Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem accessing websites


  • Please log in to reply
16 replies to this topic

#1 vonlutt

vonlutt

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 12:16 PM

I've been googling this problem like crazy and ran into this forum - the kicker is I cannot access this site on my desktop which is having this issue.

 

For about a month or so now I started noticing I can't access some sites correctly.  Ebay, for instance, will not show up correctly. The images down below don't load and most of the page is blank as a result.  Any image from livememe won't load, the site just shows me empty boxes, the images themselves don't load.  I cant update my malwarebytes, the update server cant be reached and when i try to go to the webpage I cannot access it either, along with bleepingcomputer.com.  
 
The kicker- they all work fine on other devices in my home, but I've tried 3 different browsers on my desktop and they do not work. Even my laptop with the same extensions one chrome and network pull it up fine.  My computer at work also pulls these sites up fine. I've gone into the command prompt and pinged these sites and i get 100% packet loss, cannot connect to these sites.
 
Ive deleted my cache- internet history, re-installed chrome, IE, Java, and adobe. Nothing working.  Reset my modem, changed my DNS numbers to 8.8.8.8, then reset it back again to automatic even, still doesn't work.
 
Run malware-bytes scans, spybot scans, MSE scans, and just downloaded avast and scanned, all come up fine.
 
 
I think it may be associated with using CC cleaner.   I deleted the caches and settings in accordance with how people recommended to other people to fix this issues that they connected with Cc-cleaner but it had no effect and I went as far as uninstalling the program.  Still nothing. When I would delete the cache and temporary files and reload Ebay, for instance, the page would load correctly one time when i refreshed - but any subsequent pages would be broken and it was back at square one.
 
I'm just about at a loss for what's wrong at this point, can anyone give me any advice/tips/help please?

Edited by hamluis, 17 April 2015 - 12:53 PM.
Moved to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 17 April 2015 - 08:02 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
  • List Restore Points

Click Go and post the result.

p22002970.gif Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.



If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.



(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


p22002970.gifDownload 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"


NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.
Do NOT use spoilers.
Do NOT edit your reply to post additional logs. Create new reply. I'll not get any email notifications about edits so I won't know you posted something new.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 09:47 PM

Thank you for taking the time to help me.  Sorry it has taken me so long to respond, as I stated above I cannot access most of the sites you posted on my desktop, including this one so have to send them all over to my desktop and then back to post it.  Without further ado:

 

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy 
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 10.0.1 Adobe Reader out of Date!
 Google Chrome (41.0.2272.101) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 

Farbar Service Scanner Version: 17-01-2015
Ran by Lance (administrator) on 17-04-2015 at 19:07:34
Running from "C:\Users\Lance\Documents\My Dropbox\Public"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
ATTENTION!=====> local policy on IP: 
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 

MiniToolBox by Farbar  Version: 14-04-2015
Ran by Lance (administrator) on 17-04-2015 at 19:09:34
Running from "C:\Users\Lance\Desktop\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ==============================
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
 
 
========================= IP Configuration: ================================
 
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Lance-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
   Physical Address. . . . . . . . . : E0-CB-4E-0F-F6-D8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : E0-CB-4E-0F-FD-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8cae:c24d:1f54:4346%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.102(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, April 17, 2015 5:46:27 PM
   Lease Expires . . . . . . . . . . : Friday, April 17, 2015 8:46:27 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 249613134
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-57-D5-3D-E0-CB-4E-0F-FD-6B
   DNS Servers . . . . . . . . . . . : 8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{4E8F3D83-57F3-4FB0-B539-D04AC13FB3C8}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3cd5:f6c:bc57:dd6d(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3cd5:f6c:bc57:dd6d%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{89BFFF0F-539F-405D-82DD-9D8FA22643F2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2607:f8b0:400a:806::200e
  216.58.216.174
 
 
Pinging google.com [216.58.216.142] with 32 bytes of data:
Reply from 216.58.216.142: bytes=32 time=14ms TTL=55
Reply from 216.58.216.142: bytes=32 time=12ms TTL=55
 
Ping statistics for 216.58.216.142:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 14ms, Average = 13ms
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  98.139.183.24
  206.190.36.45
  98.138.253.109
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=92ms TTL=51
Reply from 98.139.183.24: bytes=32 time=93ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 92ms, Maximum = 93ms, Average = 92ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...e0 cb 4e 0f f6 d8 ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller #2
 10...e0 cb 4e 0f fd 6b ......Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.102     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.102    266
    192.168.0.102  255.255.255.255         On-link     192.168.0.102    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.102    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.102    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.102    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:9d38:90d7:3cd5:f6c:bc57:dd6d/128
                                    On-link
 10    266 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::3cd5:f6c:bc57:dd6d/128
                                    On-link
 10    266 fe80::8cae:c24d:1f54:4346/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
x64-Catalog9 02 C:\Windows\System32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
x64-Catalog9 03 C:\Windows\System32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
x64-Catalog9 04 C:\Windows\System32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\ColorMedia64.dll [364024] (Over the Rainbow Tech)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/16/2015 11:28:52 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary fqdljnwc.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/16/2015 11:28:28 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary fqdljnwc.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/16/2015 11:27:09 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary fqdljnwc.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/16/2015 10:23:54 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (03/30/2015 09:59:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: urlmon.dll, version: 11.0.9600.17496, time stamp: 0x546fdf28
Exception code: 0xc0000005
Fault offset: 0x00016ecc
Faulting process id: 0x17b4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (04/17/2015 05:56:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/17/2015 05:56:24 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/16/2015 10:12:51 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.195.1024.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/16/2015 10:12:51 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.195.1024.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/30/2015 10:24:38 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (03/30/2015 10:24:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (03/30/2015 10:22:47 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (03/30/2015 10:22:46 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (03/30/2015 10:16:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (03/30/2015 10:16:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-17 08:09:29.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:29.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:29.290
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:28.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:28.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:28.195
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:28.090
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:28.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-17 08:09:27.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_b5bfb7f5e210be96\appid.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-04 14:15:59.173
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SoftwareDistribution\Download\063027e6e7f854ca44e857370ed18923\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22379_none_c014624816718091\appidapi.dll because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
«Tropico 5 - Steam Special Edition» (HKLM-x32\...\«Tropico 5 - Steam Special Edition»_is1) (Version:  - Kalypso Media Digital)
7 Grand Steps, Step 1: What Ancients Begat (HKLM-x32\...\Steam App 238930) (Version:  - )
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advanced Tactics Gold (HKLM-x32\...\Advanced Tactics Gold2.00c) (Version: 2.00c - Matrix Games)
AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version:  - Arcen Games, LLC)
AMD Accelerated Video Transcoding (Version: 13.30.100.41120 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81122.1054 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.13 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Batman - Arkham City (HKLM-x32\...\Batman - Arkham City) (Version: 1.0.0.0 - WB Games)
Batman: Arkham Asylum Game of the Year Edition (HKLM-x32\...\{CFABC775-5386-4BA5-86B4-505BBD36E812}) (Version: 1.0.0.0 - Eidos Inc./Warner Brothers)
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battle Academy 2 Eastern Front (HKLM-x32\...\Battle Academy 2 Eastern Front_is1) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.1 - Bitcoin project)
Carbiz 1.0.5 (HKLM-x32\...\{77E30BF8-C46C-4EDF-AC89-794AA92513A4}_is1) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1006.2142.37119 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.1120.2123.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.1120.2122.38423 - Advanced Micro Devices, Inc.) Hidden
Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version:  - )
Command Modern Air Naval Operations (HKLM-x32\...\Command Modern Air Naval Operations1.00) (Version: 1.00 - Matrix Games)
Commander The Great War (HKLM-x32\...\Commander The Great War1.1.2) (Version: 1.1.2 - Slitherine)
Conquest of Elysium 3 (remove only) (HKLM-x32\...\CoE3) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CorsixTH Beta 8 (HKLM-x32\...\CorsixTH) (Version: Beta 8 - )
CPUID CPU-Z 1.58 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creeper World 3 Arc Eternal (HKLM-x32\...\Q3JlZXBlcldvcmxkM0FyY0V0ZXJuYWw=_is1) (Version: 1 - )
Crusader Kings II 106 RePack by SxSxL (HKLM-x32\...\Crusader Kings II 1.06_is1) (Version: 1.06 - )
Dawn of Fantasy: Kingdom Wars (HKLM-x32\...\Steam App 227180) (Version:  - Reverie World Studios)
Dead Rising 2 (HKLM-x32\...\Steam App 45740) (Version:  - )
Dead Rising 2 (x32 Version: 1.0.0002.130 - Capcom) Hidden
Distant Worlds (HKLM-x32\...\Distant Worlds1.00) (Version: 1.00 - Matrix Games)
Distant Worlds Universe (HKLM-x32\...\Distant Worlds Universe1.9.5.0) (Version: 1.9.5.0 - Matrix Games)
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 1.0.2.22 - DivX, Inc. )
Dominions 4 (HKLM-x32\...\Steam App 259060) (Version:  - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Enforcer - Police Crime Action v1.0.2.3 (HKLM-x32\...\Enforcer - Police Crime Action v1.0.2.31.0.2.3) (Version: 1.0.2.3 - Friends in War)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Europa Universalis IV (HKLM-x32\...\Europa Universalis IV_is1) (Version:  - Paradox Interactive)
Europa Universalis IV Art of War (HKLM-x32\...\Europa Universalis IV Art of War_is1) (Version:  - )
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EveHQ (HKLM-x32\...\{B9DE52C0-00F7-4069-B58C-C5DA87394CB1}) (Version: 2.11 - Indicium Technologies)
EveHQ (HKLM-x32\...\EveHQ) (Version:  - )
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.4 - battleclinic.com)
Expeditions - Conquistador (HKLM-x32\...\GOGPACKEXPEDITIONSCONQ_is1) (Version: 2.0.0.9 - GOG.com)
f.lux (HKCU\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Factorio version 0.10.8 (HKLM\...\Factorio_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - ????? ?? R.G. Steamgames)
Franchise Hockey Manager 2014 (HKLM-x32\...\Franchise Hockey Manager2014) (Version: 2014 - Out of the Park Developments)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Front Office Football Seven (HKLM-x32\...\RnJvbnRPZmZpY2VGb290YmFsbFNldmVu_is1) (Version: 1 - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
GameBiz 3.0 (HKLM-x32\...\{2F90BB12-D8E7-4C15-A303-E2A035DF3B8A}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)
Gyazo 1.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Toshiyuki Masui)
Hearts of Iron III (HKLM-x32\...\{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}) (Version:  - )
Hearts of Iron III: Stars and Stripes version 3.05 (HKLM-x32\...\{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1) (Version: 3.05 - Paradox Interactive)
Hegemony Gold: Wars of Ancient Greece (HKLM-x32\...\Hegemony Gold) (Version:  - )
Hegemony Rome The Rise of Caesar (HKLM-x32\...\Hegemony Rome The Rise of Caesar_is1) (Version:  - )
Homeworld Remastered Collection (HKLM-x32\...\Homeworld Remastered Collection_is1) (Version:  - )
How to Survive - Storm Warning Edition (HKLM-x32\...\How to Survive - Storm Warning Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
Impulse (x32 Version: 1.0 - Stardock Corporation) Hidden
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.45.14 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Codec Pack (64-bit) v4.1.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.1.0 - )
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.45 (HKLM\...\Logitech Gaming Software) (Version: 8.45.88 - Logitech Inc.)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Lords of Xulima (HKLM-x32\...\TG9yZHNvZlh1bGltYQ==_is1) (Version: 1 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
March of the Eagles (HKLM-x32\...\Steam App 227760) (Version:  - Paradox Development Studio)
Media Center 17 (HKLM-x32\...\Media Center 17) (Version: 17 - J. River, Inc.)
Media Player Classic - Home Cinema v. 1.3.1249.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version:  - )
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.7.0205.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - ?????????? ??????????)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
Mount and Blade Warband 1.166 version 1.166 (HKLM-x32\...\{E1404855-C907-47CE-A52E-F6894F889872}_is1) (Version: 1.166 - )
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
MusicBee 2.0 (HKLM-x32\...\MusicBee) (Version: 2.0 - Steven Mayall)
Nation Red (HKLM-x32\...\Steam App 39800) (Version:  - Diezel Power)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.14.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.14.0 - NEC Electronics Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Panzer Corps Afrika Korps (HKLM-x32\...\Panzer Corps Afrika Korps1.12) (Version: 1.12 - Slitherine)
Patch v4.17b Update (HKLM-x32\...\{THEGUILDREN-0010-2010-300520102330}_is1) (Version:  - RUNEFORGE Games Studios)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.0.22571 - Grinding Gear Games)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Patrician IV - Rise of a Dynasty (HKLM-x32\...\{D55F88FD-4263-4DCF-B0DF-3149D04DB034}) (Version: 2.0.0.0 - Kalypso Media GmbH)
Patrician IV (HKLM-x32\...\{25B473C3-2C62-482B-858F-94ED76880F79}) (Version: 1.0.0 - Kalypso Media)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF To Word Converter V3.0.3 (HKLM-x32\...\PDF To Word Converter_is1) (Version:  - http://www.PDFWordConverter.net)
Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version:  - Uber Entertainment)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Qvadriga (HKLM-x32\...\Qvadriga1.00) (Version: 1.00 - Slitherine)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rise of Flight (HKLM-x32\...\{1101370E-0BBC-4939-8037-2AED92A5C15C}_is1) (Version:  - 777)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.0.0 - Rockstar Games)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.1.0.11112_41 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Semper Fi 1.0 (HKLM-x32\...\Semper Fi_is1) (Version:  - Paradox Interactive)
Showtime! (HKLM-x32\...\Steam App 285050) (Version:  - Myrtilus Entertainment)
Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version:  - Firaxis Games)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7038 - Six Projects)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
South Park The Stick of Truth (HKLM-x32\...\South Park The Stick of Truth_is1) (Version:  - Ubisoft)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarDrive (HKLM-x32\...\Steam App 220660) (Version:  - Zero Sum Games)
Starpoint Gemini 2 (HKLM-x32\...\Starpoint Gemini 2_is1) (Version:  - Iceberg Interactive)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
Stronghold Crusader 2 (HKLM-x32\...\Stronghold Crusader 2_is1) (Version:  - )
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.2.0.3 - GOG.com)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamSpeak 2 RC2 (HKLM-x32\...\Teamspeak 2 RC2_is1) (Version: 2.0.32.60 - Dominating Bytes Design)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version:  - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Thrustmaster Calibration Tool (HKLM-x32\...\{44B660BB-EAC5-4D4F-9890-C607DD5F7630}) (Version: 1.03.0000 - Thrustmaster)
Total War: ROME II Hannibal at the Gates (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2014 WinPerFedFormset (x32 Version: 014.000.1683 - Intuit Inc.) Hidden
TurboTax 2014 WinPerReleaseEngine (x32 Version: 014.000.0426 - Intuit Inc.) Hidden
TurboTax 2014 WinPerTaxSupport (x32 Version: 014.000.0204 - Intuit Inc.) Hidden
TurboTax 2014 wrapper (x32 Version: 014.000.0109 - Intuit Inc.) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity of Command (HKLM-x32\...\Unity_of_Command) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2920794) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{BB006B39-9FD7-4DD5-942E-CDF1BBD718DB}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A8AEAD3C-C39C-47DA-A9B3-7F8C895B9E6A}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2956104) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A8AEAD3C-C39C-47DA-A9B3-7F8C895B9E6A}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Verdun (HKLM-x32\...\Steam App 242860) (Version:  - M2H)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder Launcher 1.0.1.335 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
War Thunder Launcher 1.0.1.336 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8b72e9}}_is1) (Version:  - Gaijin Entertainment)
Wargame Red Dragon (HKLM-x32\...\Wargame Red Dragon_is1) (Version:  - )
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - )
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8093.805 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.1 - Xvid Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zotero Standalone 4.0.16 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.16 (x86 en-US)) (Version: 4.0.16 - Zotero)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 21%
Total physical RAM: 20471.12 MB
Available physical RAM: 16164.8 MB
Total Pagefile: 40940.42 MB
Available Pagefile: 36431.99 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.08 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:73.68 GB) (Free:10.63 GB) NTFS
3 Drive e: (New Volume) (Fixed) (Total:1397.26 GB) (Free:452.62 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LANCE-PC
 
Administrator            Guest                    Lance                    
 
========================= Restore Points ==================================
 
31-03-2015 05:03:07 Windows Modules Installer
31-03-2015 05:08:33 Windows Modules Installer
31-03-2015 05:11:03 Windows Update
17-04-2015 05:15:07 Windows Update
17-04-2015 06:27:09 avast! antivirus system restore point
 
**** End of log ****
 
 
I have malwarebytes installed, but cannot update it- malwarebytes.org can't be reached on my desktop and either can the update server, apparently.  Last time it was it was updated was the end of February, ran a scan but it came up clean for what its worth. Cannot seem to attach the log so here is the paste of it:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2015
Scan Time: 7:22:06 PM
Logfile: mbam save log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.18.09
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lance
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358345
Time Elapsed: 5 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
Cannot update the rootkit beta update database, of course.  Running the anti-rootkit with the November database.  
 
Ran the rootkit, said nothing found:
 

alwarebytes Anti-Rootkit BETA 1.09.1.1004
 
Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Lance :: LANCE-PC [administrator]
 
4/17/2015 7:31:40 PM
mbar-log-2015-04-17 (19-31-40).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 351265
Time elapsed: 4 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.032000 GHz
Memory total: 21465522176, free: 17246494720
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 8.0.7601.17514
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 4.032000 GHz
Memory total: 21465522176, free: 17283923968
 
Initializing...
======================
------------ Kernel report ------------
     04/17/2015 19:31:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spym.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv91xx.sys
\SystemRoot\system32\DRIVERS\mvxxmm.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\System32\Drivers\avtxxwhf.SYS
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\LGSUsbFilt.Sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\S3XXx64.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\ladfGSRamd64.sys
\SystemRoot\system32\DRIVERS\ladfGSCamd64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\Windows\system32\drivers\cpuz135_x64.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\e:\junk\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Users\Lance\AppData\Local\Temp\cpuz138\cpuz138_x64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
 
Scan started
Database versions:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01
 
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80106da060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-7\
Lower Device Object: 0xfffffa80104c0060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80106ba790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T1L0-4\
Lower Device Object: 0xfffffa80104a4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80106ba790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80106ba1e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106ba790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa801047e520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80104a4060, DeviceName: \Device\Ide\IdeDeviceP0T1L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a048600300, 0xfffffa80106ba790, 0xfffffa801526b090
Lower DeviceData: 0xfffff8a045dd1160, 0xfffffa80104a4060, 0xfffffa801524c2a0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1777664
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1779712  Numsec = 154519728
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80106da060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80105bb970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106da060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80104bf520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80104c0060, DeviceName: \Device\Ide\IdeDeviceP1T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0104e47c0, 0xfffffa80106da060, 0xfffffa801d94a790
Lower DeviceData: 0xfffff8a0694e54d0, 0xfffffa80104c0060, 0xfffffa8015042c30
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A369028
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 2930272256
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
 
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
 

Rkill 2.7.0 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/17/2015 07:39:05 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/17/2015 07:39:14 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)
 
 
 
 
Luis asked me to attach this from speccy when he moved the thread:
 
 
 
 
Long story short, none of these programs appeared to report anything wrong from what I see?  The Colormedia.dlls seem to the only things that I see that are out of place, but I don't know nearly enough about the issues I'm having to properly identify.
 
 
Thank you again for your help.


#4 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 10:02 PM

For reference, this definitely has to be related:

 

1KsqK6R.png

 

 

Tried disabling windows firewall, had no effect.


Edited by vonlutt, 17 April 2015 - 10:04 PM.


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 17 April 2015 - 10:08 PM

OK, here is your issue:

 

ATTENTION!=====> local policy on IP: 
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Value: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"

 

Let's take a closer look...

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE

  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 10:19 PM

Sorry for my ignorance, copied it over to my desktop , the 64-bit version.  When I go to 'look' it gives an error saying 'Script required!'.  Tried the other version as well, both give me that error.  Tried running as administrator, still didn't work..... 

 

Edit:  Was being dumb, copying into field now... 


Edited by vonlutt, 17 April 2015 - 10:23 PM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 17 April 2015 - 10:24 PM

You use 64-bit version but you didn't copy/paste script included in my previous reply.

Re-read it.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 10:24 PM

Reading was apparently hard for me, here it is:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:24 on 17/04/2015 by Lance
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
"ActivePolicy"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecFilter{11d335f3-5dfd-4743-b89c-0dd3f35b71f4}]
"className"="ipsecFilter"
"description"="Windows Firewall Configuration Helper"
"name"="ipsecFilter{11d335f3-5dfd-4743-b89c-0dd3f35b71f4}"
"ipsecName"="whitelist"
"ipsecID"="{11d335f3-5dfd-4743-b89c-0dd3f35b71f4}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b5 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 b8 42 00 00 f4 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 16 31 b7 1e ac d7 29 4c a2 89 96 d9 b5 16 ee 2f 01 00 00 00 17 03 69 0b ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 47 c4 e2 fd c1 ec d9 48 b5 db 43 b9 09 25 64 4f 01 00 00 00 17 03 69 19 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 c0 af 7d af 04 bc d1 45 a1 10 15 51 c8 b3 e1 be 01 00 00 00 17 d4 3b 32 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 28 e1 4a 3f 6f 78 76 4e 8f 5e f9 99 41 be ff 83 01 00 00 00 17 d4 3b 39 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 02 00 00 00 00 00 13 ea d9 72 42 a0 71 46 a3 dc 75 a1 c4 ea 60 c7 01 00 00 (REG_BINARY)
"whenChanged"= 0x0054e53036 (1424306230)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecISAKMPPolicy{0acfb9f6-9d31-4e81-bb03-82d5670282bf}]
"className"="ipsecISAKMPPolicy"
"name"="ipsecISAKMPPolicy{0acfb9f6-9d31-4e81-bb03-82d5670282bf}"
"ipsecID"="{0acfb9f6-9d31-4e81-bb03-82d5670282bf}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b8 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 c0 00 00 00 f6 b9 cf 0a 31 9d 81 4e bb 03 82 d5 67 02 82 bf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 40 00 00 00 08 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00 00 00 00 03 00 00 00 40 00 00 00 08 00 00 00 02 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 80 70 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e5302c (1424306220)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{74d87990-3c71-4e71-b92e-29475115af78}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{74d87990-3c71-4e71-b92e-29475115af78}"
"ipsecName"="permit"
"ipsecID"="{74d87990-3c71-4e71-b92e-29475115af78}"
"ipsecNegotiationPolicyAction"="{3f91a819-7647-11d1-864d-d46a00000000}"
"ipsecNegotiationPolicyType"="{62f49e10-6c37-11d1-864c-14a300000000}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b9 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 04 00 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e5302c (1424306220)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNegotiationPolicy{81ee8200-c938-4981-a3b7-f8792c3e81f9}]
"className"="ipsecNegotiationPolicy"
"name"="ipsecNegotiationPolicy{81ee8200-c938-4981-a3b7-f8792c3e81f9}"
"ipsecID"="{81ee8200-c938-4981-a3b7-f8792c3e81f9}"
"ipsecNegotiationPolicyAction"="{8a171dd3-77e3-11d1-8659-a04f00000000}"
"ipsecNegotiationPolicyType"="{62f49e13-6c37-11d1-864c-14a300000000}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=b9 20 dc 80 c8 2e d1 11 a8 9e 00 a0 24 8d 30 21 a4 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 03 00 00 00 02 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  (REG_BINARY)
"whenChanged"= 0x0054e5302d (1424306221)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709}]
"className"="ipsecNFA"
"name"="ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709}"
"ipsecName"="whitelist"
"ipsecID"="{405647fa-dded-4de7-a20f-69d5e0f7a709}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=00 ac bb 11 8d 49 d1 11 86 39 00 a0 24 8d 30 21 2a 00 00 00 01 00 00 00 05 00 00 00 02 00 00 00 00 00 fd ff ff ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 05 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 01 00 00 00 00 00 00 00 00  (REG_BINARY)
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{74d87990-3c71-4e71-b92e-29475115af78}"
"ipsecFilterReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecFilter{11d335f3-5dfd-4743-b89c-0dd3f35b71f4}"
"whenChanged"= 0x0054e5311f (1424306463)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecNFA{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}]
"className"="ipsecNFA"
"name"="ipsecNFA{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}"
"ipsecID"="{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=00 ac bb 11 8d 49 d1 11 86 39 00 a0 24 8d 30 21 2a 00 00 00 01 00 00 00 05 00 00 00 02 00 00 00 00 00 fd ff ff ff 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 00 00 00 05 00 00 00 00 00 00 00 01 01 01 01 01 01 01 01 01 01 01 01 01 01 01 02 01 00 00 00 00 00 00 00 00  (REG_BINARY)
"ipsecNegotiationPolicyReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNegotiationPolicy{81ee8200-c938-4981-a3b7-f8792c3e81f9}"
"whenChanged"= 0x0054e5302d (1424306221)
"ipsecOwnersReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}]
"className"="ipsecPolicy"
"description"="Windows Firewall Configuration Helper"
"name"="ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
"ipsecName"="whitelist"
"ipsecID"="{406758d3-ed30-4cd3-8dd7-427e582e1a1d}"
"ipsecDataType"= 0x0000000100 (256)
"ipsecData"=63 21 20 22 4c 4f d1 11 86 3b 00 a0 24 8d 30 21 04 00 00 00 30 2a 00 00 00  (REG_BINARY)
"ipsecISAKMPReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecISAKMPPolicy{0acfb9f6-9d31-4e81-bb03-82d5670282bf}"
"whenChanged"= 0x0054e53120 (1424306464)
"ipsecNFAReference"="SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709} SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecNFA{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}"
 
 
-= EOF =-

Edited by vonlutt, 17 April 2015 - 10:25 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 17 April 2015 - 10:34 PM

OK.

 

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/
 

Now...

 

Go Start and in "Start search" type:

 

regedit

 

Hold SHIFT nad CTRL keys, press Enter.

 

Registry Editor will open.

 

Navigate to:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

 

In right pane you'll see ActivePolicy name.

Right click on it, click "Delete".

 

Next back to left pane where you're at \Local key.

You'll see several subkeys:

 

ipsecFilter{11d335f3-5dfd-4743-b89c-0dd3f35b71f4}
ipsecISAKMPPolicy{0acfb9f6-9d31-4e81-bb03-82d5670282bf}
ipsecNegotiationPolicy{74d87990-3c71-4e71-b92e-29475115af78}
ipsecNegotiationPolicy{81ee8200-c938-4981-a3b7-f8792c3e81f9}
ipsecNFA{405647fa-dded-4de7-a20f-69d5e0f7a709}
ipsecNFA{77f1e14b-f8bd-49ec-8886-1e113d27bf6b}
ipsecPolicy{406758d3-ed30-4cd3-8dd7-427e582e1a1d}

 

Right click on each one and click "Delete".

 

Close registry editor.

Restart computer.

 

Post new FSS log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 10:47 PM

I'm here on my desktop, thank you very much!

 

Farbar Service Scanner Version: 17-01-2015
Ran by Lance (administrator) on 17-04-2015 at 20:46:00
Running from "C:\Users\Lance\Documents\My Dropbox\Public"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****
 
Here is  the log.  It appears I can access the websites that were broken  before, does everything look well now?
 
 
 
Thank you very much, again.  I donated a little bit to your paypal for being so patient with me and helping me through this.


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 17 April 2015 - 11:04 PM

Excellent!

 

Thank you :)

 

Couple more things...

 

p22002970.gif You're running two AV programs, MSE and Avast.

You must uninstall one of them.

 

p22002970.gif See if you can update MBAM now.

Post new log.

 

Next...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


p22002970.gif Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 April 2015 - 11:38 PM

Can update MBAM now :)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2015
Scan Time: 9:31:00 PM
Logfile: MBM scan.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.04.18.01
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Lance
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355367
Time Elapsed: 6 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [b653442ad1b9ed49d71d803ddf241be5], 
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1746808819-1131868553-3916776706-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ConsumerInput, Quarantined, [b15881eddbaf0c2add63843caf54ce32], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v4.201 - Logfile created 17/04/2015 at 21:25:30
# Updated 08/04/2015 by Xplode
# Database : 2015-04-15.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Lance - LANCE-PC
# Running from : C:\Users\Lance\Desktop\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF to Word Converter
Folder Deleted : C:\Program Files (x86)\BrightBreeze
Folder Deleted : C:\Users\Lance\AppData\Local\PackageAware
Folder Deleted : C:\Users\Lance\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Deleted : C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao
File Deleted : C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage
File Deleted : C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage-journal
File Deleted : C:\Windows\System32\ColorMedia64.dll
 
***** [ Scheduled tasks ] *****
 
Task Deleted : DriverRestore_DailyScan
Task Deleted : DriverRestore_ScheduledScan
Task Deleted : LaunchSignup
Task Deleted : RunAsStdUser Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\DriverTuner
Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
Key Deleted : [x64] HKLM\SOFTWARE\DriverTuner
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : dajedkncpodkggklbegccjpmnglmnflm
[C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ehoopddfhgaehhmphfcooacjdpmbjlao
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [4455 bytes] - [17/04/2015 21:24:14]
AdwCleaner[S0].txt - [4249 bytes] - [17/04/2015 21:25:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4308  bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.8 (04.17.2015:1)
OS: Windows 7 Professional x64
Ran by Lance on Fri 04/17/2015 at 21:28:28.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E5F5D888-2587-E012-A817-7038F5690F26}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Lance\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/17/2015 at 21:30:01.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by vonlutt, 17 April 2015 - 11:39 PM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 18 April 2015 - 05:20 PM

Sophos?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 vonlutt

vonlutt
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 18 April 2015 - 07:34 PM

Appears to have cleared out some nasty stuff, never noticed any issues or anything ever running in the background:
 
 
2015-04-18 04:34:17.267 Sophos Virus Removal Tool version 2.5.4
2015-04-18 04:34:17.267 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2015-04-18 04:34:17.267 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2015-04-18 04:34:17.267 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-04-18 04:34:17.267 Checking for updates...
2015-04-18 04:34:20.106 Update progress: proxy server not available
2015-04-18 04:34:22.119 Option all = no
2015-04-18 04:34:22.119 Option recurse = yes
2015-04-18 04:34:22.119 Option archive = no
2015-04-18 04:34:22.119 Option service = yes
2015-04-18 04:34:22.119 Option confirm = yes
2015-04-18 04:34:22.119 Option sxl = yes
2015-04-18 04:34:22.119 Option max-data-age = 35
2015-04-18 04:34:22.119 Option EnableSafeClean = yes
2015-04-18 04:34:25.192 Option vdl-logging = yes
2015-04-18 04:34:25.207 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-18 04:34:25.207 Machine ID: fdbe0e53a1c94665a8e252f9760c5785
2015-04-18 04:34:25.207 Component SVRTcli.exe version 2.5.4
2015-04-18 04:34:25.207 Component control.dll version 2.5.4
2015-04-18 04:34:25.207 Component SVRTservice.exe version 2.5.4
2015-04-18 04:34:25.207 Component engine\osdp.dll version 1.44.1.2200
2015-04-18 04:34:25.207 Component engine\veex.dll version 3.60.0.2200
2015-04-18 04:34:25.207 Component engine\savi.dll version 8.1.7.2200
2015-04-18 04:34:25.207 Component rkdisk.dll version 1.5.30.0
2015-04-18 04:34:25.207 Version info: Product version 2.5.4
2015-04-18 04:34:25.207 Version info: Detection engine 3.60.0
2015-04-18 04:34:25.207 Version info: Detection data 5.13
2015-04-18 04:34:25.207 Version info: Build date 3/31/2015
2015-04-18 04:34:25.207 Version info: Data files added 264
2015-04-18 04:34:25.207 Version info: Last successful update (not yet updated)
2015-04-18 04:34:28.595 Downloading updates...
2015-04-18 04:34:28.595 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2015-04-18 04:34:28.595 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2015-04-18 04:34:28.595 Update progress: [I49502] Found supplement IDE514 LATEST 
2015-04-18 04:34:28.595 Update progress: [I49502] Found supplement IDE515 LATEST 
2015-04-18 04:34:28.595 Update progress: [I49502] Found supplement IDE516 LATEST 
2015-04-18 04:34:28.595 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-04-18 04:34:28.595 Update progress: [I19463] Syncing product SAVIW32 53
2015-04-18 04:34:30.366 Update progress: [I19463] Syncing product IDE514 161
2015-04-18 04:34:30.803 Installing updates...
2015-04-18 04:34:31.412 Error level 1
2015-04-18 04:34:31.412 Update progress: [I19463] Syncing product IDE515 106
2015-04-18 04:34:31.412 Update progress: [I19463] Syncing product IDE516 1
2015-04-18 04:34:34.394 Update successful
2015-04-18 04:34:42.647 Option all = no
2015-04-18 04:34:42.647 Option recurse = yes
2015-04-18 04:34:42.647 Option archive = no
2015-04-18 04:34:42.647 Option service = yes
2015-04-18 04:34:42.647 Option confirm = yes
2015-04-18 04:34:42.647 Option sxl = yes
2015-04-18 04:34:42.647 Option max-data-age = 35
2015-04-18 04:34:42.647 Option EnableSafeClean = yes
2015-04-18 04:34:42.678 Option vdl-logging = yes
2015-04-18 04:34:42.693 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-04-18 04:34:42.693 Machine ID: fdbe0e53a1c94665a8e252f9760c5785
2015-04-18 04:34:42.693 Component SVRTcli.exe version 2.5.4
2015-04-18 04:34:42.693 Component control.dll version 2.5.4
2015-04-18 04:34:42.693 Component SVRTservice.exe version 2.5.4
2015-04-18 04:34:42.693 Component engine\osdp.dll version 1.44.1.2200
2015-04-18 04:34:42.693 Component engine\veex.dll version 3.60.0.2200
2015-04-18 04:34:42.693 Component engine\savi.dll version 8.1.7.2200
2015-04-18 04:34:42.693 Component rkdisk.dll version 1.5.30.0
2015-04-18 04:34:42.693 Version info: Product version 2.5.4
2015-04-18 04:34:42.693 Version info: Detection engine 3.60.0
2015-04-18 04:34:42.693 Version info: Detection data 5.13G
2015-04-18 04:34:42.693 Version info: Build date 3/31/2015
2015-04-18 04:34:42.693 Version info: Data files added 264
2015-04-18 04:34:42.693 Version info: Last successful update 4/17/2015 9:34:34 PM
 
2015-04-18 06:19:58.099 Could not open C:\System Volume Information\{1714e86b-e583-11e4-a179-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{4a25425f-d762-11e4-b07c-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{75f29696-d763-11e4-b33e-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{75f2969a-d763-11e4-b33e-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{81ac5d07-e4c0-11e4-b481-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.100 Could not open C:\System Volume Information\{81ac5e2f-e4c0-11e4-b481-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.101 Could not open C:\System Volume Information\{81ac5e48-e4c0-11e4-b481-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:19:58.101 Could not open C:\System Volume Information\{db74be79-e57c-11e4-9092-e0cb4e0ff6d8}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-04-18 06:22:40.024 Could not open C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-04-18 06:22:40.024 Could not open C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2015-04-18 06:22:42.496 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2015-04-18 06:22:42.502 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-04-18 06:22:42.564 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mgijmajocgfcbeboacabfgobmjgjcoja\LOCK (virus scan failed)
2015-04-18 06:22:42.569 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-04-18 06:22:42.831 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-04-18 06:22:42.869 Could not check C:\Users\Lance\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio\LOCK (virus scan failed)
2015-04-18 06:28:13.074 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-04-18 06:28:13.074 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-04-18 06:28:13.861 Could not open C:\Windows\System32\config\components
2015-04-18 06:28:13.866 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-04-18 06:28:13.866 Could not open C:\Windows\System32\config\RegBack\SAM
2015-04-18 06:28:13.867 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-04-18 06:28:13.868 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-04-18 06:28:13.869 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-04-18 06:28:20.512 Could not open C:\Windows\System32\drivers\sptd.sys
2015-04-18 06:30:34.583 >>> Virus 'Mal/Generic-S' found in file C:\Windows\SysWOW64\netdolst.dll
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:30:34.584 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:35:56.089 >>> Virus 'Mal/VMProtBad-A' found in file E:\Games\Caesar\Hegemony Rome The Rise of Caesar\x86\steam_api.dll
2015-04-18 06:35:56.089 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:35:56.089 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:35:56.090 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file E:\Games\Cities XL 2011\rld.dll
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:36:15.198 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:36:15.199 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:36:15.199 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:36:15.199 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:36:15.199 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:36:15.199 >>> Virus 'Mal/Obfus-D' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file E:\Games\Cosmonautica v1.09\bin\steam_api.dll
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:37:54.667 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:37:54.668 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:37:54.668 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:37:54.668 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file E:\Games\Endless Legend\steam_api64.dll
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file E:\Games\Endless Legend\steam_api64.dll
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:38:57.432 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:38:57.433 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:42:50.436 >>> Virus 'Mal/VMProtBad-A' found in file E:\Games\pixel piracy\Pixel Piracy v0.5.0.6\steam_api.dll
2015-04-18 06:42:50.436 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:42:50.436 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:42:50.437 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:42:50.438 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:42:50.438 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:45:20.914 >>> Virus 'Mal/VMProtBad-A' found in file E:\Games\South Park The Stick of Truth\steam_api.dll
2015-04-18 06:45:20.914 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:45:20.914 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:45:20.914 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:45:20.915 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:45:20.916 >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 06:45:25.845 >>> Virus 'Mal/Generic-S' found in file E:\Games\South Park The Stick of Truth\winmm.dll
2015-04-18 06:45:25.845 >>> Virus 'Mal/Generic-S' found in file E:\Games\South Park The Stick of Truth\winmm.dll
2015-04-18 06:45:25.845 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:45:25.845 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 06:45:25.845 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 06:45:25.846 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 06:45:25.847 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 07:00:57.432 >>> Virus 'Troj/Agent-ABWY' found in file E:\Junk\vuze\Downloads\Sword.of.the.Stars.II.Enhanced.Edition-SKIDROW\Sword.of.the.Stars.II.Enhanced.Edition.Update.v2.0.24917.8-BAT\Crack\steam_api.dll
2015-04-18 07:00:57.432 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 07:00:57.432 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2015-04-18 07:00:57.432 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 07:00:57.432 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKU\S-1-5-21-1746808819-1131868553-3916776706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
2015-04-18 07:00:57.433 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
2015-04-18 07:00:57.434 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208
2015-04-18 07:00:57.434 >>> Virus 'Troj/Agent-ABWY' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208
2015-04-18 07:01:42.418 The following items will be cleaned up:
2015-04-18 07:01:42.418 Mal/Generic-S
2015-04-18 07:01:42.418 Mal/VMProtBad-A
2015-04-18 07:01:42.418 Mal/Obfus-D
2015-04-18 07:01:42.418 Troj/Agent-ABWY
2015-04-18 07:03:23.401 Threat 'Mal/Generic-S' has been cleaned up.
2015-04-18 07:03:23.401 File "C:\Windows\SysWOW64\netdolst.dll" belongs to malware 'Mal/Generic-S'.
2015-04-18 07:03:23.401 File "C:\Windows\SysWOW64\netdolst.dll" has been cleaned up.
2015-04-18 07:03:23.401 File "E:\Games\Endless Legend\steam_api64.dll" belongs to malware 'Mal/Generic-S'.
2015-04-18 07:03:23.401 File "E:\Games\Endless Legend\steam_api64.dll" has been cleaned up.
2015-04-18 07:03:23.401 File "E:\Games\South Park The Stick of Truth\winmm.dll" belongs to malware 'Mal/Generic-S'.
2015-04-18 07:03:23.401 File "E:\Games\South Park The Stick of Truth\winmm.dll" has been cleaned up.
2015-04-18 07:03:23.401 Removal successful
2015-04-18 07:03:35.524 Threat 'Mal/VMProtBad-A' has been cleaned up.
2015-04-18 07:03:35.524 File "E:\Games\Caesar\Hegemony Rome The Rise of Caesar\x86\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-04-18 07:03:35.524 File "E:\Games\Caesar\Hegemony Rome The Rise of Caesar\x86\steam_api.dll" has been cleaned up.
2015-04-18 07:03:35.524 File "E:\Games\Cosmonautica v1.09\bin\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-04-18 07:03:35.524 File "E:\Games\Cosmonautica v1.09\bin\steam_api.dll" has been cleaned up.
2015-04-18 07:03:35.524 File "E:\Games\pixel piracy\Pixel Piracy v0.5.0.6\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-04-18 07:03:35.524 File "E:\Games\pixel piracy\Pixel Piracy v0.5.0.6\steam_api.dll" has been cleaned up.
2015-04-18 07:03:35.524 File "E:\Games\South Park The Stick of Truth\steam_api.dll" belongs to malware 'Mal/VMProtBad-A'.
2015-04-18 07:03:35.524 File "E:\Games\South Park The Stick of Truth\steam_api.dll" has been cleaned up.
2015-04-18 07:03:35.524 Removal successful
2015-04-18 07:03:37.629 Threat 'Mal/Obfus-D' has been cleaned up.
2015-04-18 07:03:37.629 File "E:\Games\Cities XL 2011\rld.dll" belongs to malware 'Mal/Obfus-D'.
2015-04-18 07:03:37.629 File "E:\Games\Cities XL 2011\rld.dll" has been cleaned up.
2015-04-18 07:03:37.629 Removal successful
2015-04-18 07:03:39.849 Threat 'Troj/Agent-ABWY' has been cleaned up.
2015-04-18 07:03:39.849 File "E:\Junk\vuze\Downloads\Sword.of.the.Stars.II.Enhanced.Edition-SKIDROW\Sword.of.the.Stars.II.Enhanced.Edition.Update.v2.0.24917.8-BAT\Crack\steam_api.dll" belongs to 'Troj/Agent-ABWY'.
2015-04-18 07:03:39.849 File "E:\Junk\vuze\Downloads\Sword.of.the.Stars.II.Enhanced.Edition-SKIDROW\Sword.of.the.Stars.II.Enhanced.Edition.Update.v2.0.24917.8-BAT\Crack\steam_api.dll" has been cleaned up.
2015-04-18 07:03:39.849 Removal successful
2015-04-18 07:03:39.864 Contents of SafeClean bin directory:
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000001",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "C:\Windows\SysWOW64\",
2015-04-18 07:03:39.864    FileName   : "netdolst.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/Generic-S",
2015-04-18 07:03:39.864    Checksum   : "894cd34b2e4048eb8e46b62d0cda37ac2207abd9691075b035d66aa408eebe4a",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:09 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000002",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\Endless Legend\",
2015-04-18 07:03:39.864    FileName   : "steam_api64.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/Generic-S",
2015-04-18 07:03:39.864    Checksum   : "6425c16b9094256783b02495a2274d7492ec0ff6debe3e4b3737aef2aaaaa20c",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:09 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000003",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\South Park The Stick of Truth\",
2015-04-18 07:03:39.864    FileName   : "winmm.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/Generic-S",
2015-04-18 07:03:39.864    Checksum   : "dc945be7ea71e1228afa7d42926e5f06c92b731ac85d149a23fdd8e8056f37a7",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:09 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000004",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\Caesar\Hegemony Rome The Rise of Caesar\x86\",
2015-04-18 07:03:39.864    FileName   : "steam_api.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/VMProtBad-A",
2015-04-18 07:03:39.864    Checksum   : "e5ba9e12d9b6510ea6ad44521ee04c32736c9b9e1f642a82917fcb201668db89",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:23 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000005",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\Cosmonautica v1.09\bin\",
2015-04-18 07:03:39.864    FileName   : "steam_api.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/VMProtBad-A",
2015-04-18 07:03:39.864    Checksum   : "9badfa13f16183a546c9adeb28c75e6fd0ef9173d9af6ebe6cb91f8087d83749",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:23 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000006",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\pixel piracy\Pixel Piracy v0.5.0.6\",
2015-04-18 07:03:39.864    FileName   : "steam_api.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/VMProtBad-A",
2015-04-18 07:03:39.864    Checksum   : "310c529f1f207bd3197e8baaf5e20a5f1d82a82ca53f17dd7ad3a133b0894518",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:23 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.864    RecordID   : "0000000000000007",
2015-04-18 07:03:39.864    ItemType   : "1",
2015-04-18 07:03:39.864    Location   : "E:\Games\South Park The Stick of Truth\",
2015-04-18 07:03:39.864    FileName   : "steam_api.dll",
2015-04-18 07:03:39.864    ThreatName : "Mal/VMProtBad-A",
2015-04-18 07:03:39.864    Checksum   : "845a9f07a7d86e3970413d67d936b02dd43fbbbc6e642ef409558d97a1f01e6a",
2015-04-18 07:03:39.864    TimeStamp  : "Sat Apr 18 00:03:23 2015"
2015-04-18 07:03:39.864 }
2015-04-18 07:03:39.864 {
2015-04-18 07:03:39.869    RecordID   : "0000000000000008",
2015-04-18 07:03:39.869    ItemType   : "1",
2015-04-18 07:03:39.869    Location   : "E:\Games\Cities XL 2011\",
2015-04-18 07:03:39.869    FileName   : "rld.dll",
2015-04-18 07:03:39.869    ThreatName : "Mal/Obfus-D",
2015-04-18 07:03:39.869    Checksum   : "9516b733773c1aa6764b782c06e6fbbdabfe657fc7f30b178b5933b6052ee9d2",
2015-04-18 07:03:39.869    TimeStamp  : "Sat Apr 18 00:03:35 2015"
2015-04-18 07:03:39.869 }
2015-04-18 07:03:39.869 {
2015-04-18 07:03:39.869    RecordID   : "0000000000000009",
2015-04-18 07:03:39.869    ItemType   : "1",
2015-04-18 07:03:39.869    Location   : "E:\Junk\vuze\Downloads\Sword.of.the.Stars.II.Enhanced.Edition-SKIDROW\Sword.of.the.Stars.II.Enhanced.Edition.Update.v2.0.24917.8-BAT\Crack\",
2015-04-18 07:03:39.869    FileName   : "steam_api.dll",
2015-04-18 07:03:39.869    ThreatName : "Troj/Agent-ABWY",
2015-04-18 07:03:39.869    Checksum   : "088c5adc5f4305562bafecd31059e0559f7ace36855642ab8e7144c445ca888d",
2015-04-18 07:03:39.869    TimeStamp  : "Sat Apr 18 00:03:37 2015"
2015-04-18 07:03:39.869 }
2015-04-18 07:03:40.329 Error level 0
 
2015-04-18 07:04:01.292 Scan completed.
2015-04-18 07:04:01.292


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:25 PM

Posted 18 April 2015 - 07:36 PM

p22002970.gif Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

 

p22002970.gif Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

 

===============================

 

Your computer is clean p3879546.jpg

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download 51a5ce45263de-delfix.pngDelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly ((you need to redownload these tools since they were removed by DelFix))

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry3187642


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users