted Image

#10 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 AM

Posted 23 February 2015 - 12:21 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users