Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.EXE HIGH CPU USAGE.... (miner suspected)


  • This topic is locked This topic is locked
8 replies to this topic

#1 the_shepherd

the_shepherd

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 08 April 2015 - 08:45 AM

I just found this site by googleing "Claymore CryptoNote CPU Miner" and found someone elses post here but during reading that post its different for each computer that is infected so thought it would be best to just make a new post and hope that is the right course of action and get help solving the problem I seem to be having...

 

when I power up my computer and start to use the internet(via firefox) it starts to run very slow and seems to lock up and not respond.

in taskmanager i have a background processes running and the top one is a gear with no name that is using up 84% of my CPU... so open file location and find out its an svchost.exe(microsoft stuff) this file is in C/windows/temp  abouve it are many log files so I opended the bottom one(most recent) and at the top it says "Claymore CryptoNote CPU Miner" come to find all the logs say that at the top!!

 

Im aboutt o head off to work but wanted to get this started also in the forum I found that led me here 1st thing he was told was to DL FRST and run it so attaced are the 2 files from that.

 

PLZ FOR THE LOVE OF TECH GOD HELP ME!!!

(also my brother is having a smialar problem but concering memroy not CPU usage)

 

 

Thank you!Attached File  FRST.txt   482.71KB   10 downloads



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:22 PM

Posted 08 April 2015 - 02:14 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The Addition.txt is missing. Please re-run FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 the_shepherd

the_shepherd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 08 April 2015 - 09:04 PM

Well 1st off thank you so much for the quick reply and offer to help me out.

Umm... as for the well questionable items that may or may not be on my computer that will take a little but of time to remove. But understand why its needed.

So I'll keep you posted asap on when I do the next step.



#4 the_shepherd

the_shepherd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 08 April 2015 - 10:21 PM

I dont think copy/paste will work in my case, the logs are way too large for that.... it opens the logs in notpad which doesnt give a word/page count so I did ctrl+A and put it into word and the FRST log alone is 258 Pages long...

 

the addition Log is only 41 pages however.

 

so below is that one.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Tyler at 2015-04-08 19:59:07
Running from C:\Users\Tyler\Desktop\svc host repair
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
"Crysis 3" (HKLM-x32\...\{6D1DFD35-9671-4DCC-B7E6-FCF6AD3FEB78}_is1) (Version: 1.3.0.0 - )
"XCOM - Enemy Within" (HKLM-x32\...\{EE377223-72A9-4995-B3B6-8A056CA4CE5D}_is1) (Version: 1.0.0.926 - )
«Halo: Combat Evolved» 01.00.09.0620 (HKLM-x32\...\Halo - Combat Evolved_is1) (Version: 01.00.09.0620 - R.G. Catalyst)
«The Elder Scrolls V - Skyrim»  1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V - Skyrim_is1) (Version: 1.9.32.0.8 - Bethesda Softworks)
7-Zip 9.34 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0934-000001000000}) (Version: 9.34.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Assassin`s Creed III (HKLM-x32\...\Assassin`s Creed III_is1) (Version: 1.05 - R.G. Revenants)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
Assassin's Creed® III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Autodesk AutoCAD Plant 3D 2015 Object Enabler (HKLM\...\Autodesk AutoCAD Plant 3D 2015 Object Enabler) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Plant 3D 2015 Object Enabler (Version: 20.0.51.0 - Autodesk) Hidden
Awesomenauts (HKLM-x32\...\Awesomenauts) (Version:  - )
Battle Nations (HKLM-x32\...\Steam App 251670) (Version:  - Z2)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Beyond Good and Evil (HKLM-x32\...\GOGPACKBEYONDGOODANDEVIL_is1) (Version: 2.0.0.5 - GOG.com)
Bioshock 2 version 1.5.0.019 (HKLM-x32\...\Bioshock 2_is1) (Version: 1.5.0.019 - 2K Games)
BioShock Infinite Burial at Sea - Episode 1 (HKLM-x32\...\QmlvU2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
Bioshock Infinite Burial at Sea Episode 2 (HKLM-x32\...\Qmlvc2hvY2tJbmZpbml0ZQ==_is1) (Version: 1 - )
Bioshock version 1.1 (HKLM-x32\...\Bioshock_is1) (Version: 1.1 - 2K Games)
BitTorrent (HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blackguards Special Edition (HKLM-x32\...\GOGPACKBLACKGUARDS_is1) (Version: 2.1.0.6 - GOG.com)
Borderlands GOTY (HKLM-x32\...\Borderlands GOTY_is1) (Version: v1.2 - 2K Games)
Borderlands TPS (HKLM-x32\...\Borderlands TPS_is1) (Version: 1.0.3u3 - 2K Games)
Call of Juarez Gunslinger © Ubisoft version 1 (HKLM-x32\...\Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1) (Version: 1 - )
Company of Heroes 2 - Ardennes Assault v.версия 3.0.0 (HKLM-x32\...\Company of Heroes 2 - Ardennes Assault_is1) (Version:  - )
Configurator 360 addin (HKLM-x32\...\{8FE324B0-B934-4D68-BAB5-DE2136036237}) (Version: 19.0.11300.9000 - Autodesk, Inc.)
Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version:  - Stunlock Studios)
Deadbreed® (HKLM-x32\...\Steam App 277950) (Version:  - Deadbreed AB)
Demonicon (HKLM-x32\...\Demonicon_is1) (Version: Demonicon - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dishonored  Game of the Year Edition (HKLM-x32\...\RGlzaG9ub3JlZA==_is1) (Version: 1 - )
Divinity - Original Sin (HKLM-x32\...\Divinity - Original Sin_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Dogs of War Online - Beta (HKLM-x32\...\Steam App 219700) (Version:  - Cyanide)
Drakensang - The River of Time (HKLM-x32\...\Drakensang_TRoT_is1) (Version:  - dtp)
DRAKERZ-Confrontation (HKLM-x32\...\Steam App 266030) (Version:  - Peoleo Entertainment)
Dungeon Defenders (HKLM-x32\...\Dungeon Defenders) (Version: 7.50 - Jimbo)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version: 1.2.0.0 - Релиз от R.G. Steamgames)
Eco Materials Adviser for Autodesk Inventor 2015 (64-bit) (HKLM\...\{2F7441CB-A646-41F1-B1CB-518AB311138B}) (Version: 5.1.2.0 - Granta Design Limited)
Empire Earth III (HKLM-x32\...\Empire Earth III_is1) (Version:  - GOG.com)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: 1.0u1 - WB Interactive Entertainment)
F1 Race Stars (HKLM-x32\...\F1 Race Stars_is1) (Version:  - )
Fable III version 1.1.1.3 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.1.1.3 - )
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version:  - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version:  - Bethesda Softworks)
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FATE: The Cursed King (HKLM-x32\...\{79849616-A545-446B-8D52-B64706781DCB}}_is1) (Version:  - WildTangent Games)
Fuel (HKLM-x32\...\Fuel_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
GOG.com Beyond Good and Evil (HKLM\...\{de495fd2-006f-494f-8a94-467eabd400ce}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Halo Spartan Assault, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Halo Spartan Assault_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version:  - MadMan Theory Games)
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Highborn (HKLM-x32\...\Highborn_is1) (Version:  - )
Hitman: Absolution + 12 DLC (Special Edition) [Lossless EN\RU Repack by R.G. Catalyst] (HKLM-x32\...\hmabs_catalyst_skymmer_Lossless) (Version:  - )
How to Survive (HKLM-x32\...\How to Survive_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Infinity Wars - Animated Trading Card Game (HKLM-x32\...\Steam App 257730) (Version:  - Lightmare Studios)
Insane 2 (HKLM-x32\...\Insane 2_is1) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Inversion (HKLM-x32\...\Inversion_is1) (Version:  - )
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lara Croft and the Guardian of Light (HKLM-x32\...\Lara Croft and the Guardian of Light_is1) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Legend of Grimrock (HKLM-x32\...\Legend of Grimrock_is1) (Version:  - GOG.com)
Legend of Grimrock 2 (HKLM-x32\...\Legend of Grimrock 2_is1) (Version:  - )
Lexmark S510 Series Uninstaller (HKLM\...\Lexmark S510 Series) (Version:  - Lexmark International, Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.154 - Logitech Inc.)
Mafia II version 1.0 (HKLM-x32\...\{4F5FB47E-14DE-45B4-85E3-11CD5E497KA3}_is1) (Version: 1.0 - 2K Games)
Marlow Briggs (HKLM-x32\...\Marlow Briggs_is1) (Version:  - )
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee Family Protection (HKLM-x32\...\{A96FA488-2856-437F-8EAC-1FD67F0EE32C}) (Version: 2.6.160.1 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)
Mercenaries 2. World in Flames version 1.1 (HKLM-x32\...\Mercenaries 2. World in Flames_is1) (Version: 1.1 - Electronic Arts)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.1100 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mockup 360 Addin 2015 (HKLM-x32\...\{E4D4242C-FC14-4B4F-B1D9-6760D8C241D5}) (Version: 1.1.0 - Autodesk)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 37.0.1 (x86 en-US) (HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Need For Speed The Run (HKLM-x32\...\Need For Speed The Run_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Need For Speed™ Most Wanted v1.5.0.0 / RePack by Baracuda (HKLM-x32\...\{767BA4BF-8419-4771-8CE7-9707EB287C32}_is1) (Version:  - )
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
Oddworld - Stranger's Wrath HD (HKLM-x32\...\GOGPACKSTRANGERSWRATHHD_is1) (Version: 2.0.0.4 - GOG.com)
Of Orcs And Men version 1.0.0.2 (HKLM-x32\...\{2858369E-0690-437C-BBA6-80776EF4E517}_is1) (Version: 1.0.0.2 - Focus Home Interactive)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orcs Must Die 2 (HKLM-x32\...\Orcs Must Die 2) (Version: 1.0.0.362 - Jimbo)
Orcs Must Die! Unchained (HKLM-x32\...\OMDU) (Version:  - )
OTTTD Deluxe Edition 1.27 (HKLM-x32\...\OTTTD Deluxe Edition 1.27) (Version: 1.27 - Cat-A-Cat)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.3.0.38816 - Grinding Gear Games)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PDF Report Writer (novaPDF 6.4  printer) (HKLM\...\PDF Report Writer_is1) (Version:  - Softland)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peter Jackson's King Kong - Gamers Edition (HKLM-x32\...\{2C391F94-B8B9-4832-9C57-3AFC332CC037}) (Version: 1.00.0000 - Ubisoft)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Prime World (HKLM-x32\...\Steam App 235340) (Version:  - Nival)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Raiden III (HKLM-x32\...\Raiden III) (Version:  - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Rapture3D 2.5.1 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7256 - Realtek Semiconductor Corp.)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version:  - Microsoft Studios)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup - Dead Rising 3 Apocalypse Edition ... (HKLM-x32\...\Setup - Dead Rising 3 Apocalypse Edition ...) (Version: ... - Capcom)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.03 - Creative Technology Limited)
Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_R.G. Shift_is1) (Version:  - R.G. Shift, Galfimbul)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Split/Second (HKLM-x32\...\{28526951-55EF-4901-A0CA-B9AC966D1DD1}) (Version: 1.00.0000 - Disney Interactive Studios)
State of Decay - Breakdown (HKLM-x32\...\State of Decay - Breakdown_is1) (Version:  - )
State of Decay - Lifeline (HKLM-x32\...\State of Decay - Lifeline_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Styx Master of Shadows (HKLM-x32\...\Styx Master of Shadows_is1) (Version: Styx Master of Shadows - )
Tales from the Borderlands (HKLM-x32\...\Tales from the Borderlands_is1) (Version:  - Telltale Games)
The Incredible Adventures of Van Helsing II (HKLM-x32\...\Steam App 272470) (Version:  - NeocoreGames)
The Incredible Adventures of Van Helsing II (HKLM-x32\...\The Incredible Adventures of Van Helsing II_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Titan Quest (HKLM-x32\...\Titan Quest_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Torchlight 2.v 1.25.5.2 + 1 DLC (HKLM-x32\...\Torchlight 2.v 1.25.5.2 + 1 DLC_is1) (Version: Torchlight 2.v 1.25.5.2 + 1 DLC - Repack by Fenixx (01.06.2013))
Turok (HKLM-x32\...\Turok_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE3Redist (HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
UE3Redist (x32 Version: 1.00.0000 - Epic Games) Hidden
Unity Web Player (HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version:  - )
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Wild Tangent - Fate (HKLM-x32\...\Wild Tangent - Fate) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Zzoomit (HKLM-x32\...\SeeWeblists) (Version:  - SeeWeblists)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> D:\~ Programs ~\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1029ABC3-2457-11D5-8E9D-0010B541CD80}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxAppCtrl.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\iDrop.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{244298EC-E661-11d4-BC13-0010B5891E89}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\TI.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{3897B445-D5B8-410d-899A-9789B8ADB643}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{3C3F63EA-C7BA-11d4-8E60-0010B541CD80}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Compatibility\Bin\DbxBridge.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxAppDocView.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxAppDocView.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4D29B490-49B2-11D0-93C3-7E0706000000}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxTest.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{62FBB030-24C7-11D3-B78D-0060B0F159EF}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtCp.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{76283A80-50DD-11D3-A7E3-00C04F79D7BC}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxAppCtrl.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\SolidObject.Dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\UCxTextBtn.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\UCxTextBtn.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\SolidObject.Dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> D:\~ Programs ~\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{97E17F04-17DF-11d5-BC38-0010B5891E89}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\BodyReceiver.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BBF9FDF1-52DC-11D0-8C04-0800090BE8EC}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxApprenticeServer.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ColorButton.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ColorButton.Ocx No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DtBridge.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\RxInventorUtilities.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> D:\~ Programs ~\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E60F81E1-49B3-11D0-93C3-7E0706000000}\localserver32 -> "D:\~ Programs ~\Autodesk\Inventor 2015\Bin\Inventor.exe" No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F2D4F4E5-EEA1-46FF-A83B-A270C92DAE4B}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DTInterop.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\InvResc.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\ServiceModule.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\InvTXTStack.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FD703B01-4362-423E-9BDB-91BDCB16C1C9}\InprocServer32 -> D:\~ Programs ~\Autodesk\Inventor 2015\Bin\DTInterop.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-2302181005-1298609994-3097129144-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File

==================== Restore Points  =========================

08-04-2015 18:43:30 Removed Autodesk 3ds Max 2015 Populate Data.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10BB9F1E-CB37-4E6E-8DD8-A41C03FB09CC} - System32\Tasks\Origin => C:\Users\Tyler\AppData\Roaming\Origin\update.vbe [2015-01-18] () <==== ATTENTION
Task: {10D488AD-FE7C-4844-9200-8101548A10F6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {166502D4-1B5F-4D57-8D5F-E43631EAE416} - \AutoKMS No Task File <==== ATTENTION
Task: {1D8EB610-F997-46C9-95AB-80DE45A196E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {208BA6AC-72A2-413D-8F40-20C40B12CF1F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Z97X-Tyler Z97X => D:\~ Programs ~\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {252BC299-F8B3-4597-8F39-6157571049E7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {25E7E08F-B268-47B2-B843-9E087F4F081E} - System32\Tasks\{76C66376-5861-49DC-8163-5DA8385C19B7} => pcalua.exe -a "C:\Program Files\Autodesk\Autodesk AutoCAD Plant 3D 2015 Object Enabler\Setup\Setup.exe" -c /P {8BDFED02-11E9-4CC7-010C-28EEDC3FC4DE} /M PLNT3DOE /LANG en-US
Task: {2B7434A6-8F6F-4625-A499-0E730EF11061} - System32\Tasks\{64A40A3A-A145-46F9-B96B-41403B91A481} => pcalua.exe -a C:\Users\Tyler\Downloads\Xbox360_64Eng.exe -d C:\Users\Tyler\Downloads
Task: {3EFE5052-7B64-4C50-B68C-EA9A57E14053} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {43F5A8AD-D982-4FFA-BA1A-428C10BA33E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {4873B2AC-5D9E-49F5-ADAD-1F5EE4EC5F96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {76C771AA-5A02-4C04-A5D7-9AC0648F35D7} - System32\Tasks\{D6C12EF1-F636-45D1-9C79-2F551072D465} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=battle.net --displayname="Battle.net"
Task: {80C3A3AD-46E7-4E6B-B356-F04CB34860C8} - System32\Tasks\AdobeAAMUpdater-1.0-Z97X-Tyler => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {8BAFD629-71A6-400C-81CD-ABD3695FB85F} - System32\Tasks\LexmarkPUDCTask => D:\~ Programs ~\Lexmark\ProductUpdate\LMprodupdate.exe [2012-09-11] ()
Task: {8BCBA438-4776-4207-BE86-591F9D68C43B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {B4EEFC59-F5D3-46C3-9519-789FC1005A7A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {BE6D7358-E811-4141-BD41-64F689035BD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)
Task: {C282B76E-1E5B-49E9-BBA1-8EC6638E640F} - System32\Tasks\{96AF2FAC-DCAD-4864-894F-F8676E475BC7} => pcalua.exe -a "E:\~ Games ~\Fuel\Fuel.exe" -d "E:\~ Games ~\Fuel"
Task: {D9DB978C-796B-474E-9B42-A37AFDB29E5C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2015-03-11] (Microsoft Corporation)
Task: {E1D2E1F9-53E9-4259-B8B2-6FC9D10AD17B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-02 23:33 - 2014-09-13 14:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 06:48 - 2015-01-20 06:48 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-01-21 16:01 - 2015-01-21 16:01 - 08898728 _____ () D:\~ Programs ~\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-29 06:21 - 2013-01-25 12:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-12-29 06:21 - 2013-01-25 12:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-02-11 11:21 - 2014-02-11 11:21 - 00860160 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-02-11 11:22 - 2014-02-11 11:22 - 01043968 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-02-11 11:21 - 2014-02-11 11:21 - 00052736 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-02-11 11:22 - 2014-02-11 11:22 - 00236032 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-01-28 21:14 - 2012-09-07 03:40 - 00952496 _____ () C:\Program Files (x86)\Lexmark S510 Series\LMADHmon.exe
2013-08-08 15:30 - 2013-08-08 15:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2015-03-13 07:27 - 2015-04-08 19:21 - 01605120 _____ () C:\Windows\Temp\svchost.exe
2015-01-28 21:14 - 2012-08-22 07:05 - 01490944 _____ () C:\Program Files (x86)\Lexmark S510 Series\lmabdrs.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-13 17:37 - 2014-08-13 17:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 17:37 - 2014-08-13 17:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 17:05 - 2013-11-20 17:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Tyler\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-2302181005-1298609994-3097129144-1001\...\StartupApproved\Run: => "Autodesk Sync"

==================== Accounts: =============================

Administrator (S-1-5-21-2302181005-1298609994-3097129144-500 - Administrator - Disabled)
Guest (S-1-5-21-2302181005-1298609994-3097129144-501 - Limited - Enabled) => C:\Users\Guest
Tyler (S-1-5-21-2302181005-1298609994-3097129144-1001 - Administrator - Enabled) => C:\Users\Tyler

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 07:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b720
Faulting process id: 0xfe8
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 07:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b893
Faulting process id: 0xc24
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 07:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b720
Faulting process id: 0x1b60
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b893
Faulting process id: 0x90
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b855
Faulting process id: 0x850
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b893
Faulting process id: 0x10ec
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:36:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b720
Faulting process id: 0x1bf8
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:31:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b893
Faulting process id: 0xdf4
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Faulting module name: mfeicfcore.exe, version: 2.6.0.160, time stamp: 0x5347e54e
Exception code: 0xc0000005
Fault offset: 0x000000000018b830
Faulting process id: 0x1854
Faulting application start time: 0xmfeicfcore.exe0
Faulting application path: mfeicfcore.exe1
Faulting module path: mfeicfcore.exe2
Report Id: mfeicfcore.exe3
Faulting package full name: mfeicfcore.exe4
Faulting package-relative application ID: mfeicfcore.exe5

Error: (04/08/2015 06:36:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume \\?\Volume{9b51b535-2ab7-4ada-ace0-863c847f3b1c}\ was not optimized because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (04/08/2015 07:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PCTechHotlineService service failed to start due to the following error:
%%2

Error: (04/08/2015 07:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lirsgt service failed to start due to the following error:
%%577

Error: (04/08/2015 07:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
%%577

Error: (04/08/2015 07:20:21 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "FCAA14233A20" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (04/08/2015 07:20:21 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "FCAA14233A20" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (04/08/2015 07:19:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 13 time(s).

Error: (04/08/2015 07:10:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 12 time(s).

Error: (04/08/2015 07:04:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 11 time(s).

Error: (04/08/2015 06:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 10 time(s).

Error: (04/08/2015 06:48:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 9 time(s).


Microsoft Office Sessions:
=========================
Error: (04/08/2015 07:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b720fe801d0726aa93bc22bC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.execfb8228f-de5e-11e4-be80-fcaa14233a20

Error: (04/08/2015 07:10:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b893c2401d07269d2a56f4dC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe8d94b7b7-de5d-11e4-be80-fcaa14233a20

Error: (04/08/2015 07:04:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b7201b6001d0726890c52537C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeb7381209-de5c-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:54:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b8939001d07267ba2ee294C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe5a843330-de5b-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b85585001d07266e398b88dC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe83f81114-de5a-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b89310ec01d072660d00f62eC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe926d4471-de59-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:36:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b7201bf801d07265366ae908C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exed68960d2-de58-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:31:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b893df401d072645fd46d10C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe359f3abc-de58-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mfeicfcore.exe2.6.0.1605347e54emfeicfcore.exe2.6.0.1605347e54ec0000005000000000018b830185401d071fa15167d29C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exeC:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe46bb0472-de57-11e4-be80-fcaa14233a20

Error: (04/08/2015 06:36:04 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{9b51b535-2ab7-4ada-ace0-863c847f3b1c}\The parameter is incorrect. (0x80070057)


CodeIntegrity Errors:
===================================
  Date: 2015-04-08 19:20:36.701
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-08 19:20:36.607
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-07 19:57:28.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-07 19:57:28.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-03 09:07:59.734
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-04-03 09:07:59.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-27 15:25:53.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-27 15:25:53.464
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-12 06:06:59.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume10\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume10\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-12 04:55:54.090
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume10\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8067.29 MB
Available physical RAM: 5652.13 MB
Total Pagefile: 9539.29 MB
Available Pagefile: 7161.41 MB
Total Virtual: 131072 MB
Available Virtual: 131071.82 MB

==================== Drives ================================

Drive c: (1. Operating System) (Fixed) (Total:82.89 GB) (Free:35.91 GB) NTFS
Drive d: (2. Programs) (Fixed) (Total:223.57 GB) (Free:207.29 GB) NTFS
Drive e: (3. Games) (Fixed) (Total:931.51 GB) (Free:183.46 GB) NTFS
Drive f: (4. Cartoon Movies & Shows) (Fixed) (Total:1863.01 GB) (Free:901.36 GB) NTFS
Drive g: (5. Real T.V. Shows) (Fixed) (Total:1855.74 GB) (Free:312.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (6. Real Movies) (Fixed) (Total:3725.9 GB) (Free:1595.23 GB) NTFS
Drive i: (7 INSTALERS) (Fixed) (Total:1862.35 GB) (Free:607.34 GB) NTFS
Drive j: (8 BACKUP) (Fixed) (Total:465.75 GB) (Free:298.39 GB) NTFS
Drive z: (WD SmartWare) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: C5350AFB)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 83.8 GB) (Disk ID: 91F4B08C)

Partition: GPT Partition Type.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B7CE4703)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 063632F7)
Partition 1: (Active) - (Size=1855.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7.3 GB) - (Type=12)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F9CD63CC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 465.8 GB) (Disk ID: 6C470188)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 1862.4 GB) (Disk ID: F72DD81D)
Partition 1: (Not Active) - (Size=1862.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:22 PM

Posted 09 April 2015 - 10:39 AM

Hi there,
please do the following:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    EmptyTemp:
    Task: {10BB9F1E-CB37-4E6E-8DD8-A41C03FB09CC} - System32\Tasks\Origin => C:\Users\Tyler\AppData\Roaming\Origin\update.vbe [2015-01-18] () 
    Task: {166502D4-1B5F-4D57-8D5F-E43631EAE416} - \AutoKMS No Task File 
    C:\Users\Tyler\AppData\Roaming\Origin\update.vbe 
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll No File
    
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 the_shepherd

the_shepherd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 10 April 2015 - 12:30 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~

~STEP 1 ~

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Tyler at 2015-04-09 18:27:52 Run:1
Running from C:\Users\Tyler\Desktop\svc host repair
Loaded Profiles: Tyler (Available profiles: Tyler & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
EmptyTemp:
Task: {10BB9F1E-CB37-4E6E-8DD8-A41C03FB09CC} - System32\Tasks\Origin => C:\Users\Tyler\AppData\Roaming\Origin\update.vbe [2015-01-18] ()
Task: {166502D4-1B5F-4D57-8D5F-E43631EAE416} - \AutoKMS No Task File
C:\Users\Tyler\AppData\Roaming\Origin\update.vbe
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll No File
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10BB9F1E-CB37-4E6E-8DD8-A41C03FB09CC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10BB9F1E-CB37-4E6E-8DD8-A41C03FB09CC}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{166502D4-1B5F-4D57-8D5F-E43631EAE416}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166502D4-1B5F-4D57-8D5F-E43631EAE416}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\Users\Tyler\AppData\Roaming\Origin\update.vbe => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ed8e593d-1965-4e45-9d55-d56162dcde14}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ed8e593d-1965-4e45-9d55-d56162dcde14}" => Key deleted successfully.
EmptyTemp: => Removed 2.8 GB temporary data.


The system needed a reboot.

==== End of Fixlog 18:28:35 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~STEP 2 ~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.201 - Logfile created 09/04/2015 at 18:45:54
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Tyler - Z97X
# Running from : C:\Users\Tyler\Desktop\svc host repair\adwcleaner\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PCTechHotlineSvc
[#] Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Spyware Clear
Folder Deleted : C:\Users\Tyler\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\hbdcevv1.default\Extensions\zzoomit@zoom.com
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\hbdcevv1.default\Extensions\{8816f3fa-c3a1-470e-a82f-ac6cd0e46816}.xpi
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\hbdcevv1.default\invalidprefs.js
File Deleted : C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\hbdcevv1.default\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8E593D-1965-4E45-9D55-D56162DCDE14}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ED8E593D-1965-4E45-9D55-D56162DCDE14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\PCTechHotline
Key Deleted : HKLM\SOFTWARE\PCTechHotline

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v41.0.2272.118

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2755 bytes] - [09/04/2015 18:40:44]
AdwCleaner[S0].txt - [2681 bytes] - [09/04/2015 18:45:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2740  bytes] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~STEP 3~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/9/2015
Scan Time: 7:01:41 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.10.01
Rootkit Database: v2015.03.31.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tyler

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 420172
Time Elapsed: 6 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf\1.0.5565.28092_0, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],

Files: 4
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf\1.0.5565.28092_0\manifest.json, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf\1.0.5565.28092_0\background.js, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf\1.0.5565.28092_0\content.js, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],
PUP.Optional.BrowsePulse.A, C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjegghfgfmnjndljbfkfkenodcocgiaf\1.0.5565.28092_0\icon.png, Quarantined, [d217a6c4e9a1979f81bf3108a066b749],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

~~~~~~~~~~~~~~~~~~~~~

~STEP 4 ~

~~~~~~~~~~~~~~~~~~~~~

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=20cf1082f9640946818e27673c40839c

# engine=23310

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-04-10 04:37:35

# local_time=2015-04-10 09:37:35 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT

# compatibility_mode=freeze

# scanned=769914

# found=43

# cleaned=28

# scan_time=50637

sh=D8D2C435F82801A463946038AC2D8788AB763055 ft=1 fh=daaf0221c5162b9b vn="a variant of Win32/InstallCore.WQ potentially unwanted application" ac=I fn="F:\Documents and Settings\Tyler\Downloads\Java_Setup.exe"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\Dishonored.Game.of.The.Year.Edition-HI2U\hi-dgoty.iso"

sh=9704F7AAC915E7D72367D95DCB1D4E746A7937AB ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\Magicka.Collection-PROPHET(1)\ppt-mgac.iso"

sh=C1D8422FEA109E590A85488419BB134AEEEFE162 ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\Marlow.Briggs.MULTi5-PROPHET\ppt-mbmd.iso"

sh=89C366BCBD3971183B9DFF0811258AC89B0C7E3F ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\[R.G. Gamblers] King's Bounty Dark Side\crack\crack.7z"

sh=6AC4D698A179FE084128E1CCDE9A283B16BBE4BC ft=1 fh=0600d38ad26b88ef vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\[R.G. Gamblers] King's Bounty Dark Side\crack\crack\steam_api.dll"

sh=F946E2EDA35E37912078953BC59E4D907EAB23E1 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\[R.G. Gamblers] Van Helsing 2\crack\crack.7z"

sh=53DE1B6BD2D14254EC762EEBE9F57E79F4EBE9C8 ft=1 fh=1ec55d698fb78f56 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\[R.G. Gamblers] Van Helsing 2\crack\crack\steam_api.dll"

sh=26AE56A2B4464BEDB0A1AC68F9ED1D6929464771 ft=1 fh=517595c0b7e424d3 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="I:\~ Game Installers ~\~ Have Installed ~\[R.G. Gamblers] Van Helsing 2\crack\crack\steam_api64.dll"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="OSX/Keygen.AA potentially unsafe application" ac=I fn="I:\~ Program Installers ~\Adobe CS6 Master Collection\CS6 Master Collection.rar"

sh=2C9E64807C9300C8875096BB3F83E17333F4DCF6 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="I:\~ Program Installers ~\Adobe CS6 Master Collection\CS6 Master Collection\CS6 Master Collection\KEYGEN-XFORCE [WIN OSX]\Crack-Windows\disable_activation.cmd"

sh=D5D8F874A8F59D846349BDB7EF0F4F4DE3A56B3E ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="I:\~ Program Installers ~\Freemake-Video-Converter_v4.1.3.10_with-GoldPack\Freemake-Video-Converter_v4.1.3.10_with-GoldPack.7z"

sh=2703FEA355B282EB9F16601CB616056C3B1CD19D ft=0 fh=0000000000000000 vn="a variant of MSIL/Hoax.Agent.NAD application" ac=I fn="J:\~ Back-Up ~\Tyler Lamb\Desktop\Emulators - Roms\~ X Box ~\X Box 360\Xbox 360 Emulator 1.7.1.rar"

sh=A36EBCAE3B6BBE155F9FD5CCAAAA65F8736DC4E9 ft=1 fh=c8846edbb1dd34fb vn="a variant of MSIL/Hoax.Agent.NAD application" ac=I fn="J:\~ Back-Up ~\Tyler Lamb\Desktop\Emulators - Roms\~ X Box ~\X Box 360\Xbox 360 Emulator 1.7.1\Xbox 360 Emulator 1.7.1.exe"

sh=EC39DB3A4DC48B9C6CDFCFD39DD5A3D5CE57A0D5 ft=0 fh=0000000000000000 vn="MSIL/TrojanDropper.Agent.BI trojan" ac=I fn="J:\~ Back-Up ~\~ Other ~\GGW\Girls Gone Wild - Best Of Blondes [katkits]\Girls Gone Wild - Best Of Blondes [katkits].rar"

sh=53F720FAD46C3C60F60172FF20DB45CCCF2E9F74 ft=0 fh=0000000000000000 vn="VBS/CoinMiner.AD trojan (cleaned by deleting - quarantined)" ac=C fn="C:\FRST\Quarantine\C\Users\Tyler\AppData\Roaming\Origin\update.vbe.xBAD"

sh=D8D2C435F82801A463946038AC2D8788AB763055 ft=1 fh=daaf0221c5162b9b vn="a variant of Win32/InstallCore.WQ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Tyler\Downloads\Java_Setup.exe"

sh=5B3DBF3201BE739FED6FE1BBB25C0B0A10615DF8 ft=1 fh=71f2f4f37cb0a45c vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Assassin's Creed IV - Black Flag\steam_api.dll"

sh=60113F7D7128EC9E96346E4B0097F882E4C031EA ft=1 fh=1de718496d7df80b vn="Win32/HackTool.Crack.BT potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Assassin's Creed IV - Black Flag\uplay_r1.dll"

sh=287D90E0ABBC7F770CBE3E1504B346C4AF28A7B6 ft=1 fh=cdf5edbe20f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\BioShock Infinite\Binaries\Win32\steam_api.dll"

sh=A4568EF2AD292963CC089EA294A472AF7860AECE ft=1 fh=776d5a4cc2a2b8ce vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Call of Juarez - Gunslinger\steam_api.dll"

sh=DEC31B89C17FCFE5FE8E06AE231D577123D4ADA5 ft=1 fh=c0207b50ba74e8fa vn="a variant of Win32/Packed.VMProtect.ABD trojan (cleaned by deleting - quarantined)" ac=C fn="E:\~ Games ~\Divinity - Original Sin\Shipping\steam_api.dll"

sh=A898CB307186EC3EB926F562915825345681444A ft=1 fh=04d51d62ea8fa3d2 vn="a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)" ac=C fn="E:\~ Games ~\Fable III\paul.dll"

sh=BC9177DF8C01BF4BE9F803C30015902631ACB110 ft=1 fh=decc47b4850a6376 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Fuel\SecuLauncher.exe"

sh=8E34DAFA23BBDBB9AA0167495CEE3CD55B17FF6E ft=1 fh=82b882508f0f89e0 vn="Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Marlow Briggs - The Mask of Death\steam_api.dll"

sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Orcs Must Die! 2\build\game\STEAM_API.DLL"

sh=53DE1B6BD2D14254EC762EEBE9F57E79F4EBE9C8 ft=1 fh=1ec55d698fb78f56 vn="a variant of Win32/Packed.VMProtect.ABD trojan (cleaned by deleting - quarantined)" ac=C fn="E:\~ Games ~\The Incredible Adventures of Van Helsing II\steam_api.dll"

sh=26AE56A2B4464BEDB0A1AC68F9ED1D6929464771 ft=1 fh=517595c0b7e424d3 vn="a variant of Win32/Packed.VMProtect.ABD trojan (cleaned by deleting - quarantined)" ac=C fn="E:\~ Games ~\The Incredible Adventures of Van Helsing II\steam_api64.dll"

sh=739E11F55CDDB1BD9DF0C7F29A515E77BC3F016C ft=1 fh=acb48fab3310fa74 vn="a variant of Win32/Packed.VMProtect.ABD trojan (cleaned by deleting - quarantined)" ac=C fn="E:\~ Games ~\The Vanishing of Ethan Carter\Binaries\Win64\steam_api64.dll"

sh=05FF92BFB54B2B3CEE8031952C2151D6CAD5E4A9 ft=1 fh=4592cd5e2b2b049b vn="a variant of Win32/HackTool.Crack.CC potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\Torchlight 2.v 1.25.5.2 + 1 DLC\steam_api.dll"

sh=C434F2212B86A59333DA443CE423882E84FF4087 ft=1 fh=d6c74d557cb0a45c vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="E:\~ Games ~\XCOM - Enemy Within\Binaries\Win32\steam_api.dll"

sh=54EC75C9E43438DD6B446C62F4603808D94CE592 ft=1 fh=0f7fdcc15a71bb74 vn="a variant of Win32/FlyStudio.HackTool.A potentially unwanted application (deleted - quarantined)" ac=C fn="I:\~ Bit Torrent ~\~ Finished ~\FABLE\FABELTRAIN.exe"

sh=C54128413B925EA069AF019C1206764880EC46B4 ft=1 fh=1fd823f812f5dc84 vn="Win32/HackTool.Crack.CM potentially unsafe application (deleted - quarantined)" ac=C fn="I:\~ Bit Torrent ~\~ Finished ~\Fable.Anniversary.Update.6.Beta.and.Crack\Crack-3DM\Binaries\Win32\steam_api.dll"

sh=95F2B077D8D7EEA8B7308F55DA7F2B27EFA9A5EF ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.VB.QME trojan (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\FORCED.MULTi9-ADDONiA\addonia-forced.iso"

sh=B57AB56797A57C44F8DB459EC99A11DC6E7718BD ft=0 fh=0000000000000000 vn="Win32/GameHack.AD potentially unsafe application (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\Mega Man\Megaman Legends PC\Megaman Legends PC.7z"

sh=76FFB478A89B0044158405E8239C45DAB3B67B5A ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\Post Apocalyptic Mayhem\Post Apocalyptic Mayhem [MULTI8][PCDVD][PROPHET][WwW.GamesTorrents.CoM]\ppt-pamm\ppt-pamm.iso"

sh=19BC2D39B8C76E139BD66D12B19202EA33670CDC ft=0 fh=0000000000000000 vn="Win32/HackTool.Crack.BQ potentially unsafe application (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\OMD2_362_JimbusEd_online.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="multiple threats (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\SMoS.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\Assassins.Creed.IV.Black.Flag-RELOADED\rld-ac4bf.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\BioShock Infinite Burial At Sea Episode 1 [MULTI5][PCDVD][RELOADED][WwW.GamesTorrents.CoM]\rld-bsifbase1\rld-bsifbase1.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (deleted)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\BioShock.Infinite.Burial.at.Sea.Episode.2-RELOADED\rld-bsifbase2.iso"

sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ potentially unsafe application (deleted)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\Call.of.Juarez.Gunslinger-RELOADED\rld-cojgs.iso"

sh=446D673317ED3AE286D8AF80FCB45481F37CA3F5 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan (deleted - quarantined)" ac=C fn="I:\~ Game Installers ~\~ Have Installed ~\Demonicon_2xDVD5\Demonicon_2.iso"



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:22 PM

Posted 10 April 2015 - 12:37 PM

  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!


???

goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 the_shepherd

the_shepherd
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 10 April 2015 - 01:52 PM

when i bought the computer of Craigslist it can with most of whats already on it, i just wanted a top of the line system maybe thats why the guy seemed to want to unload it with all the viruses he contracted to it.

maybe my best option is to just wipe all hard drives and start fresh with a clean system.



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:04:22 PM

Posted 11 April 2015 - 09:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users