Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Windows services.exe" trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 SergeantVau

SergeantVau

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 March 2016 - 04:48 PM

Avast found a trojan the last time it scanned my computer. It could not get rid of it, saying it was read only. I ran adwcleaner, but when my pc rebooted, I couldn't connect to the internet with anything except Internet Explorer 64-bit. I posted on here and was told to run winsock repair. That fixed the connectivity issues, but the trojan remains. And I can't get the windows firewall to work. I have a screenshot of the avast message, a link to the original thread, and FRST logs.

http://www.bleepingcomputer.com/forums/t/608466/only-internet-explorer-64-bit-connects-online/

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Lord Robert (administrator) on IG-88 (23-03-2016 17:20:52)
Running from C:\Users\Lord Robert\Desktop\things
Loaded Profiles: Lord Robert (Available Profiles: Lord Robert)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_182_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-26] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2010-02-24] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-26] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-19] (AVAST Software)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\igfxcui:
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0x00000000
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoDesktop] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoInternetIcon] 0
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoNetHood] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\Run: [Spotify] => "C:\Users\Lord Robert\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\MountPoints2: {af8fdca3-6eab-11e5-8923-00027222ab86} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Lord Robert\AppData\Local\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\n. ATTENTION
HKU\S-1-5-18\...\Policies\system: [NoAdminPage] 0
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-10] (AVAST Software)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2011-07-14]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series.lnk [2016-03-23]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll No File
Winsock: Catalog9 02 mswsock.dll No File
Winsock: Catalog9 03 mswsock.dll No File
Winsock: Catalog9 04 mswsock.dll No File
Winsock: Catalog9 05 mswsock.dll No File
Winsock: Catalog9 06 mswsock.dll No File
Winsock: Catalog9 07 mswsock.dll No File
Winsock: Catalog9 08 mswsock.dll No File
Winsock: Catalog9 09 mswsock.dll No File
Winsock: Catalog9 10 mswsock.dll No File
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll No File
Winsock: Catalog9-x64 02 mswsock.dll No File
Winsock: Catalog9-x64 03 mswsock.dll No File
Winsock: Catalog9-x64 04 mswsock.dll No File
Winsock: Catalog9-x64 05 mswsock.dll No File
Winsock: Catalog9-x64 06 mswsock.dll No File
Winsock: Catalog9-x64 07 mswsock.dll No File
Winsock: Catalog9-x64 08 mswsock.dll No File
Winsock: Catalog9-x64 09 mswsock.dll No File
Winsock: Catalog9-x64 10 mswsock.dll No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{A835D294-AF94-4EDD-9DDE-54D1FE9FBD57}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{DE369CAE-449A-4C64-9231-374D09CFCE5E}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1174955219-694782196-2918772750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1174955219-694782196-2918772750-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1174955219-694782196-2918772750-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-10] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-10] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-04-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-04-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2012-04-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2012-04-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lord Robert\AppData\Roaming\Mozilla\Firefox\Profiles\tycxbfmt.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://en.wikipedia.org/wiki/Main_Page
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll [2012-09-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1174955219-694782196-2918772750-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Extension: Flashblock - C:\Users\Lord Robert\AppData\Roaming\Mozilla\Firefox\Profiles\tycxbfmt.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-03]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-15] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-10]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-05-12] (BioWare)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1616440 2015-11-15] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-09] (GOG.com)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 17:20 - 2016-03-23 17:20 - 00000000 ____D C:\FRST
2016-03-23 12:06 - 2016-03-23 12:06 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\Doublefine
2016-03-23 12:01 - 2016-03-23 17:20 - 00000000 ____D C:\Users\Lord Robert\Desktop\things
2016-03-23 11:48 - 2016-03-23 11:48 - 00008496 _____ C:\Users\Lord Robert\.recently-used.xbel
2016-03-23 11:46 - 2016-03-23 11:46 - 00003042 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458747978
2016-03-23 11:46 - 2016-03-23 11:46 - 00001041 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-03-23 11:46 - 2016-03-23 11:46 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-23 11:46 - 2016-03-23 11:45 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-03-23 11:25 - 2016-03-23 11:25 - 00053248 _____ C:\Windows\SysWOW64\zlib.dll
2016-03-23 11:25 - 2016-03-23 11:25 - 00000000 ____D C:\Support
2016-03-23 02:10 - 2016-03-23 02:10 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-23 02:10 - 2016-03-23 02:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-23 02:10 - 2016-03-23 02:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-22 17:36 - 2016-03-22 17:36 - 00705024 _____ C:\Users\Lord Robert\Desktop\FreeISOBurner.exe
2016-03-22 17:26 - 2016-03-22 17:26 - 00000000 _____ C:\asdsetup.exe
2016-03-22 17:14 - 2016-03-22 17:14 - 56885248 _____ C:\Windows\system32\config\software.bhv
2016-03-22 17:14 - 2016-03-22 17:14 - 21757952 _____ C:\Windows\system32\config\system.bhv
2016-03-22 17:14 - 2016-03-22 17:14 - 00524288 _____ C:\Windows\system32\config\default.bhv
2016-03-22 17:14 - 2016-03-22 17:14 - 00262144 _____ C:\Windows\system32\config\security.bhv
2016-03-22 17:14 - 2016-03-22 17:14 - 00262144 _____ C:\Windows\system32\config\sam.bhv
2016-03-22 15:22 - 2016-03-22 18:01 - 00000000 ____D C:\RescueCD Logs
2016-03-20 20:03 - 2016-03-23 17:08 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-20 20:03 - 2016-03-23 11:30 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-20 20:03 - 2016-03-20 20:03 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-20 20:03 - 2016-03-20 20:03 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-20 20:03 - 2016-03-20 20:03 - 00000000 ____D C:\Users\Lord Robert\AppData\Local\Google
2016-03-20 20:03 - 2016-03-20 20:03 - 00000000 ____D C:\Users\Lord Robert\AppData\Local\Deployment
2016-03-20 20:03 - 2016-03-20 20:03 - 00000000 ____D C:\Users\Lord Robert\AppData\Local\Apps\2.0
2016-03-20 20:03 - 2016-03-20 20:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-20 16:31 - 2016-03-20 16:14 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-20 16:14 - 2016-03-20 16:28 - 00000000 ____D C:\zoek_backup
2016-03-15 19:51 - 2016-03-15 19:52 - 01098961 _____ (Igor Pavlov) C:\Users\Lord Robert\Downloads\7z1514.exe
2016-03-15 19:48 - 2016-03-15 19:48 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-15 19:48 - 2016-03-15 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-15 19:48 - 2016-03-15 19:48 - 00000000 ____D C:\Program Files\WinRAR
2016-03-15 19:47 - 2016-03-15 19:47 - 01992496 _____ C:\Users\Lord Robert\Downloads\winrar-x64-531.exe
2016-03-05 18:04 - 2016-03-05 18:13 - 00000000 ____D C:\Users\Lord Robert\Documents\SEGA Genesis Classics
2016-03-03 20:32 - 2016-03-03 20:32 - 00000000 ____D C:\Users\Lord Robert\AppData\LocalLow\Daedalic Entertainment GmbH

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 17:09 - 2013-05-05 15:05 - 00000000 ____D C:\Users\Lord Robert\Desktop\Gaming
2016-03-23 16:57 - 2012-03-31 12:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-23 13:08 - 2009-07-14 01:13 - 00781124 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-23 13:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-23 12:08 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-23 12:06 - 2013-04-19 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-03-23 12:05 - 2013-04-27 14:06 - 00000000 ____D C:\GOG Games
2016-03-23 12:03 - 2013-04-19 16:24 - 00000000 ____D C:\Users\Lord Robert\Documents\GOG.com Downloads
2016-03-23 11:51 - 2013-02-18 15:00 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-23 11:49 - 2011-07-09 02:01 - 00000000 ____D C:\Users\Lord Robert\.gimp-2.6
2016-03-23 11:48 - 2011-07-12 15:22 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\gtk-2.0
2016-03-23 11:48 - 2011-07-05 03:14 - 00000000 ____D C:\Users\Lord Robert
2016-03-23 11:46 - 2012-08-25 14:22 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-23 11:45 - 2011-07-05 16:07 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-23 11:45 - 2011-07-05 16:07 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-23 11:37 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-23 11:37 - 2009-07-14 00:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-23 11:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-23 02:07 - 2016-02-14 13:37 - 00000000 ____D C:\Users\Lord Robert\Desktop\Mozilla Firefox
2016-03-22 23:27 - 2015-02-14 13:18 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\CDisplayEx
2016-03-21 18:51 - 2011-07-20 14:47 - 01333128 _____ C:\Windows\ntbtlog.txt
2016-03-21 18:38 - 2015-11-16 02:37 - 00002079 _____ C:\Users\Lord Robert\Desktop\Avast Free Antivirus.lnk
2016-03-20 23:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-20 23:50 - 2011-08-17 11:34 - 00000000 ____D C:\Users\Lord Robert\AppData\Local\ElevatedDiagnostics
2016-03-17 00:47 - 2012-03-20 19:00 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\uTorrent
2016-03-16 23:24 - 2012-11-08 20:24 - 00000000 ____D C:\Users\Lord Robert\AppData\Roaming\vlc
2016-03-16 11:06 - 2009-07-14 01:08 - 00032544 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-13 17:04 - 2016-02-16 15:06 - 00000000 ____D C:\Users\Lord Robert\Desktop\ebay
2016-03-12 00:16 - 2016-01-11 02:36 - 00000000 ____D C:\Users\Lord Robert\Desktop\sterwers
2016-03-11 19:59 - 2012-03-31 12:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 19:58 - 2012-03-31 12:00 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 19:58 - 2011-07-06 22:48 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 13:09 - 2015-12-22 14:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 15:05 - 2016-02-10 00:11 - 00000000 ____D C:\Users\Lord Robert\Downloads\Fallout Tactics-GOG
2016-03-09 13:23 - 2011-07-05 16:07 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-03-09 13:23 - 2011-07-05 16:07 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-03-03 20:47 - 2011-08-29 13:26 - 00000000 ____D C:\Users\Lord Robert\Documents\My Games
2016-02-28 21:43 - 2015-06-10 18:31 - 00000000 ___RD C:\Users\Lord Robert\Desktop\Tabletop Games
2016-02-23 13:18 - 2011-07-05 16:07 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2013-05-07 15:48 - 2013-05-07 15:48 - 0000580 _____ () C:\Users\Lord Robert\AppData\Local\cookies.ini
2011-08-05 00:10 - 2011-08-05 00:10 - 0000099 _____ () C:\Users\Lord Robert\AppData\Local\fusioncache.dat
2014-03-10 17:46 - 2014-03-10 17:46 - 0007609 _____ () C:\Users\Lord Robert\AppData\Local\Resmon.ResmonCfg
2014-05-28 16:55 - 2014-05-28 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-03-23 05:19 - 2011-03-23 05:22 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
2011-07-07 00:26 - 2011-07-07 00:28 - 0000306 _____ () C:\ProgramData\hpzinstall.log
2013-07-22 18:07 - 2013-07-22 18:09 - 0000090 _____ () C:\ProgramData\PS.log

ZeroAccess:
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\@
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\U\trz28D1.tmp
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\U\trz3792.tmp
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\U\trzF2F5.tmp
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\U\trzF386.tmp
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\U\trzF551.tmp
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\00000004.@
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\1afb2d56
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\201d3dde
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\4cce1f70
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\55490ac4
C:\Windows\Installer\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\L\76603ac3

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-20 01:26

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Lord Robert (2016-03-23 17:21:30)
Running from C:\Users\Lord Robert\Desktop\things
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-05 07:14:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1174955219-694782196-2918772750-500 - Administrator - Disabled)
Guest (S-1-5-21-1174955219-694782196-2918772750-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1174955219-694782196-2918772750-1002 - Limited - Enabled)
Lord Robert (S-1-5-21-1174955219-694782196-2918772750-1001 - Administrator - Enabled) => C:\Users\Lord Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1174955219-694782196-2918772750-1001\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
1954 Alcatraz (HKLM-x32\...\GOGPACK1954ALCATRAZ_is1) (Version: 2.0.0.2 - GOG.com)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Age of Booty (HKLM-x32\...\Steam App 21600) (Version:  - Certain Affinity)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Angry Video Game Nerd Adventures (HKLM-x32\...\Steam App 237740) (Version:  - FreakZone Games)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Aqua Kitty - Milk Mine Defender (HKLM-x32\...\GOGPACKAQUAKITTYMMD_is1) (Version: 2.3.0.5 - GOG.com)
Army Builder 3.4 (HKLM-x32\...\{43867B63-C464-4570-823D-D92DC08E3400}_is1) (Version: 3.4 - Lone Wolf Development, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.1.2253 - AVAST Software)
Back to the Future - The Game (HKLM-x32\...\1207659097_is1) (Version: 2.1.0.5 - GOG.com)
Baldur's Gate -  The Original Saga (HKLM-x32\...\GOGPACKBALDURSGATE1_is1) (Version: 2.0.0.20 - GOG.com)
Baldur's Gate 2 Complete (HKLM-x32\...\GOGPACKBALDURSGATE2_is1) (Version: 2.0.0.12 - GOG.com)
Bastion (HKLM-x32\...\1423058311_is1) (Version: 2.0.0.6 - GOG.com)
Beneath a Steel Sky (HKLM-x32\...\GOGPACKBENEATH_is1) (Version: 2.0.0.9 - GOG.com)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braveland (HKLM-x32\...\GOGPACKBRAVELAND_is1) (Version: 2.1.0.3 - GOG.com)
calibre (HKLM-x32\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal)
Capsule (HKLM-x32\...\Capsule) (Version: 1.0.000 - Green Man Gaming Limited)
CastleStorm (HKLM-x32\...\Steam App 241410) (Version:  - Zen Studios)
CDisplayEx 1.10.29 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Chaos on Deponia (HKLM-x32\...\1207659124_is1) (Version: 2.2.0.7 - GOG.com)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Curse Of Monkey Island (HKLM-x32\...\bgbennyboyCMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daggerfall (HKLM-x32\...\{75118CF3-44B5-411A-B3DD-C10432217693}) (Version: 1.00.0000 - Bethesda Softworks)
Day of the Tentacle Remastered (HKLM-x32\...\1456922969_is1) (Version: 2.0.0.4 - GOG.com)
Demon Stone (HKLM-x32\...\GOGPACKDEMONSTONE_is1) (Version: 2.0.0.9 - GOG.com)
Deponia (HKLM-x32\...\GOGPACKDEPONIA_is1) (Version: 2.1.0.7 - GOG.com)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeons and Dragons - Dragonshard (HKLM-x32\...\GOGPACKDNDDRAGONSHARD_is1) (Version: 2.0.0.10 - GOG.com)
Escape From Monkey Island (HKLM-x32\...\bgbennyboyEMIReplacementSetup_is1) (Version: 1.0 - Quick and Easy Software)
Far Cry 2 Fortune's Edition (HKLM-x32\...\GOGPACKFARCRY2_is1) (Version: 2.0.0.8 - GOG.com)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Goodbye Deponia (HKLM-x32\...\1207660233_is1) (Version: 2.1.0.10 - GOG.com)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I Have No Mouth, and I Must Scream (HKLM-x32\...\GOGPACKIHAVENOMOUTH_is1) (Version: 2.0.0.7 - GOG.com)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Icewind Dale Complete (HKLM-x32\...\GOGPACKICEWINDDALE1_is1) (Version: 2.0.0.11 - GOG.com)
Icewind Dale II (HKLM-x32\...\GOGPACKICEWINDDALE2_is1) (Version: 2.0.0.11 - GOG.com)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Indiana Jones and the Fate of Atlantis (HKLM-x32\...\Steam App 6010) (Version:  - LucasArts)
Indiana Jones and the Last Crusade (HKLM-x32\...\Steam App 32310) (Version:  - LucasArts)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Ittle Dew (HKLM-x32\...\GOGPACKITTLEDEW_is1) (Version: 2.0.0.3 - GOG.com)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lone Survivor - The Director's Cut (HKLM-x32\...\GOGPACKLONESURVIVORDC_is1) (Version: 2.0.0.2 - GOG.com)
Loom (HKLM-x32\...\Steam App 32340) (Version:  - LucasArts)
Machinarium (HKLM-x32\...\GOGPACKMACHINARIUM_is1) (Version: 2.0.0.6 - GOG.com)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.48.2 - Black Tree Gaming)
NOT A HERO (HKLM-x32\...\Steam App 274270) (Version:  - Roll7)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Octodad - Dadliest Catch (HKLM-x32\...\1207660553_is1) (Version: 2.2.0.9 - GOG.com)
Octodad (HKLM-x32\...\Octodad) (Version:  - )
On the Rain-Slick Precipice of Darkness, Episode Two (HKLM-x32\...\On the Rain-Slick Precipice of Darkness, Episode Two) (Version: 1.00  - Hothead Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Overlord and Overlord -  Raising Hell (HKLM-x32\...\GOGPACKOVERLORDPACK_is1) (Version: 2.0.1.10 - GOG.com)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
PixelJunk Monsters HD (HKLM-x32\...\1207659883_is1) (Version: 2.1.0.6 - GOG.com)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version:  - PopCap)
Plastic Beach Carousel Screen Saver (HKLM-x32\...\Plastic Beach Carousel) (Version:  - )
Plastic Beach Swimming Screen Saver (HKLM-x32\...\Plastic Beach Swimming) (Version:  - )
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts (HKLM-x32\...\Psychonauts_is1) (Version:  - GOG.com)
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version:  - Airtight Games)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
Retro City Rampage (HKLM-x32\...\1207659049_is1) (Version: 2.14.0.30 - GOG.com)
Reus (HKLM-x32\...\GOGPACKREUS_is1) (Version: 2.2.0.15 - GOG.com)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.2.0.10 - GOG.com)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Sam and Max Beyond Space and Time (HKLM-x32\...\Sam and Max Beyond Space and Time_is1) (Version:  - GOG.com)
Sam and Max Save the World (HKLM-x32\...\Sam and Max Save the World_is1) (Version:  - GOG.com)
Sam and Max The - Devil's Playhouse (HKLM-x32\...\Sam and Max The - Devil's Playhouse_is1) (Version:  - GOG.com)
Sang-Froid -  A tale of werewolves (HKLM-x32\...\GOGPACKSANGFROIDTALEWEREWOLVES_is1) (Version: 2.0.0.4 - GOG.com)
ScummVM 1.4.1 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Shadowrun Returns (HKLM-x32\...\GOGPACKSHADOWRUNRETURNS_is1) (Version: 2.2.0.10 - GOG.com)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.11.0.18 - GOG.com)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis)
Spelunky (HKLM-x32\...\GOGPACKSPELUNKY_is1) (Version: 2.0.0.6 - GOG.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version:  - LucasArts)
Star Wars - Jedi Knight: Mysteries of the Sith (HKLM-x32\...\Steam App 32390) (Version:  - )
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Empire at War Forces of Corruption (HKLM-x32\...\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight: Dark Forces II (HKLM-x32\...\Steam App 32380) (Version:  - )
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version:  - LucasArts)
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version:  - )
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - LucasArts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\GOGPACKSTEAMWORLDDIG_is1) (Version: 2.1.0.3 - GOG.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tales From Space - Mutant Blobs Attack (HKLM-x32\...\GOGPACKMUTANTBLOBSATTACK_is1) (Version: 2.0.0.2 - GOG.com)
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal (HKLM-x32\...\Steam App 31170) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay  (HKLM-x32\...\Steam App 31180) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 3 - Lair of the Leviathan  (HKLM-x32\...\Steam App 31190) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 4 - The Trial and Execution of Guybrush Threepwood  (HKLM-x32\...\Steam App 31200) (Version:  - Telltale Games)
Tales of Monkey Island: Chapter 5 - Rise of the Pirate God (HKLM-x32\...\Steam App 31210) (Version:  - Telltale Games)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
Teslagrad (HKLM-x32\...\GOGPACKTESLAGRAD_is1) (Version: 2.0.0.3 - GOG.com)
The Adventures of Shuggy (HKLM-x32\...\1207659763_is1) (Version: 2.1.0.8 - GOG.com)
The Banner Saga (HKLM-x32\...\1207660483_is1) (Version: 2.2.0.4 - GOG.com)
The Book of Unwritten Tales -  Critter Chronicles (HKLM-x32\...\GOGPACKBOOKOFUNWRITTENTALESCRITTER_is1) (Version: 2.0.0.6 - GOG.com)
The Book of Unwritten Tales (HKLM-x32\...\GOGPACKBOUT_is1) (Version: 2.0.0.4 - GOG.com)
The Dig (HKLM-x32\...\Steam App 6040) (Version:  - LucasArts)
The Elder Scrolls Arena (HKLM-x32\...\{62E2BBFA-BE97-42CD-AE89-A4EEF7F36992}) (Version: 1.00.0000 - Bethesda Softworks)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Expendabros (HKLM-x32\...\Steam App 312990) (Version:  - Free Lives)
The Inner World (HKLM-x32\...\GOGPACKTHEINNERWORLD_is1) (Version: 2.0.0.2 - GOG.com)
The Swapper (HKLM-x32\...\GOGPACKTHESWAPPER_is1) (Version: 2.0.0.2 - GOG.com)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - )
Unholy Heights (HKLM-x32\...\1207661823_is1) (Version: 2.1.0.17 - GOG.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VTech Download Agent Library (x32 Version: 1.00.0000 - VTech) Hidden
Waking Mars (HKLM-x32\...\GOGPACKWAKINGMARS_is1) (Version: 2.0.0.3 - GOG.com)
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM-x32\...\Steam App 4580) (Version:  - Relic)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinX Free AVI to MP4 Converter 4.1.1 (HKLM-x32\...\WinX Free AVI to MP4 Converter_is1) (Version:  - Digiarty Software,Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1174955219-694782196-2918772750-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Users\Lord Robert\AppData\Local\{93f3aa60-bf95-328b-68a1-311c909f1bd7}\n. => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {161F266F-1498-44A1-BC38-8B842C567AEB} - System32\Tasks\{079AB151-40C8-4C28-BFF3-B132CA095C99} => pcalua.exe -a "C:\GOG Games\Baldur's Gate 2\setup-bgt.exe" -d "C:\GOG Games\Baldur's Gate 2"
Task: {2BD00364-0C12-4EB9-8176-BB7CCC65047A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.)
Task: {2F766E98-086B-4E14-B619-EDC769FDE111} - System32\Tasks\SafeZone scheduled Autoupdate 1458747978 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {34D55B20-A259-404D-AEC8-F426E1A77134} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-10] (AVAST Software)
Task: {37141702-8F70-4B25-9D81-EAEECD1BB5ED} - System32\Tasks\{ED5AD045-E0B4-4A58-973E-0070C82519A8} => pcalua.exe -a "C:\GOG Games\Baldur's Gate\setup-bg1ub.exe" -d "C:\GOG Games\Baldur's Gate"
Task: {3FAD2837-BE59-4C8D-A81C-1BB73C0B973C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)
Task: {47FE9833-CEB3-4D10-9AB7-476BA85BAFA4} - System32\Tasks\{1FAD1210-F465-4703-9BA9-96B2689B8C71} => pcalua.exe -a D:\setup.exe -d D:\
Task: {53AA1752-1296-4CBA-8E37-7824B0C75515} - System32\Tasks\{5BE20000-CCB6-4942-9415-70FA2EAF9401} => pcalua.exe -a C:\Users\LORDRO~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {570A7B95-ADA4-460C-AE23-8804ABDA2F07} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {59D16EA1-6D2F-490E-90FD-05D40D43A046} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6726466B-C07F-414E-BC39-9415A50E6D31} - System32\Tasks\HP Officejet 4620 series.exe_{A839F83C-83CA-4B8E-A442-521229710E96} => C:\Program Files\HP\HP Officejet 4620 series\Bin\HP Officejet 4620 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {69FAE320-335F-4DD7-A0B2-80B34D5C4CFC} - System32\Tasks\{FF82A5E6-ACB0-4DCE-A960-585DC6A65BDF} => pcalua.exe -a "C:\Users\Lord Robert\Documents\GOG.com Downloads\baldurs_gate_the_original_saga\widescreen-v3.05.exe" -d "C:\Users\Lord Robert\Documents\GOG.com Downloads\baldurs_gate_the_original_saga"
Task: {7629F835-F985-4E02-B8A2-DB469DD2542D} - System32\Tasks\{7C1E5AE4-1A6B-47AE-A37C-081B467744EB} => pcalua.exe -a "C:\GOG Games\Baldur's Gate 2\setup-bgtmusic.exe" -d "C:\GOG Games\Baldur's Gate 2"
Task: {7B31A7A4-51CE-4BB3-91E6-765FC41C379A} - System32\Tasks\{1420323D-BC2E-4633-803F-925A424F7987} => pcalua.exe -a "C:\Users\Lord Robert\Downloads\realtek_lan_5782_03212011\PCIE_Install_5782_03212011\setup.exe" -d "C:\Users\Lord Robert\Downloads\realtek_lan_5782_03212011\PCIE_Install_5782_03212011" -c -s
Task: {7EC45343-2135-4EB8-BAE4-8070EA876612} - System32\Tasks\{FC676F26-CED4-43A1-A75C-6C94A3215839} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/629
Task: {93205BB4-A99E-437D-B209-639963C64781} - System32\Tasks\{95990C61-60EC-44CC-B70A-4903D7902D21} => pcalua.exe -a "C:\Program Files (x86)\4Media\iPod to PC Transfer\Uninstall.exe"
Task: {C5DFE19A-01A2-4594-A671-77E744C3202E} - System32\Tasks\{DA9F099E-DFDE-4A11-8A87-B92E9048AFAF} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/9320
Task: {C63C5C6B-8B75-4112-B7C1-27058F11E409} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-20] (Google Inc.)
Task: {DF2F298A-3E9F-4E7E-B326-54E94CBFED91} - System32\Tasks\{264A60F5-1D2E-496D-9063-426CF5EA6DED} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
Task: {EB7B86C3-CF7E-4721-BA99-27912BAFDD62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Daggerfall\Launch Daggerfall (Full Screen).lnk -> C:\Program Files (x86)\Bethesda Softworks\daggerfall\Daggerfall (Full Screen).bat ()
Shortcut: C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Daggerfall\Launch Daggerfall (Windowed).lnk -> C:\Program Files (x86)\Bethesda Softworks\daggerfall\Daggerfall (Windowed).bat ()
Shortcut: C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Arena\Launch Arena (Full Screen).lnk -> C:\Program Files (x86)\Bethesda Softworks\Arena\Arena (Full Screen).bat ()
Shortcut: C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks\Arena\Launch Arena (Windowed).lnk -> C:\Program Files (x86)\Bethesda Softworks\Arena\Arena (Windowed).bat ()

==================== Loaded Modules (Whitelisted) ==============

2011-09-08 12:50 - 2010-11-20 09:27 - 00326144 _____ () C:\Windows\system32\mswsock.dll
2011-09-08 12:50 - 2010-11-20 09:27 - 00326144 _____ () C:\Windows\system32\MSWSOCK.dll
2010-07-29 19:39 - 2010-07-29 19:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-08 12:27 - 2011-09-08 12:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-12-13 22:19 - 2009-12-09 05:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2016-02-10 00:05 - 2016-02-10 00:05 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-10 00:05 - 2016-02-10 00:05 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-23 11:28 - 2016-03-23 11:28 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032301\algo.dll
2016-02-10 00:05 - 2016-02-10 00:05 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-23 17:10 - 2016-03-23 17:10 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032302\algo.dll
2015-12-09 02:06 - 2015-12-09 02:06 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-10 11:49 - 2012-05-10 11:49 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2010-12-08 22:37 - 2010-03-04 00:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1174955219-694782196-2918772750-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lord Robert\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McMPFSvc => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-03-2016 13:10:24 Scheduled Checkpoint
20-03-2016 15:31:19 Restore Operation
20-03-2016 16:18:44 zoek.exe restore point
23-03-2016 12:06:54 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
23-03-2016 12:07:36 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2016 11:50:40 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (03/23/2016 11:50:40 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (03/23/2016 01:58:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program gimp-2.6.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17f0

Start Time: 01d184c9009e348e

Termination Time: 0

Application Path: C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe

Report Id: 4f1a775f-f0bc-11e5-8fa4-1078d2e25f95

Error: (03/23/2016 12:16:14 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (03/23/2016 12:16:14 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (03/20/2016 09:19:55 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

Error: (03/20/2016 09:19:55 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\steam.exe

Error: (03/20/2016 08:37:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 8.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 930

Start Time: 01d182ff65fd5d23

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: fe7d0416-eefc-11e5-99c2-1078d2e25f95

Error: (03/20/2016 03:38:43 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Scheduled Checkpoint).

Error: (03/20/2016 03:11:44 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

System errors:
=============
Error: (03/23/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/23/2016 05:09:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/23/2016 02:46:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/23/2016 02:46:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/23/2016 11:31:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/23/2016 11:31:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/23/2016 11:30:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/23/2016 11:30:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (03/23/2016 11:30:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/23/2016 11:30:22 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 33%
Total physical RAM: 6071.07 MB
Available physical RAM: 4022.34 MB
Total Virtual: 12140.34 MB
Available Virtual: 10024.5 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:913.41 GB) (Free:287.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7B82802)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=913.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Thank you for the help.

Attached Files



BC AdBot (Login to Remove)

 


#2 SergeantVau

SergeantVau
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 March 2016 - 04:56 PM

It seems I accidently posted this twice. I kept getting a message saying the server timed out. I thought it didn't go through, but I guess it did.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:27 PM

Posted 23 March 2016 - 09:18 PM

Duplicate post being handled at http://www.bleepingcomputer.com/forums/t/608780/infected-with-windows-servicesexe-trojan
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:27 PM

Posted 23 March 2016 - 09:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users