TechSpot

Computer With Ad Audio Virus/Malware

By JayDiggles
Feb 26, 2015
  1. I currently have a Windows 7 home built Desktop. Recently I noticed every oh so many minutes I would get the audio for a commercial from my computer. This audio is not associated with any program I'm running as I have restarted my computer and left it without opening anything to see if it would play and it has.

    I read the post before mine about the gateway computer and it sounds like the same issue. Instead of just following those instructions I thought it would be better to follow my own set of instructions in case it was a different infection.

    Thank you for any help you can provide.
     
  2. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    I would like to make a correction, the thread I referenced was actual "Audio Ad Virus".
     
  3. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    DDS Attatch.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/17/2014 4:20:23 PM
    System Uptime: 2/26/2015 5:38:49 PM (1 hours ago)
    .
    Motherboard: MSI | | Z87 MPOWER (MS-7818)
    Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz | SOCKET 0 | 3501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 294.84 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 4.699 GiB free.
    E: is CDROM (CDFS)
    F: is CDROM (CDFS)
    G: is CDROM ()
    J: is FIXED (NTFS) - 932 GiB total, 723.366 GiB free.
    P: is FIXED (NTFS) - 466 GiB total, 465.657 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) Centrino(R) Wireless-N 2230
    Device ID: PCI\VEN_8086&DEV_0887&SUBSYS_40628086&REV_C4\4&187E92C2&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) Centrino(R) Wireless-N 2230
    PNP Device ID: PCI\VEN_8086&DEV_0887&SUBSYS_40628086&REV_C4\4&187E92C2&0&00E1
    Service: NETwNs64
    .
    ==== System Restore Points ===================
    .
    RP117: 1/31/2015 12:07:08 AM - Scheduled Checkpoint
    RP118: 2/8/2015 12:00:01 AM - Scheduled Checkpoint
    RP119: 2/12/2015 3:00:12 AM - Windows Update
    RP120: 2/13/2015 3:00:18 AM - Windows Update
    RP121: 2/21/2015 12:00:08 AM - Scheduled Checkpoint
    RP122: 2/21/2015 12:18:09 PM - Installed nXtRender_64
    RP123: 2/21/2015 12:20:03 PM - Installed Microsoft Visual C++ 2005 Redistributable (x64)
    RP124: 2/22/2015 3:46:51 PM - Checkpoint by HitmanPro
    RP125: 2/22/2015 3:47:24 PM - Checkpoint by HitmanPro
    RP127: 2/24/2015 6:10:48 PM - Installed RegHunter
    RP128: 2/24/2015 8:01:45 PM - Removed RegHunter
    RP129: 2/24/2015 8:03:26 PM - Removed Apple Application Support (64-bit)
    RP130: 2/24/2015 8:03:57 PM - Removed Apple Application Support (32-bit)
    RP131: 2/24/2015 8:07:22 PM - Removed Apple Mobile Device Support
    RP132: 2/24/2015 8:42:03 PM - Removed iTunes
    RP133: 2/24/2015 8:45:16 PM - Removed Bonjour
    RP134: 2/24/2015 8:45:52 PM - Removed Apple Software Update
    RP135: 2/26/2015 1:21:02 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Creative Cloud
    Adobe Flash Media Live Encoder 3.2
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Photoshop CC 2014
    Adobe Reader XI (11.0.10)
    Adobe Refresh Manager
    Asmedia ASM106x SATA Host Controller Driver
    ASUS GPU Tweak
    ASUS Product Register Program
    AutoCAD 2014 - English
    AutoCAD 2014 Language Pack - English
    Autodesk 360
    Autodesk App Manager
    Autodesk AutoCAD 2014 - English
    Autodesk Content Service
    Autodesk Content Service Language Pack
    Autodesk Featured Apps
    Autodesk Material Library 2014
    Autodesk Material Library Base Resolution Image Library 2014
    Autodesk ReCap
    Autodesk ReCap Language Pack-English
    Awesomenauts
    BitComet 1.37
    BitComet 1.37 64-bit
    ChromecastApp
    Direct OC
    FARO LS 1.1.501.0 (64bit)
    Google Update Helper
    GPUTweakStreaming
    Idle Crawler
    Intel(R) Management Engine Components
    Intel(R) PRO/Wireless Driver
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2)
    Intel(R) Smart Connect Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® PROSet/Wireless Software
    Intel® PROSet/Wireless WiFi Software
    Intel® Trusted Connect Service Client
    Itibiti RTC
    Java 8 Update 31
    Java 8 Update 31 (64-bit)
    Java Auto Updater
    Kaspersky PURE 3.0
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 4.5
    Microsoft Office Professional Plus 2013 - en-us
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Mozilla Firefox 36.0 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA 3D Vision Controller Driver 347.09
    NVIDIA 3D Vision Driver 347.52
    NVIDIA Control Panel 347.52
    NVIDIA GeForce Experience 2.2.2
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 347.52
    NVIDIA HD Audio Driver 1.3.33.0
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 17.12.8
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 17.12.8
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.27
    nXtRender_64
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Qualcomm Atheros Bandwidth Control Filter Driver
    Qualcomm Atheros Killer E220x Drivers
    Qualcomm Atheros Killer Network Manager Suite
    Qualcomm Atheros Network Manager
    Realtek High Definition Audio Driver
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
    Security Update for Microsoft .NET Framework 4.5 (KB2861208)
    Security Update for Microsoft .NET Framework 4.5 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5 (KB2898864)
    Security Update for Microsoft .NET Framework 4.5 (KB2901118)
    Security Update for Microsoft .NET Framework 4.5 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5 (KB2979578v2)
    SES Driver
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    SketchUp Import for AutoCAD 2014
    Skype Click to Call
    Skype™ 6.14
    Sound Blaster Cinema
    Spotify
    SpyHunter 4
    Steam
    SUABnR
    Super-Charger
    Timote
    VGA Boost
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
    WinZip 18.5
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/26/2015 5:40:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
    2/26/2015 5:40:20 PM, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/26/2015 2:22:46 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
    2/26/2015 1:42:41 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
    2/25/2015 7:01:00 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/25/2015 7:00:59 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/25/2015 7:00:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/25/2015 7:00:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/25/2015 7:00:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/25/2015 7:00:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/25/2015 7:00:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CSVirtualDiskDrv discache KLIF kneps spldr Wanarpv6
    2/25/2015 10:43:10 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    2/24/2015 8:03:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device Service service to connect.
    2/24/2015 8:03:53 PM, Error: Service Control Manager [7000] - The Apple Mobile Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  4. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    DDS.txt file
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17631 BrowserJavaVersion: 11.31.2
    Run by Jonathan at 18:08:15 on 2015-02-26
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24520.20138 [GMT -5:00]
    .
    AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\timote\timote.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uProxyOverride = <-loopback>
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
    uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    uRun: [Google Update] "C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [timote] "C:\Program Files (x86)\timote\timote.exe" C:\Program Files (x86)\timote\
    uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    uRun: [Spotify] "C:\Users\Jonathan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    uRun: [Spotify Web Helper] "C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
    dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KILLER~1.LNK - C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{18FAA3DF-3262-419E-B0D5-0A1AACE5418B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18FAA3DF-3262-419E-B0D5-0A1AACE5418B}\348627F6D6563616374723039303 : DHCPNameServer = 192.168.255.249
    TCP: Interfaces\{18FAA3DF-3262-419E-B0D5-0A1AACE5418B}\84F4D454D273345383 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{18FAA3DF-3262-419E-B0D5-0A1AACE5418B}\A4F6E6E414D616E64616 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{18FAA3DF-3262-419E-B0D5-0A1AACE5418B}\C496C60244574656 : DHCPNameServer = 192.168.255.249
    TCP: Interfaces\{38063C5F-0193-4981-B7B9-4389F703759E} : DHCPNameServer = 192.168.1.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
    x64-Run: [MBCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\MBCfg64.dll,RunDLLEntry MBCfg64
    x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\Users\Jonathan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-7-18 49048]
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2014-11-17 84536]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-4-17 20464]
    R1 BfLwf;Qualcomm Atheros Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2013-2-13 67888]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2014-11-17 66616]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 29792]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-11-11 54368]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-11-11 177864]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-10-3 1137016]
    R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-10-9 1689976]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-10-3 1157496]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-25 2711736]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-23 1148744]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 ISCTAgent;Intel(R) Smart Connect Technology Agent;C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-8-1 198120]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-4-17 169432]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2014-4-17 161776]
    R2 MSI_Trigger_Service;MSI_Trigger_Service;C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [2014-4-17 30240]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-27 1706312]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-17 21833544]
    R2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [2013-8-8 343040]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-2-23 1025920]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-2-11 410952]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-10-11 3671792]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-7-22 140600]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-10-18 1408824]
    R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2013-4-23 69088]
    R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-8-1 21408]
    R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-8-1 21920]
    R3 INETMON;INETMON;C:\Windows\System32\drivers\INETMON.sys [2014-4-17 29088]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-8-1 46568]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-4-17 368112]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-4-17 786416]
    R3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-3-20 154320]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-11-11 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-11-11 29280]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-26 129752]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2014-4-17 32344]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2014-4-17 13368]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-27 19784]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-17 38032]
    S2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-5-18 103064]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2015-2-23 15920]
    S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2015-2-23 22704]
    S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2014-9-22 1357104]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2015-2-22 43664]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-4-17 171632]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-11 114688]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-5-18 203672]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-17 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S4 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
    S4 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
    S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-10-11 284912]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2015-02-26 06:21:35 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE8F22F5-CAED-47FA-949F-E29D97D0C9D5}\mpengine.dll
    2015-02-25 21:35:56 -------- d-----w- C:\Users\Jonathan\AppData\Local\Spotify
    2015-02-25 21:35:44 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Spotify
    2015-02-25 01:01:56 -------- d-----w- C:\Windows\F94A63D79A61403B8F6F90B1BF77211A.TMP
    2015-02-24 23:08:03 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2015-02-23 22:30:58 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Enigma Software Group
    2015-02-23 22:30:52 -------- d-----w- C:\sh4ldr
    2015-02-23 22:30:40 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
    2015-02-23 22:30:37 -------- d-----w- C:\Program Files\Enigma Software Group
    2015-02-23 21:25:51 35064 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2015-02-23 21:25:49 -------- d-----w- C:\ProgramData\RogueKiller
    2015-02-23 00:04:20 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\SunScape
    2015-02-23 00:04:20 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\RPS
    2015-02-23 00:04:20 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\nXtRender
    2015-02-22 20:50:13 43664 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
    2015-02-22 19:43:55 -------- d-----w- C:\ProgramData\HitmanPro
    2015-02-22 19:39:52 -------- d-----w- C:\Users\Jonathan\AppData\Local\CrashRpt
    2015-02-22 15:41:17 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\lmaejkkt
    2015-02-22 15:38:42 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Opera Software
    2015-02-22 15:38:42 -------- d-----w- C:\Users\Jonathan\AppData\Local\Opera Software
    2015-02-22 15:37:21 -------- d-----w- C:\ProgramData\{673ac9b5-871c-e348-673a-ac9b587126d6}
    2015-02-22 15:37:12 -------- d-----w- C:\Users\Jonathan\AppData\Local\94326C2B-CE11-7E49-905D-D48F74805FB7
    2015-02-21 17:23:52 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Render Plus Systems
    2015-02-21 17:23:52 -------- d-----w- C:\ProgramData\Render Plus Systems
    2015-02-21 17:17:50 724992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2015-02-21 17:17:50 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2015-02-21 17:17:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2015-02-21 17:17:50 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2015-02-21 17:17:50 192512 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2015-02-21 17:17:50 -------- d-----w- C:\Program Files\AccuRender nXt
    2015-02-21 17:17:49 311428 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2015-02-21 17:17:49 184452 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2015-02-21 15:01:05 -------- d-----w- C:\Program Files (x86)\BitComet
    2015-02-20 23:06:29 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-02-17 21:55:00 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\timote
    2015-02-17 21:54:58 -------- d-----w- C:\Program Files (x86)\timote
    2015-02-13 03:57:39 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-02-13 03:57:39 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-02-13 03:57:38 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-02-13 03:57:38 6041600 ----a-w- C:\Windows\System32\jscript9.dll
    2015-02-11 21:42:14 621384 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2015-02-11 11:59:50 341504 ----a-w- C:\Windows\System32\schannel.dll
    2015-02-11 11:58:41 406528 ----a-w- C:\Windows\System32\scesrv.dll
    2015-02-11 11:58:41 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
    2015-02-11 11:58:38 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-02-11 11:58:38 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-02-11 11:58:38 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-02-11 11:58:37 503808 ----a-w- C:\Windows\System32\srcore.dll
    2015-02-11 11:58:37 50176 ----a-w- C:\Windows\System32\srclient.dll
    2015-02-11 11:58:37 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-02-11 11:58:37 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-02-11 11:58:22 3201536 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2015-02-26 23:07:30 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-02-26 00:45:44 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2015-02-26 00:45:17 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-17 09:50:05 177864 ----a-w- C:\Windows\System32\drivers\kneps.sys
    2015-02-05 19:07:08 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 19:07:08 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 19:07:04 6861128 ----a-w- C:\Windows\System32\nvcpl.dll
    2015-02-05 19:07:03 3517584 ----a-w- C:\Windows\System32\nvsvc64.dll
    2015-02-05 19:07:00 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
    2015-02-05 19:07:00 62792 ----a-w- C:\Windows\System32\nvshext.dll
    2015-02-05 19:07:00 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
    2015-02-05 19:06:59 385168 ----a-w- C:\Windows\System32\nvmctray.dll
    2015-02-05 12:50:11 4236870 ----a-w- C:\Windows\System32\nvcoproc.bin
    2015-01-16 06:41:34 1316184 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2015-01-16 06:41:34 1278920 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2015-01-16 06:41:18 1756424 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2015-01-16 06:41:18 1514528 ----a-w- C:\Windows\System32\nvspcap64.dll
    2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
    2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
    2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
    2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
    2015-01-13 04:15:56 30536 ----a-w- C:\Windows\System32\nvhdap64.dll
    2015-01-13 04:15:56 195728 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2015-01-13 04:15:56 1540240 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-01-10 08:07:47 1895240 ----a-w- C:\Windows\System32\nvdispco6434725.dll
    2015-01-10 08:07:47 1556808 ----a-w- C:\Windows\System32\nvdispgenco6434725.dll
    2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
    2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
    2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-12-23 05:41:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
    2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
    2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
    2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
    2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
    2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    .
    ============= FINISH: 18:08:58.59 ===============
     
  5. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/26/2015
    Scan Time: 6:12:25 PM
    Logfile: MB Scan.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.26.05
    Rootkit Database: v2015.02.25.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jonathan

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 347172
    Time Elapsed: 14 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  6. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Those are all the logs I read about in the 4 step process.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  8. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jonathan [Administrator]
    Mode : Delete -- Date : 02/26/2015 20:38:00

    ¤¤¤ Processes : 2 ¤¤¤
    [Proc.Injected] iexplore.exe(5020) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe[7] -> Killed [TermProc]
    [Proc.Injected] iexplore.exe(4672) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[7] -> Killed [TermProc]

    ¤¤¤ Registry : 16 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\Jonathan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7][x][x] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify : "C:\Users\Jonathan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" -> ERROR [2]
    [Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_2A68\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 2 ¤¤¤
    [Suspicious.Path] \\Special IC Runner -- %LOCALAPPDATA%\94326C2B-CE11-7E49-905D-D48F74805FB7\Runner.exe -> Deleted
    [Suspicious.Path] \Microsoft\Windows\Maintenance\Advanced IC Updating -- %LOCALAPPDATA%\94326C2B-CE11-7E49-905D-D48F74805FB7\Runner.exe (--Update) -> Deleted

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS545050A7E380 ATA Device +++++
    --- User ---
    [MBR] ca829f439db923c89d792ca17351a892
    [BSP] 4ceb0338cd0b3ba13a1703e13d6c2f19 : Empty MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD10EZEX-00UD2A0 ATA Device +++++
    --- User ---
    [MBR] b0769afa2ed7e29f1cb8a4d31153e2c7
    [BSP] d12ecf04e32f930a13022a6fe6a674a9 : Windows Vista/7/8 MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: WDC WD5000AAKS-75YGA0 ATA Device +++++
    --- User ---
    [MBR] 8613fd5b0bf2411166ba6d2392e2f398
    [BSP] 87e0a6daa1b8373506d23575f609403c : Windows Vista/7/8 MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02232015_163130.log - RKreport_SCN_02262015_202116.log
     
  9. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Malwarebytes Anti-Rootkit BETA 1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.26.05
    rootkit: v2015.02.25.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17633
    Jonathan :: JONATHAN-PC [administrator]

    2/26/2015 8:44:43 PM
    mbar-log-2015-02-26 (20-44-43).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 356218
    Time elapsed: 9 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17633

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, J:\ DRIVE_FIXED, P:\ DRIVE_FIXED
    CPU speed: 3.500000 GHz
    Memory total: 25710981120, free: 20067930112

    Downloaded database version: v2015.02.26.05
    Downloaded database version: v2015.02.25.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/26/2015 20:44:38
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\DRIVERS\kl1.sys
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\system32\DRIVERS\CSCrySec.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\asahci64.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\klif.sys
    \SystemRoot\system32\DRIVERS\klflt.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\kltdi.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\bflwfx64.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\klim6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\kneps.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\CSVirtualDiskDrv.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\e22w7x64.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ISCTD64.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\mcdbus.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\iBtFltCoex.sys
    \SystemRoot\system32\DRIVERS\btmhsf.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\imsevent.sys
    \SystemRoot\system32\DRIVERS\klmouflt.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_asahci64.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\btmaux.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\ikbevent.sys
    \SystemRoot\system32\DRIVERS\klkbdflt.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
    \??\C:\Windows\System32\Drivers\INETMON.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\oleaut32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\usp10.dll
    \Windows\System32\msctf.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\shell32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\psapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.26.05
    rootkit: v2015.02.25.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa8013b5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8013b5bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8013b5b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8013718680, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8013943790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8013826930, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8013943790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8013210680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4FA641A5

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976766976

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8013b5a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8013b5ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8013b5a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801321a680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 9DCDE248

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Drive 2
    This is a System drive
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 28000000

    Partition information:

    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 96327

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 98304 Numsec = 31457280

    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31555584 Numsec = 945215488
    Partition file system is NTFS
    Partition is bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-2-31555584-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removal finished
     
  11. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Okay, that should be all of the next phase reports you wanted from me.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    ComboFix 15-02-16.01 - Jonathan 02/26/2015 23:02:18.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.24520.19392 [GMT -5:00]
    Running from: c:\downloads\ComboFix.exe
    AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-27 to 2015-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-27 04:05 . 2015-02-27 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-27 01:44 . 2015-02-27 01:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-26 06:21 . 2015-02-16 09:21 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE8F22F5-CAED-47FA-949F-E29D97D0C9D5}\mpengine.dll
    2015-02-26 00:46 . 2015-02-26 00:46 -------- d-----w- c:\program files (x86)\Common Files\Java
    2015-02-25 21:35 . 2015-02-26 22:42 -------- d-----w- c:\users\Jonathan\AppData\Local\Spotify
    2015-02-25 21:35 . 2015-02-27 01:15 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Spotify
    2015-02-25 01:01 . 2015-02-25 01:02 -------- d-----w- c:\windows\F94A63D79A61403B8F6F90B1BF77211A.TMP
    2015-02-24 23:08 . 2015-02-24 23:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2015-02-23 22:30 . 2015-02-23 22:30 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Enigma Software Group
    2015-02-23 22:30 . 2015-02-23 22:30 -------- d-----w- C:\sh4ldr
    2015-02-23 22:30 . 2015-02-23 22:30 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
    2015-02-23 22:30 . 2015-02-24 23:11 -------- d-----w- c:\program files\Enigma Software Group
    2015-02-23 21:25 . 2015-02-27 01:17 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-23 21:25 . 2015-02-23 21:25 -------- d-----w- c:\programdata\RogueKiller
    2015-02-23 00:04 . 2015-02-23 00:08 -------- d-----w- c:\users\Jonathan\AppData\Roaming\nXtRender
    2015-02-23 00:04 . 2015-02-23 00:04 -------- d-----w- c:\users\Jonathan\AppData\Roaming\SunScape
    2015-02-23 00:04 . 2015-02-23 00:04 -------- d-----w- c:\users\Jonathan\AppData\Roaming\RPS
    2015-02-22 20:50 . 2015-02-22 20:50 43664 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
    2015-02-22 19:43 . 2015-02-22 20:48 -------- d-----w- c:\programdata\HitmanPro
    2015-02-22 19:39 . 2015-02-22 19:39 -------- d-----w- c:\users\Jonathan\AppData\Local\CrashRpt
    2015-02-22 15:41 . 2015-02-22 15:41 -------- d-----w- c:\users\Jonathan\AppData\Roaming\lmaejkkt
    2015-02-22 15:38 . 2015-02-22 15:40 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Opera Software
    2015-02-22 15:38 . 2015-02-22 15:40 -------- d-----w- c:\users\Jonathan\AppData\Local\Opera Software
    2015-02-22 15:38 . 2015-02-22 15:40 -------- d-----w- c:\program files (x86)\Opera
    2015-02-22 15:37 . 2015-02-22 15:55 -------- d-----w- c:\programdata\{673ac9b5-871c-e348-673a-ac9b587126d6}
    2015-02-22 15:37 . 2015-02-23 18:54 -------- d-----w- c:\users\Jonathan\AppData\Local\94326C2B-CE11-7E49-905D-D48F74805FB7
    2015-02-21 17:23 . 2015-02-21 17:24 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Render Plus Systems
    2015-02-21 17:23 . 2015-02-21 17:23 -------- d-----w- c:\programdata\Render Plus Systems
    2015-02-21 17:17 . 2015-02-21 17:18 -------- d-----w- c:\program files\AccuRender nXt
    2015-02-21 17:17 . 2003-09-03 07:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
    2015-02-21 17:17 . 2003-09-03 07:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
    2015-02-21 17:17 . 2003-09-03 07:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
    2015-02-21 17:17 . 2003-09-03 07:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
    2015-02-21 17:17 . 2003-09-03 07:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
    2015-02-21 17:17 . 2015-02-21 17:17 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
    2015-02-21 17:17 . 2015-02-21 17:17 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
    2015-02-21 15:01 . 2015-02-21 15:01 -------- d-----w- c:\program files (x86)\BitComet
    2015-02-20 23:06 . 2015-02-25 01:43 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-02-17 21:55 . 2015-02-21 15:13 -------- d-----w- c:\users\Jonathan\AppData\Roaming\timote
    2015-02-17 21:54 . 2015-02-17 21:54 -------- d-----w- c:\program files (x86)\timote
    2015-02-13 03:57 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2015-02-13 03:57 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
    2015-02-13 03:57 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2015-02-13 03:57 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
    2015-02-11 21:42 . 2015-02-05 17:57 621384 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2015-02-11 11:59 . 2015-01-10 06:48 341504 ----a-w- c:\windows\system32\schannel.dll
    2015-02-11 11:58 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
    2015-02-11 11:58 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
    2015-02-11 11:58 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
    2015-02-11 11:58 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2015-02-11 11:58 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2015-02-11 11:58 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
    2015-02-11 11:58 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
    2015-02-11 11:58 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
    2015-02-11 11:58 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2015-02-11 11:58 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-27 01:44 . 2014-10-26 16:55 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-27 01:43 . 2014-10-26 16:54 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-26 00:45 . 2014-12-29 19:52 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2015-02-26 00:45 . 2014-12-29 19:45 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2015-02-17 09:50 . 2013-11-12 00:25 177864 ----a-w- c:\windows\system32\drivers\kneps.sys
    2015-02-12 08:01 . 2014-04-18 20:07 116773704 ----a-w- c:\windows\system32\MRT.exe
    2015-02-05 21:01 . 2015-01-24 17:24 32106640 ----a-w- c:\windows\system32\nvoglv64.dll
    2015-02-05 21:01 . 2015-01-24 17:24 17253848 ----a-w- c:\windows\system32\nvd3dumx.dll
    2015-02-05 21:01 . 2014-11-22 14:27 16017040 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2015-02-05 21:01 . 2014-04-17 20:32 74056 ----a-w- c:\windows\system32\OpenCL.dll
    2015-02-05 21:01 . 2014-04-17 20:32 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2015-02-05 21:01 . 2014-04-17 20:26 18575880 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2015-02-05 21:01 . 2014-04-17 20:26 14119744 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2015-02-05 21:01 . 2014-04-17 20:25 3299512 ----a-w- c:\windows\system32\nvapi64.dll
    2015-02-05 21:01 . 2014-04-17 20:25 2902784 ----a-w- c:\windows\SysWow64\nvapi.dll
    2015-02-05 19:07 . 2014-04-18 20:09 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 19:07 . 2014-04-18 20:09 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 19:07 . 2014-04-17 20:33 6861128 ----a-w- c:\windows\system32\nvcpl.dll
    2015-02-05 19:07 . 2014-04-17 20:33 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
    2015-02-05 19:07 . 2014-04-17 20:33 935056 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-02-05 19:07 . 2014-04-17 20:33 62792 ----a-w- c:\windows\system32\nvshext.dll
    2015-02-05 19:07 . 2014-04-17 20:33 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-02-05 19:06 . 2014-04-17 20:33 385168 ----a-w- c:\windows\system32\nvmctray.dll
    2015-02-05 12:50 . 2014-04-17 20:33 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
    2015-01-16 06:41 . 2014-07-31 09:51 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2015-01-16 06:41 . 2014-05-27 09:27 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2015-01-16 06:41 . 2014-07-31 09:51 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
    2015-01-16 06:41 . 2014-05-27 09:27 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
    2015-01-14 04:03 . 2014-04-25 20:05 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2015-01-13 04:15 . 2015-01-24 17:24 30536 ----a-w- c:\windows\system32\nvhdap64.dll
    2015-01-13 04:15 . 2015-01-24 17:24 195728 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2015-01-13 04:15 . 2014-04-17 20:33 1540240 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2015-01-10 08:07 . 2015-01-24 17:24 1895240 ----a-w- c:\windows\system32\nvdispco6434725.dll
    2015-01-10 08:07 . 2015-01-24 17:24 1556808 ----a-w- c:\windows\system32\nvdispgenco6434725.dll
    2014-12-23 05:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
    2014-12-19 03:06 . 2015-01-14 08:11 210432 ----a-w- c:\windows\system32\profsvc.dll
    2014-12-19 01:46 . 2015-01-14 08:11 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
    2014-12-11 17:47 . 2015-01-14 08:11 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
    2014-12-06 04:17 . 2015-01-14 08:11 303616 ----a-w- c:\windows\system32\nlasvc.dll
    2014-12-06 03:50 . 2015-01-14 08:11 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
    2014-12-06 03:50 . 2015-01-14 08:11 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 04:03 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2014-11-17 22:03 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
    "timote"="c:\program files (x86)\timote\timote.exe" [2015-02-11 2828200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2013-08-16 711680]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
    "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-11-12 1047536]
    "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
    .
    c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-9-22 576000]
    Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-26 195240]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    ISCTSystray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]
    Killer Network Manager.lnk - c:\windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe -minimize [2014-4-17 72040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
    R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 MSICDSetup;MSICDSetup;e:\cdriver64.sys;e:\CDriver64.sys [x]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;e:\ntiolib_x64.sys;e:\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
    R4 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
    R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
    S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Qualcomm Atheros Killer Service V2;Qualcomm Atheros Killer Service V2;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe;c:\program files\Qualcomm Atheros\Network Manager\KillerService.exe [x]
    S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe;c:\program files\Enigma Software Group\SpyHunter\SH4Service.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
    S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
    S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-18 19:07]
    .
    2015-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000Core.job
    - c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25 13:03]
    .
    2015-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000UA.job
    - c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25 13:03]
    .
    2015-02-26 c:\windows\Tasks\SpyHunter4.job
    - c:\program files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-23 22:30]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2014-11-17 22:04 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-10-17 7202008]
    "MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-08-29 40576]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2013-10-18 184632]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-10-09 7818040]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-01-16 1514528]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
    SafeBoot-34074212.sys
    HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-02-26 23:07:20
    ComboFix-quarantined-files.txt 2015-02-27 04:07
    .
    Pre-Run: 321,690,329,088 bytes free
    Post-Run: 322,542,592,000 bytes free
    .
    - - End Of File - - BBE255677B8DCF5440E1D941E9AC80F0
    5FB38429D5D77768867C76DCBDB35194
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Is audio still there?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    I turned the audio on for 30 minutes this morning and didn't hear anything. Which is a huge improvement over hearing someone try to sell me a car every minute. I'm running your last post of scans now.
     
  16. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Of course right after I post this a Dual Power Carpet Wash commercial came through, so I'm still getting the ad audio in the background.
     
  17. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    # AdwCleaner v4.111 - Logfile created 27/02/2015 at 06:37:04
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : Jonathan - JONATHAN-PC
    # Running from : C:\Users\Jonathan\Downloads\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Jonathan\AppData\Local\CrashRpt

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v36.0 (x86 en-US)


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [36585 bytes] - [10/11/2013 20:10:27]
    AdwCleaner[R1].txt - [1073 bytes] - [27/02/2015 06:35:54]
    AdwCleaner[S0].txt - [34220 bytes] - [10/11/2013 20:11:24]
    AdwCleaner[S1].txt - [1006 bytes] - [27/02/2015 06:37:04]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1065 bytes] ##########
     
  18. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by Jonathan on Fri 02/27/2015 at 6:46:19.86
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/27/2015 at 6:48:13.80
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
    Ran by Jonathan (administrator) on JONATHAN-PC on 27-02-2015 06:55:04
    Running from C:\Users\Jonathan\Downloads
    Loaded Profiles: Jonathan (Available profiles: Jonathan)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
    (MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    () C:\Program Files (x86)\timote\timote.exe
    (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (MSI) C:\Program Files (x86)\MSI\MSITrigger\Direct OC\Direct OC_Gui.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202008 2013-10-17] (Realtek Semiconductor)
    HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-10-18] (Motorola Solutions, Inc.)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
    HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [1047536 2013-11-12] (MSI)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\Run: [timote] => C:\Program Files (x86)\timote\timote.exe [2828200 2015-02-11] ()
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\Policies\Explorer: []
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
    ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4E08CC97-912D-458B-8705-9A14C325532F}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
    Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    Startup: C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> {4B14E74D-634B-4FBD-95C2-431876ECF405} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Toolbar: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-395223655-1785353969-2611001670-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-395223655-1785353969-2611001670-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: Soundcloud Player - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\soundcloud-player@mikedeboer.nl [2015-01-09]
    FF Extension: BitComet Video Downloader - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2015-02-21]
    FF Extension: CleanTube - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\jid0-Oh6YfHwkh8Cb1Y4efKhBukwKfB0@jetpack.xpi [2014-10-25]
    FF Extension: SoundCloud Downloader - SC DOWNLOADER - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\jid1-mW7iuA66Ny8Ziw@jetpack.xpi [2014-10-25]
    FF Extension: YouTube™ HD Plus - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\jid1-wkCmfgboni3B1Q@jetpack.xpi [2014-10-25]
    FF Extension: Open In Chrome - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\openinchrome@griffeltavla.wordpress.com.xpi [2014-10-25]
    FF Extension: Adblock Plus - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-25]
    FF Extension: DownThemAll! - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-10-25]
    FF Extension: YouTube Flash Video Player - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\r57mhtc2.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2014-10-25]
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-11-17]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-17]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
    FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-11-17]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-11-17]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-11-17]

    Chrome:
    =======
    CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-26]
    CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-26]
    CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-26]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-30]
    CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-26]
    CHR Extension: (Google Cast) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-10-26]
    CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-26]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2015-01-25]
    CHR Extension: (Google Sheets) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-26]
    CHR Extension: (EditThisCookie) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-26]
    CHR Extension: (Hola Better Internet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-26]
    CHR Extension: (Night Time In New York City) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2014-10-26]
    CHR Extension: (Skype Click to Call) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-25]
    CHR Extension: (Kaspersky Protection) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2015-01-25]
    CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-26]
    CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-26]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
    R3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
    S3 BITCOMET_HELPER_SERVICE; C:\Program Files (x86)\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
    S4 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161776 2013-09-09] (MSI)
    R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
    R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-23] (Enigma Software Group USA, LLC.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
  20. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
    R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
    R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
    R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-02-23] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-23] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-22] ()
    R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
    R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
    R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
    R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-17] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-11-17] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-11-17] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-11-17] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-26] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 06:55 - 2015-02-27 06:55 - 00031541 _____ () C:\Users\Jonathan\Downloads\FRST.txt
    2015-02-27 06:55 - 2015-02-27 06:55 - 00000000 ____D () C:\FRST
    2015-02-27 06:54 - 2015-02-27 06:54 - 02087936 _____ (Farbar) C:\Users\Jonathan\Downloads\FRST64.exe
    2015-02-27 06:48 - 2015-02-27 06:48 - 00000632 _____ () C:\Users\Jonathan\Desktop\JRT.txt
    2015-02-27 06:44 - 2015-02-27 06:45 - 01388274 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT(1).exe
    2015-02-27 06:39 - 2015-02-27 06:39 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\CrashRpt
    2015-02-27 06:33 - 2015-02-27 06:33 - 02126848 _____ () C:\Users\Jonathan\Downloads\adwcleaner_4.111(1).exe
    2015-02-26 23:07 - 2015-02-26 23:07 - 00035742 _____ () C:\ComboFix.txt
    2015-02-26 23:00 - 2015-02-26 23:07 - 00000000 ____D () C:\Qoobox
    2015-02-26 23:00 - 2015-02-26 23:06 - 00000000 ____D () C:\Windows\erdnt
    2015-02-26 23:00 - 2015-02-26 23:00 - 00004066 _____ () C:\Users\Jonathan\Desktop\instructions.txt
    2015-02-26 23:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-26 23:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-26 23:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-26 23:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-26 23:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-26 23:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-26 23:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-26 23:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-26 20:44 - 2015-02-26 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-26 20:43 - 2015-02-26 20:59 - 00000000 ____D () C:\Users\Jonathan\Desktop\mbar
    2015-02-26 20:43 - 2015-02-26 20:43 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Jonathan\Downloads\mbar-1.09.1.1004.exe
    2015-02-26 20:15 - 2015-02-26 20:16 - 15536728 _____ () C:\Users\Jonathan\Downloads\RogueKiller(1).exe
    2015-02-26 18:33 - 2015-02-27 06:38 - 00000400 _____ () C:\Windows\Tasks\SpyHunter4.job
    2015-02-26 18:33 - 2015-02-26 18:33 - 00003238 _____ () C:\Windows\System32\Tasks\SpyHunter4
    2015-02-26 18:28 - 2015-02-26 18:28 - 00001063 _____ () C:\Users\Jonathan\Desktop\MB Scan.txt
    2015-02-26 18:09 - 2015-02-26 18:09 - 00009578 _____ () C:\Users\Jonathan\Desktop\attach.txt
    2015-02-26 18:09 - 2015-02-26 18:08 - 00037580 _____ () C:\Users\Jonathan\Desktop\dds.txt
    2015-02-26 18:07 - 2015-02-26 18:07 - 00688992 ____R (Swearware) C:\Users\Jonathan\Downloads\dds.com
    2015-02-25 17:58 - 2015-02-25 17:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-02-25 16:35 - 2015-02-26 20:15 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Spotify
    2015-02-25 16:35 - 2015-02-26 17:42 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Spotify
    2015-02-25 16:35 - 2015-02-25 16:35 - 00001784 _____ () C:\Users\Jonathan\Desktop\Spotify.lnk
    2015-02-25 16:35 - 2015-02-25 16:35 - 00001770 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-02-25 16:34 - 2015-02-25 16:34 - 00137888 _____ (Spotify Ltd) C:\Users\Jonathan\Downloads\SpotifySetup(1).exe
    2015-02-24 20:01 - 2015-02-24 20:02 - 00000000 ____D () C:\Windows\F94A63D79A61403B8F6F90B1BF77211A.TMP
    2015-02-24 18:21 - 2015-02-24 18:21 - 01388274 _____ (Thisisu) C:\Users\Jonathan\Downloads\JRT.exe
    2015-02-23 18:55 - 2015-02-23 18:56 - 00015298 _____ () C:\sh4_service.log
    2015-02-23 18:52 - 2015-02-23 17:30 - 00285747 _____ () C:\shldr
    2015-02-23 18:52 - 2015-02-23 17:30 - 00008192 _____ () C:\shldr.mbr
    2015-02-23 17:30 - 2015-02-24 18:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2015-02-23 17:30 - 2015-02-23 17:30 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Jonathan\Downloads\SpyHunter-Installer.exe
    2015-02-23 17:30 - 2015-02-23 17:30 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
    2015-02-23 17:30 - 2015-02-23 17:30 - 00001089 _____ () C:\Users\Jonathan\Desktop\SpyHunter.lnk
    2015-02-23 17:30 - 2015-02-23 17:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2015-02-23 17:30 - 2015-02-23 17:30 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Enigma Software Group
    2015-02-23 17:30 - 2015-02-23 17:30 - 00000000 ____D () C:\sh4ldr
    2015-02-23 16:25 - 2015-02-26 20:17 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-23 16:25 - 2015-02-23 16:25 - 15536728 _____ () C:\Users\Jonathan\Downloads\RogueKiller.exe
    2015-02-23 16:25 - 2015-02-23 16:25 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-23 16:09 - 2015-02-23 16:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jonathan\Downloads\tdsskiller.exe
    2015-02-23 13:54 - 2015-02-23 13:54 - 00056045 _____ () C:\spyhunter.log
    2015-02-22 19:04 - 2015-02-22 19:08 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\nXtRender
    2015-02-22 19:04 - 2015-02-22 19:04 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\SunScape
    2015-02-22 19:04 - 2015-02-22 19:04 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\RPS
    2015-02-22 15:50 - 2015-02-22 15:50 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-02-22 15:47 - 2015-02-22 15:47 - 00001148 _____ () C:\Windows\system32\.crusader
    2015-02-22 14:43 - 2015-02-22 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-02-22 14:43 - 2015-02-22 14:43 - 10995632 _____ (SurfRight B.V.) C:\Users\Jonathan\Downloads\HitmanPro_x64.exe
    2015-02-22 14:09 - 2015-02-22 14:09 - 02126848 _____ () C:\Users\Jonathan\Downloads\adwcleaner_4.111.exe
    2015-02-22 13:36 - 2015-02-22 13:36 - 00000000 _____ () C:\Users\Jonathan\Downloads\Amanda Meals(1).xlsm
    2015-02-22 10:44 - 2015-02-22 10:44 - 00262144 _____ () C:\Windows\system32\config\elam
    2015-02-22 10:41 - 2015-02-22 10:41 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\lmaejkkt
    2015-02-22 10:38 - 2015-02-22 10:40 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Opera Software
    2015-02-22 10:38 - 2015-02-22 10:40 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Opera Software
    2015-02-22 10:38 - 2015-02-22 10:40 - 00000000 ____D () C:\Program Files (x86)\Opera
    2015-02-22 10:37 - 2015-02-23 13:54 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\94326C2B-CE11-7E49-905D-D48F74805FB7
    2015-02-22 10:37 - 2015-02-22 10:55 - 00000000 ____D () C:\ProgramData\{673ac9b5-871c-e348-673a-ac9b587126d6}
    2015-02-22 10:32 - 2015-02-22 10:32 - 01110476 _____ () C:\Users\Jonathan\Downloads\Setup [1].exe
    2015-02-22 10:31 - 2015-02-22 10:31 - 00695616 _____ (Generic program ) C:\Users\Jonathan\Downloads\Setup.exe
    2015-02-21 17:54 - 2015-02-21 17:54 - 00209650 _____ () C:\Users\Jonathan\Downloads\Microwave_-_Over_Range.rfa
    2015-02-21 17:54 - 2015-02-21 17:54 - 00209650 _____ () C:\Users\Jonathan\Downloads\Microwave_-_Over_Range (1).rfa
    2015-02-21 17:52 - 2015-02-21 17:52 - 00350854 _____ () C:\Users\Jonathan\Downloads\Mikrovlnka.dwg
    2015-02-21 17:51 - 2015-02-21 17:51 - 00073127 _____ () C:\Users\Jonathan\Downloads\Thermador Built-in Microwave MBES.dwg
    2015-02-21 17:06 - 2015-02-21 17:07 - 01772937 _____ () C:\Users\Jonathan\Downloads\GR30_3D.zip
    2015-02-21 17:03 - 2015-02-21 17:03 - 00668411 _____ () C:\Users\Jonathan\Downloads\M_Range_Bosch_Express_5_Burners.rfa
    2015-02-21 17:02 - 2015-02-21 17:02 - 00324321 _____ () C:\Users\Jonathan\Downloads\Stove.rfa
    2015-02-21 14:22 - 2015-02-21 14:27 - 06906189 _____ () C:\Users\Jonathan\Downloads\BI-36U_S_3D.zip
    2015-02-21 12:23 - 2015-02-21 12:24 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Render Plus Systems
    2015-02-21 12:23 - 2015-02-21 12:23 - 00000000 ____D () C:\ProgramData\Render Plus Systems
    2015-02-21 12:17 - 2015-02-21 12:18 - 00000000 ____D () C:\Program Files\AccuRender nXt
    2015-02-21 12:16 - 2015-02-21 12:17 - 70311286 _____ (InstallShield Software Corporation) C:\Users\Jonathan\Downloads\arnxt64_0349-OA30.exe
    2015-02-21 10:19 - 2015-02-21 10:20 - 01055936 _____ (Adobe) C:\Users\Jonathan\Downloads\install_flashplayer16x32_mssd_aaa_aih.exe
    2015-02-21 10:01 - 2015-02-21 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
    2015-02-21 10:01 - 2015-02-21 10:01 - 00000000 ____D () C:\Program Files (x86)\BitComet
    2015-02-21 10:00 - 2015-02-21 10:00 - 08746568 _____ () C:\Users\Jonathan\Downloads\BitComet_1.37_x86_setup.exe
    2015-02-21 08:57 - 2015-02-21 08:57 - 00000000 ____D () C:\Users\Jonathan\Documents\AutoCAD Sheet Sets
    2015-02-20 18:06 - 2015-02-24 20:43 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2015-02-17 16:55 - 2015-02-21 10:13 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\timote
    2015-02-17 16:54 - 2015-02-17 16:54 - 04203784 _____ () C:\Users\Jonathan\Downloads\timote_installer.exe
    2015-02-17 16:54 - 2015-02-17 16:54 - 00000000 ____D () C:\Program Files (x86)\timote
    2015-02-12 22:57 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-12 22:57 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-12 22:57 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-12 22:57 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-11 16:42 - 2015-02-05 12:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2015-02-11 16:39 - 2015-02-05 16:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-02-11 16:39 - 2015-02-05 16:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-02-11 16:39 - 2015-02-05 16:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-02-11 06:59 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-11 06:59 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-11 06:59 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-11 06:59 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-11 06:59 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-11 06:59 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-11 06:59 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-11 06:59 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-11 06:59 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-11 06:59 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-11 06:59 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-11 06:59 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-11 06:59 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-11 06:59 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-11 06:59 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-11 06:59 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-11 06:59 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-11 06:59 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-11 06:59 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-11 06:59 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-11 06:59 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-11 06:59 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-11 06:59 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-11 06:59 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-11 06:59 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-11 06:59 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-11 06:59 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-11 06:59 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-11 06:59 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-11 06:59 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-11 06:59 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-11 06:59 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-11 06:59 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-11 06:59 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-11 06:59 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-11 06:59 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-11 06:59 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-11 06:59 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-11 06:59 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-11 06:59 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-11 06:59 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-11 06:59 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-11 06:59 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-11 06:59 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-11 06:59 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-11 06:59 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-11 06:59 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-11 06:59 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-11 06:59 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-11 06:59 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-11 06:59 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-11 06:59 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-11 06:59 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-11 06:59 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-11 06:59 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-11 06:59 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-11 06:59 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-11 06:59 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-11 06:59 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-11 06:59 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-11 06:59 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-11 06:59 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-11 06:59 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-11 06:59 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-11 06:59 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-11 06:59 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-11 06:59 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-11 06:59 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-11 06:59 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-11 06:59 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-11 06:59 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-11 06:59 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-11 06:59 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-11 06:59 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-11 06:58 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-11 06:58 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-11 06:58 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-11 06:58 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-11 06:58 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-11 06:58 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-11 06:58 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-11 06:58 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-11 06:58 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-11 06:58 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-01 13:52 - 2015-02-01 13:52 - 00000143 _____ () C:\Users\Jonathan\Documents\plot.log

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 06:44 - 2014-11-17 16:58 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-27 06:43 - 2014-04-17 06:01 - 01221516 _____ () C:\Windows\WindowsUpdate.log
    2015-02-27 06:39 - 2009-07-13 23:51 - 00139068 _____ () C:\Windows\setupact.log
    2015-02-27 06:38 - 2014-04-17 15:33 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-02-27 06:38 - 2010-11-20 22:47 - 01093396 _____ () C:\Windows\PFRO.log
    2015-02-27 06:38 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-27 06:37 - 2013-11-10 20:10 - 00000000 ____D () C:\AdwCleaner
    2015-02-27 06:37 - 2009-07-13 23:45 - 00020368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 06:37 - 2009-07-13 23:45 - 00020368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 06:36 - 2014-04-21 11:19 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\BitComet
    2015-02-27 06:21 - 2014-10-25 08:03 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000UA.job
    2015-02-27 06:07 - 2014-04-18 15:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-27 03:21 - 2014-10-25 08:03 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000Core.job
    2015-02-27 02:00 - 2014-06-07 16:39 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Adobe
    2015-02-26 23:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
    2015-02-26 23:06 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-26 20:44 - 2014-10-26 11:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-26 20:43 - 2014-10-26 11:54 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-26 20:15 - 2014-05-02 18:08 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\CrashDumps
    2015-02-25 19:49 - 2014-12-29 14:45 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-25 19:46 - 2014-12-29 14:52 - 00000000 ____D () C:\Program Files\Java
    2015-02-25 19:46 - 2014-12-29 14:45 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-25 19:45 - 2014-12-29 14:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2015-02-25 19:45 - 2014-12-29 14:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-25 19:33 - 2014-10-25 13:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-25 07:00 - 2014-04-17 15:21 - 00000000 ____D () C:\Users\Jonathan
    2015-02-25 06:09 - 2014-09-22 18:27 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\cache
    2015-02-24 21:14 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-24 21:12 - 2014-04-17 15:56 - 00000000 ____D () C:\Program Files\Google
    2015-02-24 21:12 - 2014-04-17 15:55 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-24 20:53 - 2014-04-25 15:01 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2015-02-24 20:48 - 2014-04-17 16:36 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\Adobe
    2015-02-24 20:47 - 2014-05-18 20:12 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\VERIZON
    2015-02-24 20:47 - 2014-04-30 17:26 - 00000000 ____D () C:\Program Files (x86)\NCH Software
    2015-02-24 20:46 - 2014-04-17 15:55 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\Google
    2015-02-24 20:04 - 2014-04-21 11:42 - 00000000 ____D () C:\ProgramData\Apple
    2015-02-23 19:11 - 2014-10-06 18:52 - 00277705 _____ () C:\Windows\system32\webservice4.log
    2015-02-23 19:00 - 2009-07-14 00:08 - 00024180 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-22 20:31 - 2014-09-20 09:07 - 00000000 ____D () C:\Users\Jonathan\Desktop\WEDDING
    2015-02-22 16:18 - 2009-07-14 00:13 - 00803274 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-22 14:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
    2015-02-22 14:00 - 2014-10-26 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-22 14:00 - 2014-10-26 11:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-22 10:40 - 2014-04-17 15:22 - 00001415 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-02-21 19:12 - 2014-09-20 17:35 - 00054811 _____ () C:\Users\Jonathan\Desktop\Real DB.xlsm
    2015-02-21 12:18 - 2014-04-17 15:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-02-21 10:01 - 2014-04-21 11:19 - 00001009 _____ () C:\Users\Public\Desktop\BitComet.lnk
    2015-02-21 09:20 - 2015-01-05 19:39 - 00000000 ____D () C:\Users\Jonathan\Desktop\Interior Design
    2015-02-17 08:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-17 06:54 - 2011-02-27 19:41 - 00011814 _____ () C:\Users\Jonathan\Desktop\Passwords.xlsx
    2015-02-17 04:50 - 2013-11-11 19:25 - 00177864 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
    2015-02-12 03:26 - 2009-07-13 23:45 - 00533496 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-12 03:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-12 03:06 - 2014-04-18 15:07 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-12 03:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-02-12 03:01 - 2014-04-18 15:07 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-11 16:42 - 2014-04-17 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2015-02-05 16:01 - 2015-01-24 12:24 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-02-05 16:01 - 2015-01-24 12:24 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-02-05 16:01 - 2014-11-22 09:27 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-02-05 16:01 - 2014-04-17 15:32 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2015-02-05 16:01 - 2014-04-17 15:32 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2015-02-05 16:01 - 2014-04-17 15:32 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
    2015-02-05 16:01 - 2014-04-17 15:26 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-02-05 16:01 - 2014-04-17 15:26 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-02-05 16:01 - 2014-04-17 15:25 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-02-05 16:01 - 2014-04-17 15:25 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-02-05 14:07 - 2014-04-18 15:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 14:07 - 2014-04-18 15:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 14:07 - 2014-04-18 15:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 14:07 - 2014-04-17 15:33 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-02-05 14:07 - 2014-04-17 15:33 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-02-05 14:07 - 2014-04-17 15:33 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-02-05 14:07 - 2014-04-17 15:33 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-02-05 14:07 - 2014-04-17 15:33 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-02-05 14:06 - 2014-04-17 15:33 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-02-05 07:50 - 2014-04-17 15:33 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
    2015-02-04 03:16 - 2014-10-25 08:03 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000UA
    2015-02-04 03:16 - 2014-10-25 08:03 - 00003504 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000Core

    ==================== Files in the root of some directories =======

    2014-09-22 19:25 - 2014-10-26 11:25 - 0000096 _____ () C:\Users\Jonathan\AppData\Roaming\WB.CFG
    2014-09-22 17:42 - 2014-09-22 17:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    Some content of TEMP:
    ====================
    C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-23 08:43

    ==================== End Of Log ============================
     
  21. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
    Ran by Jonathan at 2015-02-27 06:55:41
    Running from C:\Users\Jonathan\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky PURE 3.0 (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky PURE 3.0 (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky PURE 3.0 (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
    Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
    ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
    ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
    AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
    AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
    Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
    Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
    Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
    Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
    Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
    Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
    Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
    Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
    Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
    Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
    Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    BitComet 1.37 (HKLM-x32\...\BitComet) (Version: 1.37 - CometNetwork)
    BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
    ChromecastApp (HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Direct OC (HKLM-x32\...\{E39DE1F0-0A95-4AE8-B9D7-37C5AF360D35}_is1) (Version: 1.0.0.8 - MSI)
    FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
    GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
    Idle Crawler (HKLM-x32\...\94326C2B-CE11-7E49-905D-D48F74805FB7) (Version: 133.0.0.477 - OVERTON GLOBAL LLP) <==== ATTENTION
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
    Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
    NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
    NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    nXtRender_64 (HKLM-x32\...\{47D5E048-7C42-412E-8DCA-628595747DD9}) (Version: 2.1.1011.1 - )
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
    Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
    Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
    Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
    SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
    SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
    SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
    Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
    Spotify (HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.022 - MSI)
    Timote (HKLM-x32\...\timote) (Version: - )
    VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
    Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
    WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\lmaejkkt\tivesen.dll () <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    08-02-2015 00:00:01 Scheduled Checkpoint
    12-02-2015 03:00:12 Windows Update
    13-02-2015 03:00:18 Windows Update
    21-02-2015 00:00:08 Scheduled Checkpoint
    21-02-2015 12:18:09 Installed nXtRender_64
    21-02-2015 12:20:03 Installed Microsoft Visual C++ 2005 Redistributable (x64)
    22-02-2015 15:46:51 Checkpoint by HitmanPro
    22-02-2015 15:47:24 Checkpoint by HitmanPro
    24-02-2015 18:10:48 Installed RegHunter
    24-02-2015 20:01:45 Removed RegHunter
    24-02-2015 20:03:26 Removed Apple Application Support (64-bit)
    24-02-2015 20:03:57 Removed Apple Application Support (32-bit)
    24-02-2015 20:07:22 Removed Apple Mobile Device Support
    24-02-2015 20:42:03 Removed iTunes
    24-02-2015 20:45:16 Removed Bonjour
    24-02-2015 20:45:52 Removed Apple Software Update
    26-02-2015 01:21:02 Windows Update
    26-02-2015 20:40:21 Before Scans

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-02-26 23:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {06CF2A0E-9F30-4519-9DFB-92AFD9ADE53C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {2C782120-B70D-4704-BA29-68BAAB160A16} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
    Task: {2F207378-5F81-454D-86E1-1784B435B2A6} - System32\Tasks\{6BB517CD-F4B4-49C8-A829-81188BA165C6} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: {449E94EC-0E42-43C3-937A-59D2EDCF9924} - \SMWPUpd No Task File <==== ATTENTION
    Task: {52237D52-778D-49EA-98A1-CE54DA62EBB2} - System32\Tasks\AdobeAAMUpdater-1.0-Jonathan-PC-Jonathan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
    Task: {59BE8D3A-09E3-472D-B9C3-3E205848FEAD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {5D566D67-865B-4411-A563-4EA537D04BE2} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
    Task: {71386820-C66E-4FD1-8D80-09E547B17FFD} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-23] (Enigma Software Group USA, LLC.)
    Task: {73477CB0-4CD6-4CDA-8C33-6FBFE6CB34A6} - \{EC0EC13C-1544-4FB5-AD6C-72A18EE6AD49} No Task File <==== ATTENTION
    Task: {7C98D1F7-D425-46CD-B44A-EFDCC13CD2F2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {972ABADA-B929-49C5-8FD9-CFD1EF2345E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
    Task: {D2DE24B1-120D-4517-A6A1-3646088DC539} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
    Task: {D557EFE3-F8C2-46D0-A191-22CD67EA17BB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
    Task: {D5C5D09F-B61E-428B-9F74-DD4C81950FFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000Core => C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
    Task: {F6264E4A-D2BA-4CC8-88DC-60D1EB708C39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000UA => C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000Core.job => C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-395223655-1785353969-2611001670-1000UA.job => C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-04-17 15:33 - 2015-02-05 14:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-25 15:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-08-01 16:31 - 2013-08-01 16:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-08-01 16:31 - 2013-08-01 16:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-08-01 16:31 - 2013-08-01 16:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
    2013-02-04 23:21 - 2013-02-04 23:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
    2015-02-11 10:14 - 2015-02-11 10:14 - 02828200 _____ () C:\Program Files (x86)\timote\timote.exe
    2013-08-08 13:35 - 2013-08-08 13:35 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
    2015-02-24 20:50 - 2014-12-23 14:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-02-11 10:14 - 2015-02-11 10:14 - 00113064 _____ () C:\Program Files (x86)\timote\msgdll.dll
    2015-02-11 10:14 - 2015-02-11 10:14 - 01515432 _____ () C:\Program Files (x86)\timote\libspotify.dll
    2015-02-11 10:14 - 2015-02-11 10:14 - 00261032 _____ () C:\Program Files (x86)\timote\CrashRpt1403.dll
    2014-11-17 19:37 - 2014-11-17 19:37 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2014-07-03 05:45 - 2014-07-03 05:45 - 32733056 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libcef.dll
    2014-07-03 05:45 - 2014-07-03 05:45 - 00742784 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libglesv2.dll
    2014-07-03 05:45 - 2014-07-03 05:45 - 00136576 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CEF\libegl.dll
    2014-04-17 15:57 - 2013-09-16 14:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
    2015-02-22 10:41 - 2015-02-22 10:41 - 00133120 _____ () C:\Users\Jonathan\AppData\Roaming\lmaejkkt\colers.dll
    2015-02-24 20:50 - 2014-12-23 13:08 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
    2015-02-05 14:07 - 2015-02-05 14:07 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: ASGT => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: CSObjectsSrv => 2
    MSCONFIG\Services: MyWiFiDHCPDNS => 3

    ==================== Accounts: =============================

    Administrator (S-1-5-21-395223655-1785353969-2611001670-500 - Administrator - Disabled)
    Guest (S-1-5-21-395223655-1785353969-2611001670-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-395223655-1785353969-2611001670-1003 - Limited - Enabled)
    Jonathan (S-1-5-21-395223655-1785353969-2611001670-1000 - Administrator - Enabled) => C:\Users\Jonathan

    ==================== Faulty Device Manager Devices =============

    Name: Intel(R) Centrino(R) Wireless-N 2230
    Description: Intel(R) Centrino(R) Wireless-N 2230
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Intel Corporation
    Service: NETwNs64
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-26 23:05:47.266
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-26 23:05:47.255
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz
    Percentage of memory in use: 14%
    Total physical RAM: 24519.9 MB
    Available physical RAM: 21006.07 MB
    Total Pagefile: 49037.99 MB
    Available Pagefile: 45330.1 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:300.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.7 GB) NTFS
    Drive e: (X9318A0) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
    Drive f: (acad2014) (CDROM) (Total:3.04 GB) (Free:0 GB) CDFS
    Drive j: (Extra Space) (Fixed) (Total:931.51 GB) (Free:723.37 GB) NTFS
    Drive p: (PS4) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 4FA641A5)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9DCDE248)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 28000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  22. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    All I did for the last one was scan, you never said hit fix or anything, just want to be sure I'm doing it right.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    You did fine.

    [​IMG] Uninstall Idle Crawler.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  24. JayDiggles

    JayDiggles TS Rookie Topic Starter Posts: 43

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
    Ran by Jonathan at 2015-02-27 19:52:31 Run:1
    Running from C:\Users\Jonathan\Downloads
    Loaded Profiles: Jonathan (Available profiles: Jonathan)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    Toolbar: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-395223655-1785353969-2611001670-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2014-09-22 19:25 - 2014-10-26 11:25 - 0000096 _____ () C:\Users\Jonathan\AppData\Roaming\WB.CFG
    2014-09-22 17:42 - 2014-09-22 17:42 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe
    C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe /Automation No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe No File
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Jonathan\AppData\Roaming\lmaejkkt\tivesen.dll () <==== ATTENTION
    C:\Users\Jonathan\AppData\Roaming\lmaejkkt
    CustomCLSID: HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
    Task: {449E94EC-0E42-43C3-937A-59D2EDCF9924} - \SMWPUpd No Task File <==== ATTENTION
    Task: {73477CB0-4CD6-4CDA-8C33-6FBFE6CB34A6} - \{EC0EC13C-1544-4FB5-AD6C-72A18EE6AD49} No Task File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value deleted successfully.
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value deleted successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
    HKU\S-1-5-21-395223655-1785353969-2611001670-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh" => Key deleted successfully.
    catchme => Service deleted successfully.
    MSICDSetup => Service deleted successfully.
    NTIOLib_1_0_C => Service deleted successfully.
    VGPU => Service deleted successfully.
    C:\Users\Jonathan\AppData\Roaming\WB.CFG => Moved successfully.
    C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => Moved successfully.
    C:\Users\Jonathan\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Jonathan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}" => Key deleted successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}" => Key deleted successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}" => Key deleted successfully.
    C:\Users\Jonathan\AppData\Roaming\lmaejkkt => Moved successfully.
    "HKU\S-1-5-21-395223655-1785353969-2611001670-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{449E94EC-0E42-43C3-937A-59D2EDCF9924}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{449E94EC-0E42-43C3-937A-59D2EDCF9924}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWPUpd" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73477CB0-4CD6-4CDA-8C33-6FBFE6CB34A6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73477CB0-4CD6-4CDA-8C33-6FBFE6CB34A6}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EC0EC13C-1544-4FB5-AD6C-72A18EE6AD49}" => Key deleted successfully.

    ==== End of Fixlog 19:52:31 ====
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...