TechSpot

Had white screen freeze and found related post. Would like to try to clean.

By KnightCat
Dec 18, 2014
  1. Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/18/2014
    Scan Time: 8:57:07 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.18.03
    Rootkit Database: v2014.12.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: KnightCat

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 413164
    Time Elapsed: 20 min, 38 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.67.2
    Run by KnightCat at 10:16:46 on 2014-12-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32708.25708 [GMT -6:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    F:\Games\Steam2\Steam.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\KnightCat\AppData\Local\Workspace\workspacestatus.exe
    C:\Program Files (x86)\IndieVolume\IndieVolume.GUI.exe
    F:\Games\Steam2\bin\steamwebhelper.exe
    C:\Users\KnightCat\AppData\Local\Workspace\workspaceupdate.exe
    C:\Users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Users\KnightCat\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\SysWOW64\C2MP\TrayMenu.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Gizmo\gizmo.exe
    C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    C:\Program Files (x86)\Workspace\offSyncService.exe
    C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    C:\Program Files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\PowerMenu\PowerMenu.exe
    C:\Program Files (x86)\Gizmo\gservice.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Windows\SysWOW64\srvany.exe
    C:\Windows\KMService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\MediaMall\MediaMallServer.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\PROGRA~2\Raptr\raptr.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
    C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe
    C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe
    C:\PROGRA~2\Raptr\raptr_im.exe
    C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe
    C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    C:\Program Files (x86)\Raptr\raptr_ep64.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
    C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Program Files (x86)\MediaMall\MediaMallServer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
    C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe,
    BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - <orphaned>
    BHO: Skype4Salesforce.BrowserMonitor: {090F4A60-3146-41b5-8584-297FBF7D5B59} -
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} -
    uRun: [Steam] "F:\Games\Steam2\steam.exe" -silent
    uRun: [Google Update] "C:\Users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [AdobeBridge] <no file>
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [USBsupervisor] C:\Program Files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
    dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe -update activex
    StartupFolder: C:\Users\KNIGHT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\KNIGHT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONEDRI~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE
    StartupFolder: C:\Users\KNIGHT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POWERM~1.LNK - C:\Program Files (x86)\PowerMenu\PowerMenu.exe
    StartupFolder: C:\Users\KNIGHT~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\VERIZO~1.LNK - C:\Users\KnightCat\AppData\Roaming\VERIZON\UA_ar\UA.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~2.LNK - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Gizmo.lnk - C:\Program Files (x86)\Gizmo\gizmo.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: DisableCAD = dword:1
    mPolicies-System: SoftwareSASGeneration = dword:1
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\onbttnie.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxps://www.asus.com/support/asusTek_sys_ctrl3.cab
    DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.101/EDVR.CAB
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.99:5050/codebase/DVM_IPCam2.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{4FFF7218-10CA-4B50-B472-66A8952058BD} : DHCPNameServer = 192.168.1.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [Cm106Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\KnightCat\AppData\Roaming\Mozilla\Firefox\Profiles\ewzku24u.Seth\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={9BD985C1-17C8-42F9-A24E-AF49663426DB}&mid=27cb2d8fe60c44d99f3c4bf7da99ecdb-b846aedc0b47d38eeafd9f7ca50187f504336a34&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=&v=&pid=safeguard&sg=&sap=hp
    FF - prefs.js: keyword.URL -
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\MediaMall\toolbar\npVT.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
    FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\Users\KnightCat\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Users\KnightCat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npatgpc.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npgoogletalk.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npo1d.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npoff.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npoff.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npoff64.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npoff64.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npwbe.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npwbe.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
    FF - plugin: C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npwbe64.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
    FF - ExtSQL: !HIDDEN! 2013-03-18 20:03; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [2013-4-12 1457152]
    R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-11-25 449936]
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-13 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-13 267632]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-14 55280]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-3-12 28184]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-3-12 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-3-12 436624]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-20 50976]
    R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2014-2-12 34704]
    R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-10-24 44736]
    R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2014-4-21 401920]
    R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-3-14 920736]
    R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-3-14 951936]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-3-14 149120]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-7 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-12 83280]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-25 50344]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-25 104416]
    R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-5-1 123152]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-22 2443960]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
    R2 DisplayFusionService;DisplayFusionService;C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2014-8-27 3075440]
    R2 Dyn Updater;Dyn Updater;C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [2011-11-15 95608]
    R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2013-7-22 1187040]
    R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-3-18 241728]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-11 1148744]
    R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2014-2-12 34728]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-3-25 8704]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-2-5 259848]
    R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
    R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2014-10-17 5826352]
    R2 NVMS-SRV-CMS;NVMS-SRV-CMS;C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe [2014-5-17 155136]
    R2 NVMS-SRV-DB;NVMS-SRV-DB;C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe [2014-5-17 6562432]
    R2 NVMS-SRV-NRU;NVMS-SRV-NRU;C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe [2014-5-17 15872]
    R2 NVMS-SRV-VTDU;NVMS-SRV-VTDU;C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe [2014-5-17 14848]
    R2 NVMS-SRV-WATCH;NVMS-SRV-WATCH;C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe [2014-5-17 176640]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-11 1795912]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-11 19819848]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-5-13 39568]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-5-23 23552]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-6 3291008]
    R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2014-6-24 790880]
    R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-8 609056]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-8 409800]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-5-15 5024576]
    R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-25 271752]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-7-6 138568]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-7-6 415560]
    R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-25 4012248]
    R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2014-11-7 161048]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2014-11-7 708888]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2014-11-7 683288]
    R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);C:\Windows\System32\drivers\ICCWDT.sys [2013-4-12 26136]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\System32\drivers\LGPBTDD.sys [2009-7-1 30728]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-11 19784]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-19 38216]
    R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2013-3-11 13368]
    R3 SaiK1708;SaiK1708;C:\Windows\System32\drivers\SaiK1708.sys [2012-9-20 180544]
    R3 SaiU1708;SaiU1708;C:\Windows\System32\drivers\SaiU1708.sys [2012-9-20 47168]
    S2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-3-13 116728]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 IndieVolumeService;IndieVolume Service;C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [2013-11-1 182248]
    S2 MouseWithoutBordersSvc;Mouse without Borders Service;C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [2012-12-28 27872]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);C:\Windows\System32\drivers\ASUSstpt.sys [2013-4-12 24648]
    S3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);C:\Windows\System32\drivers\ASUSumsc.sys [2013-4-12 141896]
    S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\bitraider\BRSptSvc.exe [2013-4-26 909592]
    S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2014-11-7 161048]
    S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
    S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2014-11-7 708888]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2014-11-7 144152]
    S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2014-11-7 144152]
    S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2014-11-7 683288]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-11-15 110336]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-11-11 114688]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-9-12 178760]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-18 19456]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-11-15 206080]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-3-18 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-18 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-18 30208]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\System32\drivers\CM10664.sys [2014-2-25 1310720]
    S3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2013-3-14 17008]
    S3 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-3-3 1759768]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-3-18 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-5-1 402192]
    S4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-5-1 385808]
    S4 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-5-1 774928]
    S4 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-6-6 1141848]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="F:\Programs\Adobe Creative Suite\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="F:\Programs\Adobe Creative Suite\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-12-12 00:20:50 -------- d-sh--w- C:\Users\KnightCat\AppData\Local\EmieBrowserModeList
    2014-12-08 22:13:10 615624 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-12-08 22:12:34 2559808 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-12-08 20:08:57 98304 ----a-w- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2014-12-08 20:08:56 24576 ----a-w- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2014-12-08 20:08:50 1347584 ----a-w- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2014-12-08 20:08:23 98304 ----a-r- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\D\LGUTchkdl.dll
    2014-12-08 20:08:23 24576 ----a-r- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\D\LGEUSBAutorun.dll
    2014-12-07 20:07:58 -------- d-----w- C:\Users\KnightCat\AppData\Local\Ubisoft
    2014-11-30 22:16:52 -------- d-----w- C:\Windows\SysWow64\vbox
    2014-11-30 22:16:52 -------- d-----w- C:\Windows\System32\vbox
    2014-11-26 10:12:19 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBAA9514-9BB5-47F2-9355-8B0379F1719B}\offreg.dll
    2014-11-25 18:38:36 43152 ----a-w- C:\Windows\avastSS.scr
    2014-11-25 18:38:20 449936 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
    2014-11-22 05:20:51 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBAA9514-9BB5-47F2-9355-8B0379F1719B}\mpengine.dll
    2014-11-20 03:49:07 38216 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-11-20 03:49:07 32584 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-11-19 12:57:59 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-19 12:57:59 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-19 12:57:59 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-11-19 12:57:59 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-11-19 12:57:58 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-19 12:57:58 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-19 12:57:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-11-19 12:57:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ==================== Find3M ====================
    .
    2014-12-18 15:30:40 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-10 08:43:07 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 08:43:07 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-25 18:39:02 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-11-25 18:38:37 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-11-25 18:38:37 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-11-25 18:38:37 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-11-25 18:38:37 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-11-25 18:38:37 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-11-25 18:38:37 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-11-25 18:38:27 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-17 22:18:52 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-11-17 22:18:52 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-11-17 22:18:52 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-11-12 21:56:45 6897352 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-11-12 21:56:45 3534152 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-11-12 21:56:42 934032 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-11-12 21:56:42 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2014-11-12 21:56:42 386368 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-11-11 10:29:54 4100776 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-11-07 23:47:27 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2014-11-07 23:47:26 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2014-11-07 23:47:26 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2014-11-07 23:47:26 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2014-11-06 17:06:52 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-11-06 17:06:52 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-11-06 17:06:33 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-11-06 17:06:33 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-06 03:20:18 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-04 20:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
    2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
    2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-11 15:13:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-10-10 19:13:40 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-03 19:23:02 35144 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
    2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-10-02 19:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2014-10-02 19:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2014-09-25 00:54:46 144664 ----a-w- C:\Windows\SysWow64\secman.dll
    .
    ============= FINISH: 10:17:23.33 ===============
     
  3. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/14/2013 10:04:42 AM
    System Uptime: 12/18/2014 8:38:24 AM (2 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH X79
    Processor: Intel(R) Core(TM) i7-3960X CPU @ 3.30GHz | LGA2011 | 3301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 92.788 GiB free.
    D: is Removable
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 5589 GiB total, 2999.329 GiB free.
    G: is FIXED (NTFS) - 3726 GiB total, 3033.646 GiB free.
    I: is FIXED (NTFS) - 0 GiB total, 0.033 GiB free.
    M: is NetworkDisk (NTFS) - 7452 GiB total, 2338.359 GiB free.
    T: is NetworkDisk (NTFS) - 14904 GiB total, 6748.171 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_8086&DEV_1D3A&SUBSYS_84EF1043&REV_05\3&11583659&0&B0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_8086&DEV_1D3A&SUBSYS_84EF1043&REV_05\3&11583659&0&B0
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Hook Test Driver
    Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
    Manufacturer:
    Name: Hook Test Driver
    PNP Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
    Service: SDHookDriver
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\6&DBCE08D&0&7
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\6&DBCE08D&0&7
    Service:
    .
    ==== System Restore Points ===================
    .
    RP327: 11/25/2014 12:36:41 PM - avast! antivirus system restore point
    RP328: 11/25/2014 12:39:30 PM - Device Driver Package Install: Avast Network Service
    RP329: 12/2/2014 4:05:05 PM - Scheduled Checkpoint
    RP330: 12/6/2014 2:44:56 PM - Installed Samsung Kies3
    RP331: 12/12/2014 5:56:02 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    .
    ==== Installed Programs ======================
    .
    1954 Alcatraz
    4 Elements
    4500_Help
    64 Bit HP CIO Components Installer
    7-Zip 9.20 (x64 edition)
    7 Days to Die
    7th Legion
    8BitBoy
    911 - First Reponsders
    A Game of Thrones - Genesis
    A Game of Thrones version 0.4.3
    A Story About My Uncle
    Aarklash: Legacy
    Adobe After Effects CS5 Third Party Content
    Adobe After Effects CS5 Third Party Royalty Content
    Adobe AIR
    Adobe Community Help
    Adobe Connect 9 Add-in
    Adobe Creative Suite 5 Master Collection
    Adobe Download Assistant
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Media Encoder CS5 Dolby X64
    Adobe Media Encoder CS5 PCI X64
    Adobe Media Player
    Adobe Premiere Pro CS5 Third Party Royalty Content
    Adobe Soundbooth CS5 Codecs
    Adobe Soundbooth CS5 Royalty Codecs
    Aerena
    Age of Empires II: HD Edition
    Age of Empires® III: Complete Collection
    AI Suite II
    AI War: Fleet Command
    AIDA64 Extreme Edition v3.20
    Airport Simulator 2014
    Aliens: Colonial Marines
    AlternativA
    Amazon Games & Software Downloader
    Amazon Kindle
    Amnesia: A Machine for Pigs
    Anna - Extended Edition
    APB Reloaded
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcaniA – Gothic 4
    ArcheAge
    Archeage Beta
    ArcSoft MediaConverter 8
    Aria Karaoke Pro
    Arma 3 Alpha
    Armada 2526 Gold Edition
    Artemis Artemis
    Artisteer 4
    Asmedia ASM104x USB 3.0 Host Controller Driver
    Assassin's Creed Liberation
    Assassin's Creed Unity
    Assassin’s Creed® III
    Audacity 2.0.3
    AudibleManager
    AutoHotkey 1.1.13.01
    Avast Premier
    Back to the Future: Ep 1 - It's About Time
    Back to the Future: Ep 2 - Get Tannen!
    Back to the Future: Ep 3 - Citizen Brown
    Back to the Future: Ep 4 - Double Visions
    Back to the Future: Ep 5 - OUTATIME
    Balsamiq Mockups For Desktop
    Banished
    Bastion
    Batman: Arkham City™
    Batman™: Arkham Origins Blackgate - Deluxe Edition
    Battle Group 2
    Battle Mages: Sign of Darkness
    BattleBlock Theater
    Battlefield 3™
    Battlefield 4™
    Battlefield 4™ Beta
    Battlelog Web Plugins
    Ben There, Dan That!
    Beyond Divinity
    BioShock
    BioShock 2
    BitRaider Web Client
    Blackguards
    Blockland
    BloodNet
    BlueStacks Notification Center
    Blur
    Bonjour
    Bot Colony
    Bound By Flame
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Braid
    Breach
    Breach & Clear
    Bridge Constructor
    Bridge It (plus)
    Bridge Project
    BRINK
    Brütal Legend
    Brothers - A Tale of Two Sons
    BufferChm
    Bulk Rename Utility 2.7.1.2
    Bus Driver
    calibre
    Call of Duty: Advanced Warfare
    Call of Duty: Advanced Warfare - Multiplayer
    Call of Juarez
    Call of Juarez Gunslinger
    Call of Juarez: Bound in Blood
    Call of Juarez: The Cartel
    Car Mechanic Simulator 2014
    Carmageddon: Reincarnation
    Cars 2
    Cars Toon
    Castle Crashers
    CDisplay 1.8
    CDisplayEx 1.9.11
    Cisco WebEx Meetings
    Citadels
    Cities in Motion
    Cities in Motion 2
    Citrix Online Launcher
    Clockwork Tales: Of Glass and Ink
    Combat
    CombatLoader
    Commandos 2: Men of Courage
    Commandos 3: Destination Berlin
    Commandos: Behind Enemy Lines
    Commandos: Beyond the Call of Duty
    CONSORTIUM
    Contagion
    ControlCenter
    Core Temp version 0.99.7
    CPUID CPU-Z 1.66.1
    Crazy Machines
    Creative System Information
    Creeper World 3: Arc Eternal
    Crusader Kings II
    Crysis
    CT Special Forces: Fire for Effect
    CutePDF Writer 3.0
    CyberLink BD Advisor 2.0
    CyberLink Blu-ray Disc Suite
    CyberLink LabelPrint
    CyberLink LG Burning Tool
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink PowerProducer
    CyberLink YouCam
    D3DX10
    Damnation
    Darkest Hour: Europe '44-'45
    DarkStar One
    Data Hacker: Initiation
    Dead Island
    Dead Island Riptide
    Dead Rising 2
    Dead Rising 2: Off the Record
    Dead Rising 3
    Dead Space™
    Dead State
    Deadly 30
    Deadly Sin 2
    Deadpool
    Deep Black : Reloaded
    Deer Drive
    Defiance
    DefianceRuntimes
    Demolition Master 3D
    Deponia
    Desperados - Wanted Dead or Alive
    Desperados 2: Cooper’s Revenge
    Destinations
    DeviceDiscovery
    DiRT 3
    Dishonored
    Disney Planes
    DisplayFusion 7.0
    Divine Divinity
    Divinity II: Developer's Cut
    DocMgr
    DocProc
    Doctor Who: The Eternity Clock
    Door Kickers
    doubleTwist Sync
    Dracula 4 and 5 - Special Steam Edition
    Dream
    Dropbox
    DuckTales Remastered
    DUNGEONS - Steam Special Edition
    Dungeons: The Eye of Draconus
    DVD-Cloner V10.00 Build 1200
    Dwarfs!?
    Dyn Updater
    DYNASTY WARRIORS 8: Xtreme Legends Complete Edition
    Eador. Genesis
    Eador. Masters of the Broken World
    Earth 2160
    East India Company
    East India Company: Battle of Trafalgar
    East India Company: Pirate Bay
    East India Company: Privateer
    Elder Kings CK2 Total Conversion
    Emergency 2014
    Emergency 3
    Emergency 5 - Deluxe Edition
    Enclave
    Endless Legend
    Enforcer: Police Crime Action
    ESN Sonar
    Euro Truck Simulator
    Evil Genius
    Evolve
    Expeditions: Conquistador
    f.lux
    F1 2013
    Fable - The Lost Chapters
    Face Noir
    Fallout 3 - Game of the Year Edition
    Fallout: New Vegas
    Far Cry 4
    Farming World
    FarSky
    Fax
    FileZilla Client 3.8.1
    Firefighters 2014
    FlatOut
    FlatOut 2
    Flatout 3
    FlatOut: Ultimate Carnage
    Floe IRC Client
    Folk Tale
    Foreign Legion: Buckets of Blood
    Foxit Cloud
    Foxit Reader
    Franchise Hockey Manager 2014
    Fraps (remove only)
    Freedom Fall
    Freespace 2
    FX Football - The Manager for Every Football Fan
    Galactic Arms Race
    Galactic Civilizations II: Ultimate Edition
    Galaxy on Fire 2™ Full HD
    Game Dev Tycoon
    Ghostbusters: The Video Game
    Gizmo Central
    Glyph
    Gnomoria
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 6.4.8.2093
    GPBaseService2
    Grand Theft Auto IV
    Grand Theft Auto V - The Manual
    Gunpoint
    Gunship!
    Hack 'n' Slash
    HAL 9000 [Console] Advanced Flat Screen Saver
    HAL 9000 [Console] Advanced Shaded Screen Saver
    HAL 9000 [Full Screen] Advanced Flat Screen Saver
    HAL 9000 [Full Screen] Advanced Screen Saver
    HAL 9000 [Full Screen] Advanced Shaded Screen Saver
    HandBrake 0.9.9.1
    Hard Truck Apocalypse / Ex Machina
    HD Tune Pro 5.50
    HE Auto Launcher
    Heavy Fire: Afghanistan
    Hector: Ep 1
    Hector: Ep 2
    Hector: Ep 3
    Heli Heroes
    Helicopter Simulator 2014: Search and Rescue
    Hi-Rez Studios Authenticate and Update Service
    Hitman 2: Silent Assassin
    Hitman: Absolution
    Hitman: Blood Money
    Hitman: Codename 47
    Hospital Tycoon
    Hotel Collectors Edition
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPDiagnosticAlert
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    Hydrophobia: Prophecy
    I Shall Remain
    Icewind Dale Complete
    iCloud
    IndieVolume 3.5.99.171
    Influent
    Injustice: Gods Among Us Ultimate Edition
    Installer
    Intel(R) Network Connections 19.0.27.0
    Intel® Watchdog Timer Driver (Intel® WDT)
    International Snooker
    Internet Explorer Proxy Monitor 1.0
    Invisible, Inc.
    IP Camera Viewer 1.0
    Iron Grip: Warlord
    Iron Sky Invasion
    iTunes
    iZotope Vinyl
    J4500
    Jack Keane
    Jagged Alliance - Back in Action
    Jagged Alliance Gold
    Java 7 Update 67
    Java 7 Update 67 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 67 (64-bit)
    Jet Car Stunts
    join.me
    Joint Task Force
    Jurassic Park: The Game
    Kane & Lynch 2: Dog Days
    Kane & Lynch: Dead Men
    Kaptain Brawe
    Keeper Password & Data Vault
    Kenshi
    Kerbal Space Program
    Killer is Dead
    Killing Floor
    Killing Floor Mod: Defence Alliance 2
    Kinetic Void
    King Arthur II - The Role-playing Wargame
    Knytt Underground
    Kung Fu Strike: The Warrior's Rise
    L.A. Noire
    Law & Order: Legacies
    League of Legends
    LEGO - The Hobbit
    LEGO Batman 2
    LEGO Batman: The Videogame
    LEGO Lord of the Rings
    LEGO MARVEL Super Heroes
    Lego Star Wars Saga
    LEGO® Pirates of the Caribbean The Video Game
    LG Tool Kit
    LG USB Modem driver
    Lichdom: Battlemage
    Life is Feudal: Your Own
    Lifeless Planet
    LightScribe System Software
    Logitech Gaming Software
    Logitech Gaming Software 8.57
    LogMeIn Rescue Technician Console
    Lost Planet 3
    m05 SurveillanceSaver 1.0
    Maelstrom
    Mafia
    Mafia II
    Magic ISO Maker v5.5 (build 0281)
    MakeMKV v1.8.9
    Malwarebytes Anti-Malware version 2.0.4.1028
    Mare Nostrum
    Mark of the Ninja
    MarketResearch
    Mars: War Logs
    Marvel Heroes
    marvell 91xx driver
    MechWarrior Online
    Medal of Honor: Airborne
    MediaCoder x64 0.8.30.5622
    Mercenaries 2 World in Flames™
    METAL GEAR RISING: REVENGEANCE
    Metro 2033 Redux
    Metro: Last Light
    Metro: Last Light Redux
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Garage Mouse without Borders
    Microsoft Lync 2010
    Microsoft Office 365 ProPlus - en-us
    Microsoft OneDrive for Business 2013 - en-us
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Virtual PC 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Xbox 360 Accessories 1.2
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0 Refresh
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Middle-earth: Shadow of Mordor
    Minion
    mIRC
    MKVToolNix 7.0.0 (64bit)
    Monaco
    Monday Night Combat
    MotoCast
    MOTOROLA MEDIA LINK
    Mount & Blade: Warband
    Movie Maker
    Mozilla Firefox 32.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSI Afterburner 4.0.0
    MSI Kombustor 2.5.0
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    Multi Timer 3.6
    MURDERED: SOUL SUSPECT™
    MuseScore 1.3
    MyFreeCodec
    Natural Selection 2
    Nether
    Nikopol: Secrets of the Immortals
    NirSoft ShellExView
    Nosgoth
    Notepad++
    NVIDIA 3D Vision Controller Driver 344.75
    NVIDIA 3D Vision Driver 344.75
    NVIDIA Control Panel 344.75
    NVIDIA GeForce Experience 2.1.4
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 344.75
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX (Legacy)
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 16.13.65
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 16.13.65
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.26
    NVMS5 Standard Edition
    OCR Software by I.R.I.S. 13.0
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Officejet J4500 Series
    Omerta - City of Gangsters
    Only If
    OnTopReplica
    Open Broadcaster Software
    Open DVD Ripper 3.30 Build 507
    OpenAL
    Orbital Gear
    Orborun
    Origin
    Out of the Park Baseball 14
    Pando Media Booster
    Pandora
    Papers, Please
    Path of Exile
    Patrician III
    PAYDAY 2
    PDF Settings CS5
    PeerBlock 1.2 (r693)
    Pepakura Designer 3
    Pepakura Viewer 3
    Photo Common
    Photo Gallery
    Pirates Of The Burning Sea
    Pirates of the Caribbean - At Worlds End
    Pirates! Gold Plus (Classic)
    Plague Inc: Evolved
    Planet Explorers
    Planet Stronghold
    Planetary Annihilation
    PlanetSide 2
    PlayLater
    PlayOn
    Plex Home Theater
    Plex Media Server
    Poker Night 2
    Poker Night at the Inventory
    Police Destruction Street
    Police Simulator 2
    Pool Nation
    Post Mortem
    Power CD+G Burner 2
    Power SCDG Ripper
    Praetorians
    Pressure
    Prison Architect
    ProductContext
    Proxy Switcher
    PunkBuster Services
    Puzzle Agent
    Puzzle Agent 2
    PxMergeModule
    Quantum Conundrum
    QuickTime 7
    R.I.P.D.: The Game
    Rage Runner
    Raptr
    Rapture3D 2.4.8 Game
    Real Heroes Firefighter
    RealDownloader
    Realms of Arkania: Blade of Destiny
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer Cloud
    RealUpgrade 1.1
    Recovery Search and Rescue Simulation
    Red Orchestra 2: Heroes of Stalingrad
    Red Orchestra 2: Heroes of Stalingrad Beta
    Red Orchestra: Ostfront 41-45
    Rescue: Everyday Heroes
    Residue: Final Cut
    Return to Mysterious Island
    Return to Mysterious Island 2
    Rex Nebular and the Cosmic Gender Bender
    Riot Police
    Risen 3 - Titan Lords
    RivaTuner Statistics Server 6.2.0
    RoboBasket3
    Rocksmith 2014
    Rome: Total War
    Rulers of Nations
    Rust
    Sacred 2 Gold
    Sacred 3
    Saints Row IV
    salesforce.com Data Loader
    Sam & Max 101: Culture Shock
    Sam & Max 102: Situation: Comedy
    Sam & Max 103: The Mole, the Mob and the Meatball
    Sam & Max 104: Abe Lincoln Must Die!
    Sam & Max 105: Reality 2.0
    Sam & Max 106: Bright Side of the Moon
    Sam & Max 201: Ice Station Santa
    Sam & Max 202: Moai Better Blues
    Sam & Max 203: Night of the Raving Dead
    Sam & Max 204: Chariots of the Dogs
    Sam & Max 205: What's New Beelzebub?
    Sam & Max 301: The Penal Zone
    Sam & Max 302: The Tomb of Sammun-Mak
    Sam & Max 303: They Stole Max's Brain!
    Sam & Max 304: Beyond the Alley of the Dolls
    Sam & Max 305: The City that Dares not Sleep
    SamLogic USB Supervisor
    Samsung Kies
    Samsung Kies3
    Samsung Story Album Viewer
    SAMSUNG USB Driver for Mobile Phones
    Saturday Morning RPG
    Scan
    Scania Truck Driving Simulator
    Scratches: Director's Cut
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Sentinel 3: Homeworld
    Shadow Ops: Red Mercury
    Shadowrun Online
    Shadowrun Returns
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    Ship Simulator Extremes
    Ship Simulator: Maritime Search and Rescue
    Shop for HP Supplies
    Sid Meier's Colonization (Classic)
    Sid Meier's Covert Action (Classic)
    Sine Mora
    Ski Region Simulator
    Skyborn
    SkyDrift
    Skype Click to Call
    Skype for Salesforce Basic Edition
    Skype™ 7.0
    Slave Zero
    Smart Technology Programming Software 7.0.24.8
    SmartWebPrinting
    Smite
    Sniper Elite 3
    Sniper Ghost Warrior 2
    Sniper: Ghost Warrior
    SolutionCenter
    Sound Blaster Audigy 5_Audigy Rx
    Space Empires IV Deluxe
    Space Engineers
    Space Trader: Merchant Marine
    Spacebase DF-9
    Spec Ops: The Line
    Speccy
    Speed Kills
    Speedball 2 HD
    SpeedFan (remove only)
    Spelunky
    Spintires
    Splashtop Personal
    Splashtop Software Updater
    Splashtop Streamer
    Spore
    Spore: Creepy & Cute Parts Pack
    Spore: Galactic Adventures
    Spotify
    Star Conflict
    StarDrive
    StarForge Alpha
    State of Decay
    Status
    Steam
    Steel Storm: Burning Retribution
    Still Life
    Still Life 2
    Strike Suit Infinity
    Strike Suit Zero
    Strong Bad Episode 1: Homestar Ruiner
    Strong Bad Episode 2: Strong Badia the Free
    Strong Bad Episode 3: Baddest of the Bands
    Strong Bad Episode 4: Dangeresque 3
    Strong Bad Episode 5: 8-Bit Is Enough
    SUABnR
    Super Monday Night Combat
    Supreme Commander
    Supreme Commander: Forged Alliance
    SWAT 4
    SWAT 4 - The Stetchkov Syndicate
    Swift Elite 1.0 Release 1.012
    Sword of the Samurai
    Syder Arcade
    System Requirements Lab for Intel
    Take On Helicopters
    Taxi
    TeamSpeak 3 Client
    TeamViewer 9
    Telltale Texas Hold'Em
    Tesla Effect
    The 39 Steps
    The Ball
    The Cat Lady
    The Chronicles of Narnia - Prince Caspian
    The Crew
    The Dark Eye: Chains of Satinav
    The Elder Scrolls Online
    The Few
    The Incredible Adventures of Van Helsing
    The LEGO® Movie - Videogame
    The Mighty Quest For Epic Loot
    The Red Solstice
    The Saboteur™
    The Ship
    The Ship Single Player
    The Ship Tutorial
    The Stanley Parable
    The Swapper
    The Testament of Sherlock Holmes
    The Walking Dead
    The Walking Dead: Season Two
    The Witcher 2: Assassins of Kings Enhanced Edition
    The Wolf Among Us
    theHunter
    theRenamer 7.68
    Thief
    This War of Mine
    Thunder Wolves
    Tidalis
    Time Gentlemen, Please!
    Titanfall™
    Tixati
    Tom Clancy's Splinter Cell Blacklist
    Tom Clancy's Splinter Cell: Conviction
    Toolbox
    Total Pro Golf 3
    Toy Story 3
    Toy Story Mania
    TrayApp
    Trials Fusion
    Tron 2.0
    TRON: Evolution
    Tropico 3 - Steam Special Edition
    Tropico 4
    Trucks & Trailers
    Under the Ocean
    Unity Web Player
    UpdateService
    Uplay
    Urban Trial Freestyle
    USB Multi-Channel Audio Device
    USBFast
    Vector
    Velvet Assassin
    Verizon Wireless Software Upgrade Assistant - Samsung(ar)
    Verizon Wireless Software Utility Application for Android - Samsung
    Viking: Battle for Asgard
    VST Bridge 1.1
    War Thunder
    Warframe
    Wargame: AirLand Battle
    Warhammer 40,000 Space Marine
    Wasteland 1 - The Original Classic
    Wasteland 2
    Watchmen: The End Is Nigh
    Watchmen: The End Is Nigh Part 2
    WebReg
    WinCDG Pro 3.0 Release 3.0
    Windows 7 Codec Pack 4.0.9
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    Wing Commander III
    WinPcap 4.0.2
    WinRAR archiver
    Woodcutter Simulator 2013
    Workspace Desktop
    World Basketball Tycoon
    ZViewer version 1.0.1.31
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/18/2014 8:46:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SDHookDriver
    12/18/2014 8:46:26 AM, Error: Service Control Manager [7022] - The AsusFanControlService service hung on starting.
    12/18/2014 8:44:59 AM, Error: Microsoft-Windows-IIS-W3SVC [1004] - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.
    12/18/2014 8:44:59 AM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
    12/18/2014 8:44:58 AM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    12/18/2014 8:43:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
    12/18/2014 8:43:44 AM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/18/2014 8:42:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Mouse without Borders Service service to connect.
    12/18/2014 8:42:59 AM, Error: Service Control Manager [7000] - The Mouse without Borders Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/18/2014 8:41:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DisplayFusionService service to connect.
    12/18/2014 8:41:29 AM, Error: Service Control Manager [7000] - The DisplayFusionService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/15/2014 12:43:01 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    12/15/2014 12:36:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SDHookDriver
    12/15/2014 12:33:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVMS-SRV-CMS service to connect.
    12/15/2014 12:33:59 PM, Error: Service Control Manager [7000] - The NVMS-SRV-CMS service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/12/2014 4:21:57 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 552.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  5. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    RogueKiller Step:

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : KnightCat [Administrator]
    Mode : Delete -- Date : 12/18/2014 21:37:31

    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] workspaceupdate.exe -- C:\Users\KnightCat\AppData\Local\Workspace\workspaceupdate.exe[7] -> Killed [TermProc]
    [Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys[x] -> Stopped

    ¤¤¤ Registry : 22 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\KnightCat\AppData\Local\Workspace\workspacestatus.exe" [7] -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\KnightCat\AppData\Local\Workspace\workspaceupdate.exe" [7] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Run | Workspace Status : "C:\Users\KnightCat\AppData\Local\Workspace\workspacestatus.exe" -> ERROR [2]
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Run | Starfield Updater : "C:\Users\KnightCat\AppData\Local\Workspace\workspaceupdate.exe" -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\programdata\bitraider\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\programdata\bitraider\BRSptSvc.exe") -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.0.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\programdata\bitraider\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\programdata\bitraider\BRSptSvc.exe") -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.0.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\programdata\bitraider\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\programdata\bitraider\BRSptSvc.exe") -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.0.0 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe) -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] Verizon Wireless Software Utility Application for Android – Samsung.lnk -- C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\Verizon Wireless Software Utility Application for Android – Samsung.lnk [LNK@] C:\Users\KNIGHT~1\AppData\Roaming\VERIZON\UA_ar\UA.exe -> Deleted

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] ewzku24u.Seth : user_pref("browser.startup.homepage", "http://mysearch.avg.com?cid={9BD985...g&cmpid=&pr=sa&d=&v=&pid=safeguard&sg=&sap=hp"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD40EZRX-00SPEB0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST4000DM000-1F2168 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: WDC WD5000AAKX-083CA0 ATA Device +++++
    --- User ---
    [MBR] e02cc8630810cd7d615049244ed6712e
    [BSP] a8b080c376ca9f15c156d8dfefe74914 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: WDC WD2002FAEX-007BA0 ATA Device +++++
    --- User ---
    [MBR] 0086f36f0b7bc8b257f89fc226376c3d
    [BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive4: Generic Storage Device USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_12182014_213542.log
     
  6. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    Malwarebytes Anti-Rootkit BETA 1.08.2.1001
    www.malwarebytes.org

    Database version: v2014.12.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17420
    KnightCat :: KNIGHTCAT-PC [administrator]

    12/18/2014 9:42:35 PM
    mbar-log-2014-12-18 (21-42-35).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 407125
    Time elapsed: 22 minute(s), 1 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    -------------------------------------------------------------------------------------------------

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17420

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED
    CPU speed: 3.302000 GHz
    Memory total: 34297122816, free: 26115735552

    Downloaded database version: v2014.12.19.01
    Downloaded database version: v2014.12.14.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    12/18/2014 21:42:23
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\aswNdisFlt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\SysWOW64\speedfan.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\system32\drivers\aswKbd.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \??\C:\Windows\system32\Drivers\vmm.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\GizmoDrv.SYS
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\SysWow64\drivers\AsUpIO.sys
    \SystemRoot\SysWow64\drivers\AsIO.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\e1c62x64.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\drivers\ctaud2k.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\ctoss2k.sys
    \SystemRoot\system32\drivers\ctprxy2k.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\asmtxhci.sys
    \SystemRoot\system32\DRIVERS\1394ohci.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\ICCWDT.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\VMNetSrv.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\drivers\povrtdev.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\SaiBus.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\drivers\LGBusEnum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\SaiMini.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\DRIVERS\asmthub3.sys
    \SystemRoot\SysWow64\drivers\ASUSFILTER.sys
    \SystemRoot\system32\drivers\hap17v2k.sys
    \SystemRoot\system32\drivers\ha10kx2k.sys
    \SystemRoot\system32\drivers\emupia2k.sys
    \SystemRoot\system32\drivers\ctsfm2k.sys
    \SystemRoot\system32\drivers\ctac32k.sys
    \SystemRoot\System32\drivers\COMMONFX.SYS
    \SystemRoot\System32\drivers\CTSBLFX.SYS
    \SystemRoot\System32\drivers\CTAUDFX.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\DRIVERS\SaiU1708.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\SaiK1708.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\LGPBTDD.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    \??\C:\Program Files (x86)\IndieVolume\IndieVolume.DRV.x64.sys
    \SystemRoot\system32\drivers\LGVirHid.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\usbscan.sys
    \SystemRoot\system32\DRIVERS\usbprint.sys
    \SystemRoot\system32\DRIVERS\dot4usb.sys
    \SystemRoot\system32\DRIVERS\Dot4.sys
    \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa801c09a060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000bc\
    Lower Device Object: 0xfffffa801c005650
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa801a816790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP11T0L0-b\
    Lower Device Object: 0xfffffa801a5ca060
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa801a810790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP10T0L0-9\
    Lower Device Object: 0xfffffa801a5ac060
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa801a80a790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP13T0L0-d\
    Lower Device Object: 0xfffffa801a592060
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa801a804790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP12T0L0-c\
    Lower Device Object: 0xfffffa801a587060
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa801a810790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa801a75d990, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa801a810790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801a5ac060, DeviceName: \Device\Ide\IdeDeviceP10T0L0-9\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa801a804790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa801a8042c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa801a804790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801a587060, DeviceName: \Device\Ide\IdeDeviceP12T0L0-c\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 0

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 198261298
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34 LastUsableLba 7814037134
    GPT Header Guid 639180aa-d258-4739-87a3-f2f6535e7213
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 198261298
    Backup GPT header CurrentLba = 7814037167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 7814037134
    Backup GPT header Guid 639180aa-d258-4739-87a3-f2f6535e7213
    Backup GPT header Contains 128 partition entries starting at LBA 7814037135
    Backup GPT header Partition entry size = 128

    Partition 0 Type 5808c8aa-7e8f-42e0-85d2-e1e9434cfb3
    Partition ID ebc4b79a-1383-11e4-97fc-0272237fb8
    FirstLBA 34 Last LBA 2081
    Attributes 0
    Partition Name LDM metadata partition

    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID ac2fb8-fa05-467c-ae1f-2ed5731514d1
    FirstLBA 2082 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 2 Type af9b60a0-1431-4f62-bc68-3311714a69ad
    Partition ID ebc4b7a9-1383-11e4-97fc-0272237fb8
    FirstLBA 262178 Last LBA 7814037134
    Attributes 0
    Partition Name LDM data partition

    Disk Size: 4000787030016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa801a80a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa801a80a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa801a80a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801a592060, DeviceName: \Device\Ide\IdeDeviceP13T0L0-d\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 0

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2557766428
    GPT Header CurrentLba = 1 BackupLba 7814037167
    GPT Header FirstUsableLba 34 LastUsableLba 7814037134
    GPT Header Guid c02cb519-4251-425b-ab2f-9d373391543
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2557766428
    Backup GPT header CurrentLba = 7814037167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 7814037134
    Backup GPT header Guid c02cb519-4251-425b-ab2f-9d373391543
    Backup GPT header Contains 128 partition entries starting at LBA 7814037135
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9d6d7418-10d8-412e-9a4b-4f8ef5b2795
    FirstLBA 34 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 888a640a-a854-42f0-ab1e-7115f1d336bd
    FirstLBA 264192 Last LBA 7814035455
    Attributes 0
    Partition Name Basic data partition

    Disk Size: 4000787030016 bytes
    Sector size: 512 bytes

    Done!
    Drive 2
    This is a System drive
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: A60CB2D3

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 976564224

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa801a816790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa801a8162c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa801a816790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801a5ca060, DeviceName: \Device\Ide\IdeDeviceP11T0L0-b\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 0

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 780038172
    GPT Header CurrentLba = 1 BackupLba 3907029167
    GPT Header FirstUsableLba 34 LastUsableLba 3907029134
    GPT Header Guid 492d48e7-1388-4218-af32-6632f158ab5d
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 780038172
    Backup GPT header CurrentLba = 3907029167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 3907029134
    Backup GPT header Guid 492d48e7-1388-4218-af32-6632f158ab5d
    Backup GPT header Contains 128 partition entries starting at LBA 3907029135
    Backup GPT header Partition entry size = 128

    Partition 0 Type 5808c8aa-7e8f-42e0-85d2-e1e9434cfb3
    Partition ID ebc4b757-1383-11e4-97fc-0272237fb8
    FirstLBA 34 Last LBA 2081
    Attributes 0
    Partition Name LDM metadata partition

    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 95ab1a6-f158-4f9e-a2ca-695111f4e4f7
    FirstLBA 2082 Last LBA 262177
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 2 Type af9b60a0-1431-4f62-bc68-3311714a69ad
    Partition ID ebc4b769-1383-11e4-97fc-0272237fb8
    FirstLBA 262178 Last LBA 3907029134
    Attributes 0
    Partition Name LDM data partition

    Disk Size: 2000398934016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 0
    Drive: 4, DevicePointer: 0xfffffa801c09a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa801c09ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa801c09a060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa801c005650, DeviceName: \Device\000000bc\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
    Removal finished
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    ComboFix 14-12-14.01 - KnightCat 12/18/2014 23:29:42.1.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32708.26230 [GMT -6:00]
    Running from: c:\users\KnightCat\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_ctypes.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_elementtree.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_hashlib.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_multiprocessing.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_socket.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\_ssl.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\hashobjs_ext.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\pyexpat.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\pysqlite2._sqlite.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\python27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\pythoncom27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\PyWinTypes27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\select.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\unicodedata.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32api.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32com.shell.shell.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32crypt.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32event.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32file.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32gui.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32inet.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32pdh.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32pipe.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32process.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32profile.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32security.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\win32ts.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\windows._lib_cacheinvalidation.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._animate.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._controls_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._core_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._gdi_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._html2.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._misc_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._windows_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wx._wizard.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxbase294u_net_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxbase294u_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxmsw294u_adv_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxmsw294u_core_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxmsw294u_html_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI16922\wxmsw294u_webview_vc90.dll
    c:\users\KnightCat\AppData\Local\assembly\tmp
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_ctypes.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_elementtree.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_hashlib.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_multiprocessing.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_socket.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\_ssl.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\hashobjs_ext.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\pyexpat.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\pysqlite2._sqlite.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\python27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\pythoncom27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\PyWinTypes27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\select.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\unicodedata.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32api.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32com.shell.shell.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32crypt.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32event.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32file.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32gui.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32inet.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32pdh.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32pipe.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32process.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32profile.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32security.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\win32ts.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\windows._lib_cacheinvalidation.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._animate.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._controls_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._core_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._gdi_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._html2.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._misc_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._windows_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wx._wizard.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxbase294u_net_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxbase294u_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxmsw294u_adv_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxmsw294u_core_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxmsw294u_html_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI16922\wxmsw294u_webview_vc90.dll
    c:\users\KnightCat\Documents\~WRL0001.tmp
    c:\users\KnightCat\Documents\~WRL0003.tmp
    c:\users\KnightCat\Documents\~WRL0004.tmp
    c:\users\KnightCat\Documents\~WRL2750.tmp
    c:\users\KnightCat\Documents\~WRL3777.tmp
    c:\windows\SysWOW64\C2MP\TrayMenu.exe
    C:\Windows6.1-KB2528614-x64.msu
    C:\Windows6.1-KB979538-x64.msu
    F:\install.exe
    G:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-19 to 2014-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-19 04:24 . 2014-12-19 04:24 -------- d-----w- C:\found.000
    2014-12-19 03:42 . 2014-12-19 04:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-19 03:30 . 2014-12-19 03:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-19 03:30 . 2014-12-19 03:30 -------- d-----w- c:\programdata\RogueKiller
    2014-12-12 00:20 . 2014-12-12 00:20 -------- d-sh--w- c:\users\KnightCat\AppData\Local\EmieBrowserModeList
    2014-12-08 22:13 . 2014-12-08 22:13 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-12-08 22:13 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-12-08 22:12 . 2014-11-12 21:56 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-12-07 20:07 . 2014-12-07 20:07 -------- d-----w- c:\users\KnightCat\AppData\Local\Ubisoft
    2014-11-30 22:16 . 2014-11-30 22:17 -------- d-----w- c:\windows\system32\vbox
    2014-11-25 18:38 . 2014-11-25 18:38 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-25 18:38 . 2014-11-25 18:38 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-25 18:38 . 2014-11-25 18:38 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-11-20 03:49 . 2014-10-03 19:23 38216 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-11-20 03:49 . 2014-10-03 19:23 32584 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-11-19 12:57 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-19 12:57 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-19 12:57 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-11-19 12:57 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-11-19 12:57 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-19 12:57 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-19 12:57 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-19 03:42 . 2014-09-23 14:26 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-19 03:41 . 2014-09-23 14:26 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-16 09:10 . 2014-11-26 10:12 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBAA9514-9BB5-47F2-9355-8B0379F1719B}\offreg.dll
    2014-12-10 08:43 . 2013-04-08 22:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 08:43 . 2013-04-08 22:40 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-08 20:08 . 2014-12-08 20:08 98304 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2014-12-08 20:08 . 2014-12-08 20:08 24576 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2014-12-08 20:08 . 2014-12-08 20:08 1347584 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2014-11-25 18:39 . 2014-03-12 20:59 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-25 18:38 . 2014-05-07 19:24 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-25 18:38 . 2014-03-13 19:35 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-11-25 18:38 . 2014-03-13 19:32 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-25 18:38 . 2014-03-13 19:32 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-25 18:38 . 2014-03-12 21:00 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-11-25 18:38 . 2014-03-12 20:59 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-25 18:38 . 2014-03-12 20:59 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-25 18:38 . 2014-03-12 20:59 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-11-21 12:14 . 2014-09-23 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 12:14 . 2013-09-29 06:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-17 22:18 . 2014-04-16 04:57 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2014-11-13 00:20 . 2014-10-11 15:49 4011208 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2014-11-13 00:20 . 2014-08-18 04:08 11336432 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2014-11-13 00:20 . 2014-05-27 04:27 418112 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2014-11-13 00:20 . 2014-05-27 04:27 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-11-13 00:20 . 2014-05-27 04:27 18514616 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-11-13 00:20 . 2014-02-13 22:04 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-11-13 00:20 . 2014-02-13 22:04 3262784 ----a-w- c:\windows\system32\nvapi64.dll
    2014-11-13 00:20 . 2014-02-13 22:04 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
    2014-11-13 00:20 . 2014-02-13 22:04 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-11-13 00:20 . 2014-02-13 22:04 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-11-13 00:20 . 2013-03-14 16:41 74056 ----a-w- c:\windows\system32\OpenCL.dll
    2014-11-13 00:20 . 2013-03-14 16:41 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-11-12 21:56 . 2013-03-19 15:24 6897352 ----a-w- c:\windows\system32\nvcpl.dll
    2014-11-12 21:56 . 2013-03-19 15:24 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-11-12 21:56 . 2013-03-19 15:24 934032 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-11-12 21:56 . 2013-03-19 15:24 62608 ----a-w- c:\windows\system32\nvshext.dll
    2014-11-12 21:56 . 2013-03-19 15:24 386368 ----a-w- c:\windows\system32\nvmctray.dll
    2014-11-11 10:29 . 2013-03-19 15:24 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-11-07 23:47 . 2014-07-30 03:37 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2014-11-07 23:47 . 2014-07-30 03:37 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2014-11-07 23:47 . 2014-07-30 03:37 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2014-11-07 23:47 . 2014-07-30 03:37 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2014-11-07 19:49 . 2014-11-11 23:55 388272 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-06 17:06 . 2014-10-11 17:45 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-11-06 17:06 . 2014-10-11 17:45 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-11-06 17:06 . 2014-10-11 17:45 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-11-06 17:06 . 2014-10-11 17:45 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-11-06 04:04 . 2014-11-11 23:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-06 04:03 . 2014-11-11 23:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-06 04:03 . 2014-11-11 23:54 25110016 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-06 03:47 . 2014-11-11 23:55 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-06 03:46 . 2014-11-11 23:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-06 03:46 . 2014-11-11 23:54 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-06 03:44 . 2014-11-11 23:54 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-06 03:43 . 2014-11-11 23:55 2884096 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-06 03:36 . 2014-11-11 23:54 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-06 03:35 . 2014-11-11 23:55 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-06 03:31 . 2014-11-11 23:54 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-06 03:30 . 2014-11-11 23:54 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-06 03:30 . 2014-11-11 23:55 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-06 03:29 . 2014-11-11 23:54 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-06 03:28 . 2014-11-11 23:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-06 03:23 . 2014-11-11 23:54 6040064 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-06 03:20 . 2014-11-11 23:55 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-06 03:16 . 2014-11-11 23:54 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-06 03:13 . 2014-11-11 23:55 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-06 03:13 . 2014-11-11 23:55 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-06 03:12 . 2014-11-11 23:55 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-06 03:10 . 2014-11-11 23:54 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-06 03:07 . 2014-11-11 23:55 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-06 03:02 . 2014-11-11 23:54 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-06 03:00 . 2014-11-11 23:54 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-06 02:59 . 2014-11-11 23:55 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-11-06 02:58 . 2014-11-11 23:55 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-06 02:57 . 2014-11-11 23:55 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-06 02:42 . 2014-11-11 23:55 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-06 02:41 . 2014-11-11 23:55 716800 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-06 02:41 . 2014-11-11 23:55 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-06 02:39 . 2014-11-11 23:54 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-06 02:38 . 2014-11-11 23:55 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-06 02:30 . 2014-11-11 23:54 14390272 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-06 02:21 . 2014-11-11 23:55 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-06 02:21 . 2014-11-11 23:55 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-06 02:20 . 2014-11-11 23:55 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-06 02:17 . 2014-11-11 23:54 2365440 ----a-w- c:\windows\system32\wininet.dll
    2014-11-06 02:04 . 2014-11-11 23:55 1550336 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-06 01:53 . 2014-11-11 23:55 799232 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-06 01:52 . 2014-11-11 23:54 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-04 20:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-11-02 04:20 . 2014-11-22 05:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBAA9514-9BB5-47F2-9355-8B0379F1719B}\mpengine.dll
    2014-11-01 05:26 . 2014-03-18 20:44 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-10-25 01:57 . 2014-11-11 23:53 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-11 23:53 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-11 23:52 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-11 23:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-16 16:54 . 2014-11-02 02:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
    2014-10-16 16:54 . 2014-11-02 02:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
    2014-10-14 02:13 . 2014-11-11 23:55 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-11 23:52 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:09 . 2014-11-11 23:55 146432 ----a-w- c:\windows\system32\msaudite.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="f:\games\Steam2\steam.exe" [2014-12-17 1941696]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
    "IndieVolume"="c:\program files (x86)\IndieVolume\IndieVolume.GUI.exe" [2013-04-02 3736576]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2014-12-16 6780256]
    "Spotify Web Helper"="c:\users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-07 1245752]
    "f.lux"="c:\users\KnightCat\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
    "Lync"="c:\program files\Microsoft Office 15\root\office15\lync.exe" [2014-10-14 22672536]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-03 30872160]
    "GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2014-02-12 223640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-11 5227112]
    "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-01 832272]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2014-05-02 12117312]
    "USBsupervisor"="c:\program files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe" [2012-07-24 1634928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "AsioThk32Reg"="CTASIO.DLL" [2013-08-14 47104]
    "Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2014-12-08 55568]
    .
    c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
    OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-10-16 13759160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
    Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2014-2-12 223640]
    RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-6-6 1022048]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" blrun
    .
    2;2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [x]
    R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSstpt.sys [x]
    R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSumsc.sys [x]
    R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe;c:\programdata\bitraider\BRSptSvc.exe [x]
    R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
    R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
    R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
    R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
    R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 vl810filter;VL810 Filter Driver;c:\windows\system32\DRIVERS\vl810filter.sys;c:\windows\SYSNATIVE\DRIVERS\vl810filter.sys [x]
    R3 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    R4 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 GizmoDrv;Gizmo Device Driver; [x]
    S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
    S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
    S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
    S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [x]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
    S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
    S2 NVMS-SRV-CMS;NVMS-SRV-CMS;c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe cms.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe cms.cfg [x]
    S2 NVMS-SRV-DB;NVMS-SRV-DB;c:\program files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe;c:\program files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe [x]
    S2 NVMS-SRV-NRU;NVMS-SRV-NRU;c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe nru.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe nru.cfg [x]
    S2 NVMS-SRV-VTDU;NVMS-SRV-VTDU;c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg [x]
    S2 NVMS-SRV-WATCH;NVMS-SRV-WATCH;c:\program files (x86)\NVMS5 Standard Edition\bin\watch.exe;c:\program files (x86)\NVMS5 Standard Edition\bin\watch.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 ALSysIO;ALSysIO;c:\users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
    S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]
    S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]
    .
    .
     
  9. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - IndieVolumeDriver
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-08-16 18:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-11 13:32 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 08:43]
    .
    2014-12-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000.job
    - c:\program files (x86)\Citrix\GoToMeeting\2093\g2mupdate.exe [2014-12-14 19:09]
    .
    2014-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14 16:35]
    .
    2014-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14 16:35]
    .
    2014-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000Core.job
    - c:\users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-20 16:35]
    .
    2014-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000UA.job
    - c:\users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-20 16:35]
    .
    2014-12-18 c:\windows\Tasks\ReclaimerUpdateFiles_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    2014-12-19 c:\windows\Tasks\ReclaimerUpdateXML_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    2014-12-19 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-25 18:38 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2013-09-30 23:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2013-09-30 23:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-13 8757248]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: netflix.com
    Trusted Zone: sharepoint.com\digitalairstrike
    Trusted Zone: sharepoint.com\digitalairstrike-my
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
    DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.101/EDVR.CAB
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.99:5050/codebase/DVM_IPCam2.cab
    FF - ProfilePath - c:\users\KnightCat\AppData\Roaming\Mozilla\Firefox\Profiles\ewzku24u.Seth\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={9BD985C1-17C8-42F9-A24E-AF49663426DB}&mid=27cb2d8fe60c44d99f3c4bf7da99ecdb-b846aedc0b47d38eeafd9f7ca50187f504336a34&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=&v=&pid=safeguard&sg=&sap=hp
    FF - prefs.js: keyword.URL -
    FF - ExtSQL: !HIDDEN! 2013-03-18 20:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk - c:\windows\SysWOW64\C2MP\TrayMenu.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{090F4A60-3146-41B5-8584-297FBF7D5B59}"=hex:51,66,7a,6c,4c,1d,38,12,0e,49,1c,
    0d,74,7f,db,04,fa,92,6a,3f,ba,23,1f,4d
    "{6C8DB2EC-499B-4897-A784-0E3186C97E9D}"=hex:51,66,7a,6c,4c,1d,38,12,82,b1,9e,
    68,a9,07,f9,0d,d8,92,4d,71,83,97,3a,89
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    .
    [HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD302A77-B25E-445C-66C7-306CACA3680D}*]
    @Allowed: (Read) (RestrictedCode)
    "laifjhgpedfppaldlpabgefd"=hex:67,62,63,6b,6f,65,63,65,6a,63,61,6d,6a,63,65,61,
    6d,69,66,6a,6a,68,61,6b,61,61,6e,67,64,68,65,6c,69,67,68,70,67,6a,6d,66,69,\
    "lakficbpedfcjpdkgfpcdkam"=hex:67,62,63,6b,6f,65,63,65,6a,63,61,6d,6a,63,65,61,
    6d,69,66,6a,6a,68,61,6b,61,61,6e,67,64,68,65,6c,69,67,68,70,67,6a,6d,66,69,\
    "hahmkkemppijnamb"=hex:6c,61,69,6d,64,6c,65,62,6f,6e,6b,69,70,62,6d,6f,64,6a,
    6e,67,70,67,65,64,00,62
    "hahmkkemcplelfkb"=hex:6f,61,69,6d,62,6f,62,6b,69,64,6c,6e,6b,70,6a,6b,69,65,
    68,6e,63,6d,67,6f,6b,6b,6a,66,6d,65,00,00
    .
    [HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\SecuROM\License information*]
    "datasecu"=hex:68,a3,ad,90,e6,ea,ae,b9,43,ba,0f,59,16,18,d8,6b,28,92,b6,b3,e2,
    c4,3c,2d,14,75,4d,9e,cc,4e,b0,67,3a,7a,15,15,29,70,34,6f,ee,22,fb,1a,b0,8f,\
    "rkeysecu"=hex:62,bd,bb,85,07,50,b8,ac,78,8b,a1,60,51,63,29,d8
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:e0,62,c4,d4,8f,7f,89,66,96,01,d6,3f,e5,1d,fe,d4,1e,32,94,0e,4c,
    c5,34,24,70,f3,0e,98,4d,6f,43,10,52,fb,99,48,a0,63,12,1f,95,35,f6,8a,30,fc,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:e0,62,c4,d4,8f,7f,89,66,96,01,d6,3f,e5,1d,fe,d4,1e,32,94,0e,4c,
    c5,34,24,70,f3,0e,98,4d,6f,43,10,52,fb,99,48,a0,63,12,1f,95,35,f6,8a,30,fc,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    c:\program files (x86)\RivaTuner Statistics Server\RTSS.exe
    c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\windows\SysWOW64\srvany.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\KMService.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    f:\games\Steam2\bin\steamwebhelper.exe
    c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    c:\program files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    c:\program files\Logitech Gaming Software\Applets\LCDYT.exe
    c:\program files\Logitech Gaming Software\Applets\LCDMedia.exe
    c:\program files\Logitech Gaming Software\Applets\LCDWebCam.exe
    c:\users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\progra~2\Raptr\raptr.exe
    c:\progra~2\Raptr\raptr_im.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2014-12-19 00:18:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-12-19 06:18
    .
    Pre-Run: 102,638,997,504 bytes free
    Post-Run: 102,423,855,104 bytes free
    .
    - - End Of File - - 41C0628000F24CE6BC225415F5332CB9
    A36C5E4F47E84449FF07ED3517B43A31
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
    [HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD302A77-B25E-445C-66C7-306CACA3680D}*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  11. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    So I'm getting these now... The ASUS AI Suite is part of my Motherboard driver pack...

    upload_2014-12-20_7-20-35.png
     
  12. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    ComboFix 14-12-14.01 - KnightCat 12/19/2014 17:39:02.2.12 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32708.25161 [GMT -6:00]
    Running from: c:\users\KnightCat\Desktop\ComboFix.exe
    Command switches used :: c:\users\KnightCat\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_ctypes.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_elementtree.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_hashlib.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_multiprocessing.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_socket.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\_ssl.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\hashobjs_ext.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\pyexpat.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\pysqlite2._sqlite.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\python27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\pythoncom27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\PyWinTypes27.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\select.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\unicodedata.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32api.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32com.shell.shell.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32crypt.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32event.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32file.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32gui.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32inet.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32pdh.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32pipe.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32process.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32profile.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32security.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\win32ts.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\windows._lib_cacheinvalidation.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._animate.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._controls_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._core_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._gdi_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._html2.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._misc_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._windows_.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wx._wizard.pyd
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxbase294u_net_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxbase294u_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxmsw294u_adv_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxmsw294u_core_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxmsw294u_html_vc90.dll
    c:\users\KNIGHT~1\AppData\Local\Temp\_MEI36922\wxmsw294u_webview_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_ctypes.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_elementtree.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_hashlib.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_multiprocessing.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_socket.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\_ssl.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\hashobjs_ext.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\pyexpat.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\pysqlite2._sqlite.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\python27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\pythoncom27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\PyWinTypes27.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\select.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\unicodedata.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32api.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32com.shell.shell.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32crypt.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32event.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32file.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32gui.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32inet.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32pdh.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32pipe.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32process.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32profile.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32security.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\win32ts.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\windows._lib_cacheinvalidation.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._animate.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._controls_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._core_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._gdi_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._html2.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._misc_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._windows_.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wx._wizard.pyd
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxbase294u_net_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxbase294u_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxmsw294u_adv_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxmsw294u_core_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxmsw294u_html_vc90.dll
    c:\users\KnightCat\AppData\Local\Temp\_MEI36922\wxmsw294u_webview_vc90.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-20 to 2014-12-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-20 00:11 . 2014-12-20 00:11 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2014-12-20 00:11 . 2014-12-20 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-19 07:27 . 2014-12-19 23:43 -------- d-----w- c:\users\KnightCat\AppData\Local\DisplayFusion
    2014-12-19 07:04 . 2014-12-19 07:24 -------- d-----w- c:\users\KnightCat\AppData\Roaming\DisplayFusion
    2014-12-19 07:04 . 2014-12-19 07:04 -------- d-----w- c:\programdata\Binary Fortress Software
    2014-12-19 06:59 . 2014-12-19 06:59 -------- d-----w- c:\program files (x86)\DisplayFusion
    2014-12-19 04:24 . 2014-12-19 04:24 -------- d-----w- C:\found.000
    2014-12-19 03:42 . 2014-12-19 04:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-12-19 03:30 . 2014-12-19 03:30 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-19 03:30 . 2014-12-19 03:30 -------- d-----w- c:\programdata\RogueKiller
    2014-12-12 00:20 . 2014-12-12 00:20 -------- d-sh--w- c:\users\KnightCat\AppData\Local\EmieBrowserModeList
    2014-12-08 22:13 . 2014-12-08 22:13 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-12-08 22:13 . 2014-11-12 20:46 615624 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-12-08 22:12 . 2014-11-12 21:56 2559808 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-12-07 20:07 . 2014-12-07 20:07 -------- d-----w- c:\users\KnightCat\AppData\Local\Ubisoft
    2014-11-30 22:16 . 2014-11-30 22:17 -------- d-----w- c:\windows\system32\vbox
    2014-11-25 18:38 . 2014-11-25 18:38 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-25 18:38 . 2014-11-25 18:38 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-25 18:38 . 2014-11-25 18:38 449936 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
    2014-11-20 03:49 . 2014-10-03 19:23 38216 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-11-20 03:49 . 2014-10-03 19:23 32584 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-19 03:42 . 2014-09-23 14:26 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-19 03:41 . 2014-09-23 14:26 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-10 08:43 . 2013-04-08 22:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 08:43 . 2013-04-08 22:40 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-08 20:08 . 2014-12-08 20:08 98304 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
    2014-12-08 20:08 . 2014-12-08 20:08 24576 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
    2014-12-08 20:08 . 2014-12-08 20:08 1347584 ----a-w- c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
    2014-11-25 18:39 . 2014-03-12 20:59 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-11-25 18:38 . 2014-05-07 19:24 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-25 18:38 . 2014-03-13 19:35 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-11-25 18:38 . 2014-03-13 19:32 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-25 18:38 . 2014-03-13 19:32 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-25 18:38 . 2014-03-12 21:00 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-11-25 18:38 . 2014-03-12 20:59 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-25 18:38 . 2014-03-12 20:59 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-25 18:38 . 2014-03-12 20:59 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2014-11-21 12:14 . 2014-09-23 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-21 12:14 . 2013-09-29 06:20 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-17 22:18 . 2014-04-16 04:57 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2014-11-13 00:20 . 2014-10-11 15:49 4011208 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2014-11-13 00:20 . 2014-08-18 04:08 11336432 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2014-11-13 00:20 . 2014-05-27 04:27 418112 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
    2014-11-13 00:20 . 2014-05-27 04:27 20986592 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-11-13 00:20 . 2014-05-27 04:27 18514616 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-11-13 00:20 . 2014-02-13 22:04 989056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-11-13 00:20 . 2014-02-13 22:04 3262784 ----a-w- c:\windows\system32\nvapi64.dll
    2014-11-13 00:20 . 2014-02-13 22:04 31893136 ----a-w- c:\windows\system32\nvoglv64.dll
    2014-11-13 00:20 . 2014-02-13 22:04 2874456 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-11-13 00:20 . 2014-02-13 22:04 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-11-13 00:20 . 2013-03-14 16:41 74056 ----a-w- c:\windows\system32\OpenCL.dll
    2014-11-13 00:20 . 2013-03-14 16:41 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-11-12 21:56 . 2013-03-19 15:24 6897352 ----a-w- c:\windows\system32\nvcpl.dll
    2014-11-12 21:56 . 2013-03-19 15:24 3534152 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-11-12 21:56 . 2013-03-19 15:24 934032 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-11-12 21:56 . 2013-03-19 15:24 62608 ----a-w- c:\windows\system32\nvshext.dll
    2014-11-12 21:56 . 2013-03-19 15:24 386368 ----a-w- c:\windows\system32\nvmctray.dll
    2014-11-11 10:29 . 2013-03-19 15:24 4100776 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-11-11 03:08 . 2014-11-19 12:57 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-19 12:57 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-11-19 12:57 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-19 12:57 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-11-07 23:47 . 2014-07-30 03:37 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2014-11-07 23:47 . 2014-07-30 03:37 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2014-11-07 23:47 . 2014-07-30 03:37 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2014-11-07 23:47 . 2014-07-30 03:37 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2014-11-07 19:49 . 2014-11-11 23:55 388272 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-11-06 17:06 . 2014-10-11 17:45 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-11-06 17:06 . 2014-10-11 17:45 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-11-06 17:06 . 2014-10-11 17:45 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-11-06 17:06 . 2014-10-11 17:45 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-11-06 04:04 . 2014-11-11 23:55 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-11-06 04:03 . 2014-11-11 23:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-11-06 04:03 . 2014-11-11 23:54 25110016 ----a-w- c:\windows\system32\mshtml.dll
    2014-11-06 03:47 . 2014-11-11 23:55 66560 ----a-w- c:\windows\system32\iesetup.dll
    2014-11-06 03:46 . 2014-11-11 23:55 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-11-06 03:46 . 2014-11-11 23:54 580096 ----a-w- c:\windows\system32\vbscript.dll
    2014-11-06 03:44 . 2014-11-11 23:54 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-11-06 03:43 . 2014-11-11 23:55 2884096 ----a-w- c:\windows\system32\iertutil.dll
    2014-11-06 03:36 . 2014-11-11 23:54 54784 ----a-w- c:\windows\system32\jsproxy.dll
    2014-11-06 03:35 . 2014-11-11 23:55 34304 ----a-w- c:\windows\system32\iernonce.dll
    2014-11-06 03:31 . 2014-11-11 23:54 633856 ----a-w- c:\windows\system32\ieui.dll
    2014-11-06 03:30 . 2014-11-11 23:54 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-11-06 03:30 . 2014-11-11 23:55 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-11-06 03:29 . 2014-11-11 23:54 814080 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-11-06 03:28 . 2014-11-11 23:55 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-11-06 03:23 . 2014-11-11 23:54 6040064 ----a-w- c:\windows\system32\jscript9.dll
    2014-11-06 03:20 . 2014-11-11 23:55 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-11-06 03:16 . 2014-11-11 23:54 490496 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-11-06 03:13 . 2014-11-11 23:55 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-11-06 03:13 . 2014-11-11 23:55 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-11-06 03:12 . 2014-11-11 23:55 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-11-06 03:10 . 2014-11-11 23:54 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-11-06 03:07 . 2014-11-11 23:55 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-11-06 03:02 . 2014-11-11 23:54 199680 ----a-w- c:\windows\system32\msrating.dll
    2014-11-06 03:00 . 2014-11-11 23:54 92160 ----a-w- c:\windows\system32\mshtmled.dll
    2014-11-06 02:59 . 2014-11-11 23:55 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-11-06 02:58 . 2014-11-11 23:55 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-11-06 02:57 . 2014-11-11 23:55 316928 ----a-w- c:\windows\system32\dxtrans.dll
    2014-11-06 02:42 . 2014-11-11 23:55 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-06 02:41 . 2014-11-11 23:55 716800 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-11-06 02:41 . 2014-11-11 23:55 800768 ----a-w- c:\windows\system32\msfeeds.dll
    2014-11-06 02:39 . 2014-11-11 23:54 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-11-06 02:38 . 2014-11-11 23:55 2124288 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-11-06 02:30 . 2014-11-11 23:54 14390272 ----a-w- c:\windows\system32\ieframe.dll
    2014-11-06 02:21 . 2014-11-11 23:55 4298240 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-11-06 02:21 . 2014-11-11 23:55 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-11-06 02:20 . 2014-11-11 23:55 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-11-06 02:17 . 2014-11-11 23:54 2365440 ----a-w- c:\windows\system32\wininet.dll
    2014-11-06 02:04 . 2014-11-11 23:55 1550336 ----a-w- c:\windows\system32\urlmon.dll
    2014-11-06 01:53 . 2014-11-11 23:55 799232 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-11-06 01:52 . 2014-11-11 23:54 1892864 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-11-04 20:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-11-02 04:20 . 2014-11-22 05:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBAA9514-9BB5-47F2-9355-8B0379F1719B}\mpengine.dll
    2014-11-01 05:26 . 2014-03-18 20:44 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-10-25 01:57 . 2014-11-11 23:53 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-11 23:53 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-11 23:52 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-11 23:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-16 16:54 . 2014-11-02 02:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
    2014-10-16 16:54 . 2014-11-02 02:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-10-14 16:29 1729752 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="f:\games\Steam2\steam.exe" [2014-12-17 1941696]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]
    "IndieVolume"="c:\program files (x86)\IndieVolume\IndieVolume.GUI.exe" [2013-04-02 3736576]
    "Spotify Web Helper"="c:\users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-07 1245752]
    "f.lux"="c:\users\KnightCat\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
    "Lync"="c:\program files\Microsoft Office 15\root\office15\lync.exe" [2014-10-14 22672536]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-03 30872160]
    "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2014-12-16 6780256]
    "GoToAssist Remote Support Expert"="c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe" [2014-12-19 610888]
    "GizmoDriveDelegate"="c:\program files (x86)\Gizmo\gizmo.exe" [2014-02-12 223640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-11 5227112]
    "BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-05-01 832272]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2014-05-02 12117312]
    "USBsupervisor"="c:\program files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe" [2012-07-24 1634928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "AsioThk32Reg"="CTASIO.DLL" [2013-08-14 47104]
    "Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2014-12-08 55568]
    .
    c:\users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
    OneDrive for Business.lnk - c:\program files\Microsoft Office 15\root\office15\GROOVE.EXE /RunFolderSync /TrayOnly [2014-10-16 13759160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
    Gizmo.lnk - c:\program files (x86)\Gizmo\gizmo.exe /NoSplash /NoShow [2014-2-12 223640]
    RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-6-6 1022048]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" blrun
    .
    2;2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [x]
    R1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSstpt.sys [x]
    R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys;c:\windows\SYSNATIVE\DRIVERS\ASUSumsc.sys [x]
    R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\bitraider\BRSptSvc.exe;c:\programdata\bitraider\BRSptSvc.exe [x]
    R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
    R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
    R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
    R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
    R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS;c:\windows\SYSNATIVE\drivers\CTERFXFX.SYS [x]
    R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 vl810filter;VL810 Filter Driver;c:\windows\system32\DRIVERS\vl810filter.sys;c:\windows\SYSNATIVE\DRIVERS\vl810filter.sys [x]
    R3 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    R4 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
    S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 GizmoDrv;Gizmo Device Driver; [x]
    S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
    S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
    S2 Dyn Updater;Dyn Updater;c:\program files (x86)\Dyn Updater\DynUpSvc.exe;c:\program files (x86)\Dyn Updater\DynUpSvc.exe [x]
    S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe;c:\program files (x86)\Workspace\offSyncService.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S2 Gizmo Central;Gizmo Central;c:\program files (x86)\Gizmo\gservice.exe;c:\program files (x86)\Gizmo\gservice.exe [x]
    S2 IndieVolumeService;IndieVolume Service;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe;c:\program files (x86)\IndieVolume\IndieVolume.SVC.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe;c:\program files (x86)\MediaMall\MediaMallServer.exe [x]
    S2 NVMS-SRV-CMS;NVMS-SRV-CMS;c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe cms.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe cms.cfg [x]
    S2 NVMS-SRV-DB;NVMS-SRV-DB;c:\program files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe;c:\program files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe [x]
    S2 NVMS-SRV-NRU;NVMS-SRV-NRU;c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe nru.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe nru.cfg [x]
    S2 NVMS-SRV-VTDU;NVMS-SRV-VTDU;c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg;c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe vtdu.cfg [x]
    S2 NVMS-SRV-WATCH;NVMS-SRV-WATCH;c:\program files (x86)\NVMS5 Standard Edition\bin\watch.exe;c:\program files (x86)\NVMS5 Standard Edition\bin\watch.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 ALSysIO;ALSysIO;c:\users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS;c:\windows\SYSNATIVE\drivers\COMMONFX.SYS [x]
    S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS;c:\windows\SYSNATIVE\drivers\CTAUDFX.SYS [x]
    S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS;c:\windows\SYSNATIVE\drivers\CTSBLFX.SYS [x]
    S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
    S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]
    S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NAL
    *Deregistered* - IndieVolumeDriver
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-08-16 18:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-11 13:32 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-08 08:43]
    .
    2014-12-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000.job
    - c:\program files (x86)\Citrix\GoToMeeting\2093\g2mupdate.exe [2014-12-14 19:09]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14 16:35]
    .
    2014-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14 16:35]
    .
    2014-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000Core.job
    - c:\users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-20 16:35]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000UA.job
    - c:\users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-20 16:35]
    .
    2014-12-18 c:\windows\Tasks\ReclaimerUpdateFiles_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    2014-12-19 c:\windows\Tasks\ReclaimerUpdateXML_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    2014-12-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_KnightCat.job
    - c:\users\KnightCat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.03\agent\rnupgagent.exe [2014-11-16 23:31]
    .
    .
     
  13. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-10-14 18:27 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-25 18:38 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
    @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
    2013-09-30 23:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
    @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
    [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
    2013-09-30 23:20 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-10-13 8757248]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: netflix.com
    Trusted Zone: sharepoint.com\digitalairstrike
    Trusted Zone: sharepoint.com\digitalairstrike-my
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
    DPF: {688C8675-1834-48FA-9DEF-4755CEFB9EDE} - hxxp://192.168.1.101/EDVR.CAB
    DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.1.99:5050/codebase/DVM_IPCam2.cab
    FF - ProfilePath - c:\users\KnightCat\AppData\Roaming\Mozilla\Firefox\Profiles\ewzku24u.Seth\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={9BD985C1-17C8-42F9-A24E-AF49663426DB}&mid=27cb2d8fe60c44d99f3c4bf7da99ecdb-b846aedc0b47d38eeafd9f7ca50187f504336a34&lang=en&ds=ag011&coid=avgtbdisag&cmpid=&pr=sa&d=&v=&pid=safeguard&sg=&sap=hp
    FF - prefs.js: keyword.URL -
    FF - ExtSQL: !HIDDEN! 2013-03-18 20:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
    55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
    03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
    "{090F4A60-3146-41B5-8584-297FBF7D5B59}"=hex:51,66,7a,6c,4c,1d,38,12,0e,49,1c,
    0d,74,7f,db,04,fa,92,6a,3f,ba,23,1f,4d
    "{6C8DB2EC-499B-4897-A784-0E3186C97E9D}"=hex:51,66,7a,6c,4c,1d,38,12,82,b1,9e,
    68,a9,07,f9,0d,d8,92,4d,71,83,97,3a,89
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    .
    [HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD302A77-B25E-445C-66C7-306CACA3680D}*]
    "laifjhgpedfppaldlpabgefd"=hex:67,62,63,6b,6d,65,6d,65,6a,6d,63,6a,6e,6a,67,6f,
    69,65,65,67,65,64,61,6b,61,64,6d,65,68,69,6b,6f,70,63,6d,6c,68,66,69,68,6d,\
    "lakficbpedfcjpdkgfpcdkam"=hex:67,62,63,6b,6d,65,6d,65,6a,6d,63,6a,6e,6a,67,6f,
    69,65,65,67,65,64,61,6b,61,64,6d,65,68,69,6b,6f,70,63,6d,6c,68,66,69,68,6d,\
    .
    [HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\SecuROM\License information*]
    "datasecu"=hex:68,a3,ad,90,e6,ea,ae,b9,43,ba,0f,59,16,18,d8,6b,28,92,b6,b3,e2,
    c4,3c,2d,14,75,4d,9e,cc,4e,b0,67,3a,7a,15,15,29,70,34,6f,ee,22,fb,1a,b0,8f,\
    "rkeysecu"=hex:62,bd,bb,85,07,50,b8,ac,78,8b,a1,60,51,63,29,d8
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:e0,62,c4,d4,8f,7f,89,66,96,01,d6,3f,e5,1d,fe,d4,1e,32,94,0e,4c,
    c5,34,24,70,f3,0e,98,4d,6f,43,10,52,fb,99,48,a0,63,12,1f,95,35,f6,8a,30,fc,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:e0,62,c4,d4,8f,7f,89,66,96,01,d6,3f,e5,1d,fe,d4,1e,32,94,0e,4c,
    c5,34,24,70,f3,0e,98,4d,6f,43,10,52,fb,99,48,a0,63,12,1f,95,35,f6,8a,30,fc,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\program files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe
    c:\program files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    c:\program files (x86)\RivaTuner Statistics Server\RTSS.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\srvany.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\KMService.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\cms.exe
    f:\games\Steam2\bin\steamwebhelper.exe
    c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
    c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    c:\users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\progra~2\Raptr\raptr.exe
    c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    c:\progra~2\Raptr\raptr_im.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\vtdu.exe
    c:\program files (x86)\NVMS5 Standard Edition\bin\nru.exe
    c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2014-12-19 18:27:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-12-20 00:27
    ComboFix2.txt 2014-12-19 06:19
    .
    Pre-Run: 98,378,080,256 bytes free
    Post-Run: 98,206,285,824 bytes free
    .
    - - End Of File - - 6A864F36957DED2675A4BA8D65989BD6
    A36C5E4F47E84449FF07ED3517B43A31
     
  14. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    Got this one too
     

    Attached Files:

  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    From my instructions:
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  16. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    # AdwCleaner v4.105 - Report created 21/12/2014 at 09:33:17
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-21.4 [Live]
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : KnightCat - KNIGHTCAT-PC
    # Running from : C:\Users\KnightCat\Downloads\adwcleaner_4.105.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : vToolbarUpdater18.0.0
    Service Deleted : Skype C2C Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\KnightCat\AppData\Local\AVG SafeGuard toolbar
    Folder Deleted : C:\Users\KnightCat\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\KnightCat\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\KnightCat\AppData\LocalLow\HPAppData
    Folder Deleted : C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic
    File Deleted : C:\END
    File Deleted : C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

    ***** [ Scheduled Tasks ] *****

    Task Deleted : AmiUpdXp

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\AVG SafeGuard toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\usyndication.com
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Myfree Codec

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17420


    -\\ Mozilla Firefox v32.0.2 (x86 en-US)

    [ewzku24u.Seth\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    [ewzku24u.Seth\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v39.0.2171.95

    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.midwayusa.com/find?userSearchQuery={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.fathead.com/search-results/?term={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=space+trucker&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : iabeihobmhlgpkcgjiloemdbofjbdcic

    -\\ Chromium v

    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.midwayusa.com/find?userSearchQuery={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.fathead.com/search-results/?term={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.stubhub.com/search/doSearch?searchStr={searchTerms}&pageNumber=1&resultsPerPage=50&searchMode=event&start=0&rows=50&geo_exp=1
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=space+trucker&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://wordpress.org/search/do-search.php?search={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

    *************************

    AdwCleaner[R8].txt - [7519 octets] - [21/12/2014 09:30:38]
    AdwCleaner[S6].txt - [9210 octets] - [21/12/2014 09:33:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [9270 octets] ##########
     
  17. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by KnightCat on Sun 12/21/2014 at 10:04:34.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted the following from C:\Users\KnightCat\AppData\Roaming\mozilla\firefox\profiles\ewzku24u.Seth\prefs.js

    user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com?cid={9BD985C1-17C8-42F9-A24E-AF49663426DB}&mid=27cb2d8fe60c44d99f3c4bf7da99ecdb-b846aedc0b47d38eeafd9f7ca50187f5
    Emptied folder: C:\Users\KnightCat\AppData\Roaming\mozilla\firefox\profiles\ewzku24u.Seth\minidumps [9 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/21/2014 at 10:38:42.76
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  18. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
    Ran by KnightCat at 2014-12-21 11:31:00
    Running from C:\Users\KnightCat\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    1954 Alcatraz (HKLM-x32\...\Steam App 255280) (Version: - Daedalic Entertainment)
    4 Elements (HKLM-x32\...\Steam App 47000) (Version: - Playrix Entertainment)
    4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
    7th Legion (HKLM-x32\...\Steam App 327910) (Version: - Epic MegaGames)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    8BitBoy (HKLM-x32\...\Steam App 296910) (Version: - AwesomeBlade)
    911 - First Reponsders (HKLM-x32\...\911 - First Responders) (Version: 1.0.0.0 - Atari)
    A Game of Thrones - Genesis (HKLM-x32\...\Steam App 58550) (Version: - Cyanide Studios)
    A Game of Thrones version 0.4.3 (HKLM-x32\...\{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1) (Version: 0.4.3 - AGOT TEAM)
    A Story About My Uncle (HKLM-x32\...\Steam App 278360) (Version: - Gone North Games)
    Aarklash: Legacy (HKLM-x32\...\Steam App 222640) (Version: - Cyanide Studio)
    Adobe After Effects CS5 Third Party Content (HKLM-x32\...\{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}) (Version: 10 - Adobe Systems Incorporated)
    Adobe After Effects CS5 Third Party Royalty Content (HKLM-x32\...\{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}) (Version: 10 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
    Adobe Connect 9 Add-in (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,369,0 - Adobe Systems Incorporated)
    Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Media Encoder CS5 Dolby X64 (HKLM-x32\...\{5DDABB74-A879-4BE7-A4C6-FD41793942DB}) (Version: 5.0 - Adobe Systems Incorporated)
    Adobe Media Encoder CS5 PCI X64 (HKLM-x32\...\{F9C71630-0EE3-475C-9E2B-ED95AE197DBD}) (Version: 5.0 - Adobe Systems Incorporated)
    Adobe Premiere Pro CS5 Third Party Royalty Content (HKLM-x32\...\{565DE707-5798-4FC3-8DF6-0F58A348A9B0}) (Version: 5.0.0 - Adobe Systems Incorporated)
    Adobe Soundbooth CS5 Codecs (HKLM-x32\...\{DE5DE662-2ECB-4D93-967B-221FBCC8A736}) (Version: 3.0 - Adobe Systems Incorporated)
    Adobe Soundbooth CS5 Royalty Codecs (HKLM-x32\...\{F319804F-E3A4-4C02-8AEC-CB39A4F6447E}) (Version: 3.0 - Adobe Systems Incorporated)
    Aerena (HKLM-x32\...\Steam App 247830) (Version: - Cliffhanger Productions)
    Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
    Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version: - Ensemble Studios)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
    AI War: Fleet Command (HKLM-x32\...\Steam App 40400) (Version: - Arcen Games, LLC)
    AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
    Airport Simulator 2014 (HKLM-x32\...\Steam App 267600) (Version: - United Independent Entertainment GmbH)
    Aliens: Colonial Marines (HKLM-x32\...\Steam App 49540) (Version: - Gearbox Software)
    AlternativA (HKLM-x32\...\Steam App 33990) (Version: - Centauri Production)
    Amazon Games & Software Downloader (HKLM-x32\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
    Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version: - The Chinese Room)
    Anna - Extended Edition (HKLM-x32\...\Steam App 217690) (Version: - Dreampainters)
    APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcaniA – Gothic 4 (HKLM-x32\...\Steam App 39690) (Version: - Spellbound Studios)
    ArcheAge (HKLM-x32\...\Glyph ArcheAge) (Version: - Trion Worlds, Inc.)
    Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
    ArcSoft MediaConverter 8 (HKLM-x32\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
    Aria Karaoke Pro (HKLM-x32\...\{7BF81171-FA6D-47E0-9135-8378A48A8382}_is1) (Version: 1.0.4437.26033 - APW Electronic Services)
    Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
    Armada 2526 Gold Edition (HKLM-x32\...\Steam App 229970) (Version: - Ntronium Games)
    Artemis Artemis (HKLM-x32\...\Artemis) (Version: 1.702.0 - Thom Robertson)
    Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.1 - Extensoft)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.1.0 - Asmedia Technology)
    Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version: - Ubisoft Montreal)
    Assassin's Creed Liberation (HKLM-x32\...\Steam App 260210) (Version: - Ubisoft Sofia)
    Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
    Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
    AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010528974.48.56.70986138 - Audible, Inc.)
    AutoHotkey 1.1.13.01 (HKLM\...\AutoHotkey) (Version: 1.1.13.01 - Lexikos)
    Avast Premier (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
    Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version: - Telltale Games)
    Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version: - Telltale Games)
    Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version: - Telltale Games)
    Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version: - Telltale Games)
    Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version: - Telltale Games)
    Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.22 - Balsamiq SRL)
    Balsamiq Mockups For Desktop (x32 Version: 2.2.22 - Balsamiq SRL) Hidden
    Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
    Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
    Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version: - Rocksteady)
    Batman™: Arkham Origins Blackgate - Deluxe Edition (HKLM-x32\...\Steam App 267490) (Version: - Armature Studio)
    Battle Group 2 (HKLM-x32\...\Steam App 277490) (Version: - Bane Games)
    Battle Mages: Sign of Darkness (HKLM-x32\...\Steam App 311060) (Version: - Targem Games)
    BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
    Battlefield 4™ Beta (HKLM-x32\...\{CFAB3721-549D-4827-A4E8-7F90192114AB}) (Version: 1.0.0.0 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
    Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version: - Zombie Cow Studios)
    Beyond Divinity (HKLM-x32\...\Steam App 219760) (Version: - Larian Studios)
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Games)
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
    Blackguards (HKLM-x32\...\Steam App 249650) (Version: - Daedalic Entertainment)
    Blockland (HKLM-x32\...\Steam App 250340) (Version: - Eric Hartman)
    BloodNet (HKLM-x32\...\Steam App 327920) (Version: - MicroProse Software, Inc)
    BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
    Blur (HKLM-x32\...\Steam App 42640) (Version: - Bizarre Creations)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bot Colony (HKLM-x32\...\Steam App 263040) (Version: - North Side)
    Bound By Flame (HKLM-x32\...\Steam App 243930) (Version: - Spiders)
    bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
    BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
    BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None)
    Breach & Clear (HKLM-x32\...\Steam App 266130) (Version: - Mighty Rabbit Studios)
    Breach (HKLM-x32\...\Steam App 72300) (Version: - Atomic Games)
    Bridge Constructor (HKLM-x32\...\Steam App 250460) (Version: - )
    Bridge It (plus) (HKLM-x32\...\Steam App 248370) (Version: - Chronic Logic)
    Bridge Project (HKLM-x32\...\Steam App 232950) (Version: - Halycon Media GmbH &amp; Co. KG)
    BRINK (HKLM-x32\...\Steam App 22350) (Version: - Splash Damage)
    Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
    Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
    Bus Driver (HKLM-x32\...\Steam App 302080) (Version: - SCS Software)
    calibre (HKLM-x32\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
    Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version: - Sledgehammer Games)
    Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games)
    Call of Juarez (HKLM-x32\...\Steam App 3020) (Version: - Techland)
    Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland)
    Call of Juarez: Bound in Blood (HKLM-x32\...\Steam App 21980) (Version: - Techland)
    Call of Juarez: The Cartel (HKLM-x32\...\Steam App 33420) (Version: - Techland)
    Car Mechanic Simulator 2014 (HKLM-x32\...\Steam App 270850) (Version: - PlayWay S.A.)
    Carmageddon: Reincarnation (HKLM-x32\...\Steam App 249380) (Version: - Stainless Games Ltd)
    Cars 2 (HKLM-x32\...\Steam App 301760) (Version: - Avalanche Software)
    Cars Toon (HKLM-x32\...\Steam App 316320) (Version: - Avalanche Software)
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
    CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
    CDisplayEx 1.9.11 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citadels (HKLM-x32\...\Steam App 238870) (Version: - Games Distillery s.r.o.)
    Cities in Motion (HKLM-x32\...\Steam App 73010) (Version: - Colossal Order Ltd.)
    Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)
    Citrix Online Launcher (HKLM-x32\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
    Clockwork Tales: Of Glass and Ink (HKLM-x32\...\Steam App 284830) (Version: - Artifex Mundi sp. z o.o.)
    Combat (HKLM-x32\...\Steam App 310110) (Version: - )
    CombatLoader (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\ade550b722df5895) (Version: 1.0.0.5 - CombatLoader)
    Commandos 2: Men of Courage (HKLM-x32\...\Steam App 6830) (Version: - Pyro Studios)
    Commandos 3: Destination Berlin (HKLM-x32\...\Steam App 6840) (Version: - Pyro Studios)
    Commandos: Behind Enemy Lines (HKLM-x32\...\Steam App 6800) (Version: - Pyro Studios)
    Commandos: Beyond the Call of Duty (HKLM-x32\...\Steam App 6810) (Version: - Pyro Studios)
    CONSORTIUM (HKLM-x32\...\Steam App 264240) (Version: - Interdimensional Games Inc)
    Contagion (HKLM-x32\...\Steam App 238430) (Version: - Monochrome LLC)
    ControlCenter (HKLM-x32\...\{E5EDA1E6-5FDD-4B29-8399-6022B81C3A7C}) (Version: - )
    Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
    CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Crazy Machines (HKLM-x32\...\Steam App 18420) (Version: - Fakt Software)
    Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
    Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version: - Knuckle Cracker)
    Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox)
    Crysis (HKLM-x32\...\{E70E73B2-DABD-40E4-AE50-81B22567F418}) (Version: 1.1.1.6115 - Electronic Arts)
    CT Special Forces: Fire for Effect (HKLM-x32\...\Steam App 283410) (Version: - Asobo Studio)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
    CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4703 - CyberLink Corp.)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
    CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.4619 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3530.52 - CyberLink Corp.)
    CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2512 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Damnation (HKLM-x32\...\Steam App 12790) (Version: - Blue Omega Entertainment)
    Darkest Hour: Europe '44-'45 (HKLM-x32\...\Steam App 1280) (Version: - Darkest Hour Team)
    DarkStar One (HKLM-x32\...\Steam App 12330) (Version: - Ascaron Entertainment ltd.)
    Data Hacker: Initiation (HKLM-x32\...\Steam App 311860) (Version: - New Reality Games)
    Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
    Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
    Dead Rising 2 (HKLM-x32\...\Steam App 45740) (Version: - Blue Castle Games)
    Dead Rising 2: Off the Record (HKLM-x32\...\Steam App 45770) (Version: - Capcom Vancouver)
    Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version: - Capcom Game Studio Vancouver)
    Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
    Dead State (HKLM-x32\...\Steam App 239840) (Version: - DoubleBear Productions)
    Deadly 30 (HKLM-x32\...\Steam App 264730) (Version: - Ignatus Zuk and Gonzalo Villagomez)
    Deadly Sin 2 (HKLM-x32\...\Steam App 285420) (Version: - Dancing Dragon Games)
    Deadpool (HKLM-x32\...\Steam App 224060) (Version: - High Moon Studios)
    Deep Black : Reloaded (HKLM-x32\...\Steam App 204760) (Version: - Biart)
    Deer Drive (HKLM-x32\...\111448437) (Version: - Oberon Media)
    Defiance (HKLM-x32\...\Steam App 224600) (Version: - )
    DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
    Demolition Master 3D (HKLM-x32\...\Steam App 288710) (Version: - Appmania)
    Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
    Desperados - Wanted Dead or Alive (HKLM-x32\...\Steam App 260730) (Version: - Spellbound)
    Desperados 2: Cooper’s Revenge (HKLM-x32\...\Steam App 9710) (Version: - Spellbound)
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
    DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio)
    Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
    Disney Planes (HKLM-x32\...\Steam App 286880) (Version: - Behaviour Interactive)
    DisplayFusion 7.0 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.0.0.0 - Binary Fortress Software)
    Divine Divinity (HKLM-x32\...\Steam App 214170) (Version: - Larian Studios)
    Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version: - Larian Studios)
    DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
    DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Doctor Who: The Eternity Clock (HKLM-x32\...\Steam App 217080) (Version: - )
    Door Kickers (HKLM-x32\...\Steam App 248610) (Version: - Killhouse Games)
    doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19767 - doubleTwist Corporation)
    Dracula 4 and 5 - Special Steam Edition (HKLM-x32\...\Steam App 279560) (Version: - Microïds)
    Dream (HKLM-x32\...\Steam App 229580) (Version: - HyperSloth)
    Dropbox (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version: - WayForward)
    DUNGEONS - Steam Special Edition (HKLM-x32\...\Steam App 57650) (Version: - Realmforge Studios)
    Dungeons: The Eye of Draconus (HKLM-x32\...\Steam App 303510) (Version: - SuckerFree Games)
    DVD-Cloner V10.00 Build 1200 (HKLM-x32\...\DVD-Cloner 2013_is1) (Version: 10.00.0.1200 - OpenCloner Inc.)
    Dwarfs!? (HKLM-x32\...\Steam App 35480) (Version: - Power of Two)
    Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.)
    DYNASTY WARRIORS 8: Xtreme Legends Complete Edition (HKLM-x32\...\Steam App 278080) (Version: - TECMO KOEI GAMES CO., LTD.)
    Eador. Genesis (HKLM-x32\...\Steam App 235660) (Version: - Alexey Bokulev / Snowbird Games)
    Eador. Masters of the Broken World (HKLM-x32\...\Steam App 232050) (Version: - Snowbird Games)
    Earth 2160 (HKLM-x32\...\Steam App 1900) (Version: - Reality Pump Studios)
    East India Company (HKLM-x32\...\Steam App 25930) (Version: - )
    East India Company: Battle of Trafalgar (HKLM-x32\...\Steam App 42820) (Version: - )
    East India Company: Pirate Bay (HKLM-x32\...\Steam App 25940) (Version: - )
    East India Company: Privateer (HKLM-x32\...\Steam App 42800) (Version: - )
    Elder Kings CK2 Total Conversion (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Elder Kings CK2 Total Conversion 0.1.2a) (Version: 0.1.2a - Elder Kings Team)
    Emergency 2014 (HKLM-x32\...\Emergency 2014) (Version: - Quadriga Games)
    Emergency 2014 (HKLM-x32\...\Steam App 260930) (Version: - Promotion Software)
    Emergency 3 (HKLM-x32\...\Emergency 3_is1) (Version: - )
    Emergency 5 - Deluxe Edition (HKLM-x32\...\Steam App 328140) (Version: - Sixteen Tons Entertainment)
    Enclave (HKLM-x32\...\Steam App 253980) (Version: - Topware)
    Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
    Enforcer: Police Crime Action (HKLM-x32\...\Steam App 318220) (Version: - Odin Game Studio)
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    Euro Truck Simulator (HKLM-x32\...\Steam App 232010) (Version: - SCS Software)
    Evil Genius (HKLM-x32\...\Steam App 3720) (Version: - Elixir Studios)
    Evolve (HKLM-x32\...\Steam App 273350) (Version: - Turtle Rock Studios)
    Expeditions: Conquistador (HKLM-x32\...\Steam App 237430) (Version: - Logic Artists)
    f.lux (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Flux) (Version: - )
    F1 2013 (HKLM-x32\...\Steam App 223670) (Version: - Codemasters Birmingham)
    Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version: - Lionhead Studios)
    Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version: - Lionhead Studios)
    Face Noir (HKLM-x32\...\Steam App 244690) (Version: - Mad Orange)
    Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
    Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Bethesda Softworks)
    Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
    Farming World (HKLM-x32\...\Steam App 277500) (Version: - Excalibur)
    FarSky (HKLM-x32\...\Steam App 286340) (Version: - Farsky Interactive)
    Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
    FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
    Firefighters 2014 (HKLM-x32\...\Steam App 291910) (Version: - VIS - Visual Imagination Software)
    FlatOut (HKLM-x32\...\Steam App 6220) (Version: - Bugbear Entertainment)
    FlatOut 2 (HKLM-x32\...\Steam App 2990) (Version: - Bugbear Entertainment)
    Flatout 3 (HKLM-x32\...\Steam App 201510) (Version: - Team 6 Studios)
    FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version: - Bugbear Entertainment)
    Floe IRC Client (HKLM-x32\...\{CE55233D-8991-4C5B-A710-877154C8F66F}) (Version: 1.0.0.0 - Floe)
    Folk Tale (HKLM-x32\...\Steam App 224440) (Version: - )
    Foreign Legion: Buckets of Blood (HKLM-x32\...\Steam App 36000) (Version: - Sakari Indie)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.99.311 - Foxit Corporation)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
    Franchise Hockey Manager 2014 (HKLM-x32\...\Steam App 299890) (Version: - Out of the Park Developments)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    Freedom Fall (HKLM-x32\...\Steam App 262770) (Version: - Stirfire Studios)
    Freespace 2 (HKLM-x32\...\Steam App 273620) (Version: - Volition Inc)
    FX Football - The Manager for Every Football Fan (HKLM-x32\...\Steam App 265400) (Version: - FX Interactive)
    Galactic Arms Race (HKLM-x32\...\Steam App 249610) (Version: - Evolutionary Games)
    Galactic Civilizations II: Ultimate Edition (HKLM-x32\...\Steam App 202200) (Version: - Stardock Entertainment)
    Galaxy on Fire 2™ Full HD (HKLM-x32\...\Steam App 212010) (Version: - Fishlabs Entertainment GmbH)
    Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
    Ghostbusters: The Video Game (HKLM-x32\...\Steam App 9870) (Version: - Terminal Reality)
    Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    Gnomoria (HKLM-x32\...\Steam App 224500) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
    Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist Expert 2.2.0.758 (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\GoToAssist Remote Support Expert) (Version: 2.2.0.758 - Citrix Online)
    GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
    Grand Theft Auto V - The Manual (HKLM-x32\...\{752EBD91-8B95-42B5-8692-A7243A6EEEA9}) (Version: 1.0.0 - Rockstar Games)
    Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - )
    Gunship! (HKLM-x32\...\Steam App 286730) (Version: - Microprose)
    Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version: - Double Fine Productions)
    HAL 9000 [Console] Advanced Flat Screen Saver (HKLM-x32\...\HAL 9000 [Console] Advanced Flat) (Version: - )
    HAL 9000 [Console] Advanced Shaded Screen Saver (HKLM-x32\...\HAL 9000 [Console] Advanced Shaded) (Version: - )
    HAL 9000 [Full Screen] Advanced Flat Screen Saver (HKLM-x32\...\HAL 9000 [Full Screen] Advanced Flat) (Version: - )
    HAL 9000 [Full Screen] Advanced Screen Saver (HKLM-x32\...\HAL 9000 [Full Screen] Advanced) (Version: - )
    HAL 9000 [Full Screen] Advanced Shaded Screen Saver (HKLM-x32\...\HAL 9000 [Full Screen] Advanced Shaded) (Version: - )
    HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
    Hard Truck Apocalypse / Ex Machina (HKLM-x32\...\Steam App 285500) (Version: - Targem Games)
    HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
    HE Auto Launcher (HKLM-x32\...\HE Auto Launcher) (Version: - )
    Heavy Fire: Afghanistan (HKLM-x32\...\Steam App 305980) (Version: - Teyon)
    Hector: Ep 1 (HKLM-x32\...\Steam App 94600) (Version: - Straandlooper)
    Hector: Ep 2 (HKLM-x32\...\Steam App 94610) (Version: - Straandlooper)
    Hector: Ep 3 (HKLM-x32\...\Steam App 94620) (Version: - Straandlooper)
    Heli Heroes (HKLM-x32\...\Steam App 259320) (Version: - Reality Pump)
    Helicopter Simulator 2014: Search and Rescue (HKLM-x32\...\Steam App 266290) (Version: - PlayWay S.A.)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version: - Eidos)
    Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix)
    Hitman: Blood Money (HKLM-x32\...\Steam App 6860) (Version: - Eidos)
    Hitman: Codename 47 (HKLM-x32\...\Steam App 6900) (Version: - Eidos)
    Hospital Tycoon (HKLM-x32\...\Steam App 11590) (Version: - Deep Red Limited)
    Hotel Collectors Edition (HKLM-x32\...\Steam App 288750) (Version: - Cateia Games)
    HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
    HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
    I Shall Remain (HKLM-x32\...\Steam App 293460) (Version: - Scorpius Games)
    Icewind Dale Complete (HKLM-x32\...\Icewind Dale Complete_is1) (Version: - GOG.com)
    iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
    IndieVolume 3.5.99.171 (HKLM-x32\...\IndieVolume_is1) (Version: 3.5.99.171 - GerixSoft)
    Influent (HKLM-x32\...\Steam App 274980) (Version: - Rob Howland)
    Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version: - NetherRealm Studios)
    Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
    Intel(R) Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)
    Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
    International Snooker (HKLM-x32\...\Steam App 299500) (Version: - Big Head Games)
    Internet Explorer Proxy Monitor 1.0 (HKLM-x32\...\Internet Explorer Proxy Monitor_is1) (Version: - )
    Invisible, Inc. (HKLM-x32\...\Steam App 243970) (Version: - )
    IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version: - DeskShare Inc.)
    Iron Grip: Warlord (HKLM-x32\...\Steam App 31700) (Version: - ISOTX)
    Iron Sky Invasion (HKLM-x32\...\Steam App 224900) (Version: - Reality Pump)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    iZotope Vinyl (HKLM-x32\...\iZotope Vinyl_is1) (Version: 1.61 - iZotope, Inc.)
    J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
    Jack Keane (HKLM-x32\...\Steam App 12340) (Version: - Deck 13)
    Jagged Alliance - Back in Action (HKLM-x32\...\Steam App 57740) (Version: - Coreplay GmbH)
    Jagged Alliance Gold (HKLM-x32\...\Steam App 283270) (Version: - Sir-Tech)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
    Jet Car Stunts (HKLM-x32\...\Steam App 274880) (Version: - GRIP Digital s.r.o.)
    join.me (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
    Joint Task Force (HKLM-x32\...\Steam App 6400) (Version: - Most Wanted Entertainment)
    Jurassic Park: The Game (HKLM-x32\...\Steam App 201830) (Version: - Telltale Games)
    Kane & Lynch 2: Dog Days (HKLM-x32\...\Steam App 28000) (Version: - IO Interactive)
    Kane & Lynch: Dead Men (HKLM-x32\...\Steam App 8080) (Version: - IO Interactive)
    Kaptain Brawe (HKLM-x32\...\Steam App 65080) (Version: - Cateia Games)
    Keeper Password & Data Vault (HKLM-x32\...\Keeper Password & Data Vault) (Version: 6 - Keeper Security, Inc.)
    Kenshi (HKLM-x32\...\Steam App 233860) (Version: - )
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Killer is Dead (HKLM-x32\...\Steam App 261110) (Version: - KADOKAWA GAMES / GRASSHOPPER MANUFACTURE)
    Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
    Killing Floor Mod: Defence Alliance 2 (HKLM-x32\...\Steam App 35420) (Version: - )
    Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - )
    King Arthur II - The Role-playing Wargame (HKLM-x32\...\Steam App 24480) (Version: - NEOCORE GAMES)
    Knytt Underground (HKLM-x32\...\Steam App 248190) (Version: - Nifflas' Games)
    Kung Fu Strike: The Warrior's Rise (HKLM-x32\...\Steam App 212030) (Version: - Qooc Software )
    L.A. Noire (HKLM-x32\...\Steam App 110800) (Version: - Rockstar)
    Law & Order: Legacies (HKLM-x32\...\Steam App 205330) (Version: - Telltale Games)
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    LEGO - The Hobbit (HKLM-x32\...\Steam App 285160) (Version: - Traveller's Tales)
    LEGO Batman 2 (HKLM-x32\...\Steam App 213330) (Version: - TT Games)
    LEGO Batman: The Videogame (HKLM-x32\...\Steam App 21000) (Version: - Traveller's Tales)
    LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version: - Traveller's Tales)
    LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version: - Traveller's Tales)
    Lego Star Wars Saga (HKLM-x32\...\Steam App 32440) (Version: - Traveller's Tales )
    LEGO® Pirates of the Caribbean The Video Game (HKLM-x32\...\Steam App 311770) (Version: - Traveller's Tales)
    LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
    LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
    Lichdom: Battlemage (HKLM-x32\...\Steam App 261760) (Version: - Xaviant)
    Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version: - Bitbox Ltd.)
    Lifeless Planet (HKLM-x32\...\Steam App 261530) (Version: - Stage 2 Studios)
    LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
    Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
    LogMeIn Rescue Technician Console (HKLM-x32\...\{7730D2E4-A46A-4984-8503-EC1B4E8934A3}) (Version: 7.3.1444 - LogMeIn, Inc.)
    Lost Planet 3 (HKLM-x32\...\Steam App 226720) (Version: - Spark Unlimited)
    m05 SurveillanceSaver 1.0 (HKLM-x32\...\m05 SurveillanceSaver) (Version: 1.0 - m05)
    Maelstrom (HKLM-x32\...\Steam App 11560) (Version: - KDV Games)
    Mafia (HKLM-x32\...\Steam App 40990) (Version: - 2K Games)
    Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    MakeMKV v1.8.9 (HKLM-x32\...\MakeMKV) (Version: v1.8.9 - GuinpinSoft inc)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mare Nostrum (HKLM-x32\...\Steam App 1230) (Version: - Sandstorm Productions)
    Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - )
    MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
    Mars: War Logs (HKLM-x32\...\Steam App 232750) (Version: - Spiders)
    Marvel Heroes (HKLM-x32\...\marvelheroesbeta) (Version: 1.9.0.422 - Gazillion Entertainment)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
    MechWarrior Online (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\{74d11f91-05cc-44f6-8e49-94fe7f33c79b}) (Version: 1.2.0.0 - Piranha Games Inc.)
    MechWarrior Online (x32 Version: 1.2.0.0 - Piranha Games Inc.) Hidden
    Medal of Honor: Airborne (HKLM-x32\...\Steam App 24840) (Version: - EA Los Angeles)
    MediaCoder x64 0.8.30.5622 (HKLM\...\MediaCoder x64) (Version: 0.8.30.5622 - Mediatronic)
    Mercenaries 2 World in Flames™ (HKLM-x32\...\{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}) (Version: 2.0.1.0 - Electronic Arts)
    METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version: - PlatinumGames)
    Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES)
    Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
    Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games)
    Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
    Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
    Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
    Microsoft Lync 2010 (HKLM\...\{11849FBC-C416-4742-8279-17C3A2C85F72}) (Version: 4.0.7577.4446 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft OneDrive for Business 2013 - en-us (HKLM\...\GrooveRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
    Minion (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
    MKVToolNix 7.0.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.0.0 - Moritz Bunkus)
    Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
    Monday Night Combat (HKLM-x32\...\Steam App 63200) (Version: - Uber Entertainment)
    MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
    MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
    Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Taleworlds Entertainment)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
    MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Multi Timer 3.6 (HKLM-x32\...\Multi Timer_is1) (Version: - Johannes Wallroth)
    MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
    MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others)
    MyFreeCodec (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\MyFreeCodec) (Version: - )
    Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
    Nether (HKLM-x32\...\Steam App 247730) (Version: - Phosphor Games)
    Nikopol: Secrets of the Immortals (HKLM-x32\...\Steam App 11370) (Version: - White Birds Productions)
    NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version: - )
    Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140617.86661 - Square Enix Ltd)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
    NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
    NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
    NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
    NVMS5 Standard Edition (HKLM-x32\...\{F011CDD5-87D2-4873-8EE3-FA95B1FEAED9}) (Version: 5.2 - NVMS)
    OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
    Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
    Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
    Omerta - City of Gangsters (HKLM-x32\...\Steam App 208520) (Version: - Haemimont Games)
    Only If (HKLM-x32\...\Steam App 298260) (Version: - Creability)
    OnTopReplica (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    Open DVD Ripper 3.30 Build 507 (HKLM-x32\...\Open DVD Ripper 3_is1) (Version: 3.30.0.507 - OpenCloner Inc.)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Orbital Gear (HKLM-x32\...\Steam App 298520) (Version: - Night Node)
    Orborun (HKLM-x32\...\Steam App 308580) (Version: - Tiny Lab Productions)
    Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
    Out of the Park Baseball 14 (HKLM-x32\...\Steam App 263840) (Version: - Out of the Park Developments)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    Pandora (HKLM-x32\...\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1) (Version: 2.0.8 - PANDORA MEDIA, INC.)
    Pandora (x32 Version: 2.0.8 - PANDORA MEDIA, INC.) Hidden
    Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
    Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
    Patrician III (HKLM-x32\...\Steam App 33570) (Version: - Ascaron Entertainment ltd.)
    PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    Pepakura Designer 3 (HKLM-x32\...\pepakura_designer3en) (Version: - TamaSoftware)
    Pepakura Viewer 3 (HKLM-x32\...\pepakura_viewer3en) (Version: - TamaSoftware)
    Pirates Of The Burning Sea (HKLM-x32\...\potbs) (Version: 1.0.0.1 - )
    Pirates of the Caribbean - At Worlds End (HKLM-x32\...\Steam App 301980) (Version: - Eurocom Entertainment Software)
    Pirates! Gold Plus (Classic) (HKLM-x32\...\Steam App 327380) (Version: - MicroProse Software, Inc)
    Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version: - Ndemic Creations)
    Planet Explorers (HKLM-x32\...\Steam App 237870) (Version: - Pathea Games)
    Planet Stronghold (HKLM-x32\...\Steam App 291050) (Version: - Winter Wolves)
    Planetary Annihilation (HKLM-x32\...\Steam App 233250) (Version: - Uber Entertainment)
    PlanetSide 2 (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)
    PlayLater (HKLM-x32\...\{132FA3A5-4645-4E5E-BC66-4055F5D1C44C}) (Version: 1.6.9 - MediaMall Technologies, Inc.)
    PlayOn (HKLM-x32\...\{332917AC-ACF7-4619-B5A4-AB722FB6B2F8}) (Version: 3.10.9 - MediaMall Technologies, Inc.)
    Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.0.9 - Plex inc)
    Plex Media Server (HKLM-x32\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
    Plex Media Server (x32 Version: 0.9.907 - Plex, Inc.) Hidden
    Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version: - Telltale Games)
    Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version: - Telltale Games)
    Police Destruction Street (HKLM-x32\...\Police Destruction Street_is1) (Version: - Play sp. z o. o.)
    Police Simulator 2 (HKLM-x32\...\Police Simulator 2) (Version: - )
    Pool Nation (HKLM-x32\...\Steam App 254440) (Version: - Cherry Pop Games)
    Post Mortem (HKLM-x32\...\Steam App 46550) (Version: - Anuman / Microids)
    Power CD+G Burner 2 (HKLM-x32\...\{62622BDC-D42B-4ABE-869A-C197694E8BD0}_is1) (Version: - Doblon)
    Power SCDG Ripper (HKLM-x32\...\{52CF5B3E-1572-4EDD-AD47-589FF73E372D}_is1) (Version: - Doblon)
    Praetorians (HKLM-x32\...\Steam App 277460) (Version: - Pyro Studios)
    Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
    ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
    Proxy Switcher (HKLM-x32\...\{BD85CEE1-BFBA-4FDB-A0FB-F8FE4938CCB0}) (Version: 3.6.1 - Marco Wiedemeyer)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
    Puzzle Agent (HKLM-x32\...\Steam App 31270) (Version: - Telltale Games)
    Puzzle Agent 2 (HKLM-x32\...\Steam App 94590) (Version: - Telltale Games)
    PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
    Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
     
  19. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    R.I.P.D.: The Game (HKLM-x32\...\Steam App 237590) (Version: - Old School Games)
    Rage Runner (HKLM-x32\...\Steam App 279520) (Version: - Hypercane Studios)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
    Real Heroes Firefighter (HKLM-x32\...\Real Heroes Firefighter_is1) (Version: - )
    RealDownloader (x32 Version: 17.0.10 - RealNetworks, Inc.) Hidden
    Realms of Arkania: Blade of Destiny (HKLM-x32\...\Steam App 237550) (Version: - Crafty Studios)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Recovery Search and Rescue Simulation (HKLM-x32\...\Steam App 262870) (Version: - Excalibur Publishing)
    Red Orchestra 2: Heroes of Stalingrad (HKLM-x32\...\Steam App 35450) (Version: - Tripwire)
    Red Orchestra 2: Heroes of Stalingrad Beta (HKLM-x32\...\Steam App 104320) (Version: - )
    Red Orchestra: Ostfront 41-45 (HKLM-x32\...\Steam App 1200) (Version: - Tripwire Interactive)
    Rescue: Everyday Heroes (HKLM-x32\...\Steam App 253130) (Version: - Fragment Production Ltd)
    Residue: Final Cut (HKLM-x32\...\Steam App 265790) (Version: - The Working Parts)
    Return to Mysterious Island (HKLM-x32\...\Steam App 277110) (Version: - Anuman)
    Return to Mysterious Island 2 (HKLM-x32\...\Steam App 277270) (Version: - Anuman)
    Rex Nebular and the Cosmic Gender Bender (HKLM-x32\...\Steam App 328430) (Version: - MicroProse Software, Inc.)
    Riot Police (HKLM-x32\...\Riot Police) (Version: - )
    Risen 3 - Titan Lords (HKLM-x32\...\Steam App 249230) (Version: - Piranha Bytes)
    RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
    RoboBasket3 (HKLM\...\RoboBasket_is1) (Version: 3.5.8 - ETUS)
    Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
    Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
    Rulers of Nations (HKLM-x32\...\Steam App 311040) (Version: - Eversim)
    Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
    Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version: - Ascaron)
    Sacred 3 (HKLM-x32\...\Steam App 247950) (Version: - Keen Games)
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
    salesforce.com Data Loader (HKLM-x32\...\Data Loader) (Version: - )
    Sam & Max 101: Culture Shock (HKLM-x32\...\Steam App 8200) (Version: - Telltale Games)
    Sam & Max 102: Situation: Comedy (HKLM-x32\...\Steam App 8210) (Version: - Telltale Games)
    Sam & Max 103: The Mole, the Mob and the Meatball (HKLM-x32\...\Steam App 8220) (Version: - Telltale Games)
    Sam & Max 104: Abe Lincoln Must Die! (HKLM-x32\...\Steam App 8230) (Version: - Telltale Games)
    Sam & Max 105: Reality 2.0 (HKLM-x32\...\Steam App 8240) (Version: - Telltale Games)
    Sam & Max 106: Bright Side of the Moon (HKLM-x32\...\Steam App 8250) (Version: - Telltale Games)
    Sam & Max 201: Ice Station Santa (HKLM-x32\...\Steam App 8260) (Version: - Telltale Games)
    Sam & Max 202: Moai Better Blues (HKLM-x32\...\Steam App 8270) (Version: - Telltale Games)
    Sam & Max 203: Night of the Raving Dead (HKLM-x32\...\Steam App 8280) (Version: - Telltale Games)
    Sam & Max 204: Chariots of the Dogs (HKLM-x32\...\Steam App 8290) (Version: - Telltale Games)
    Sam & Max 205: What's New Beelzebub? (HKLM-x32\...\Steam App 8300) (Version: - Telltale Games)
    Sam & Max 301: The Penal Zone (HKLM-x32\...\Steam App 31220) (Version: - Telltale Games)
    Sam & Max 302: The Tomb of Sammun-Mak (HKLM-x32\...\Steam App 31230) (Version: - Telltale Games)
    Sam & Max 303: They Stole Max's Brain! (HKLM-x32\...\Steam App 31240) (Version: - Telltale Games)
    Sam & Max 304: Beyond the Alley of the Dolls (HKLM-x32\...\Steam App 31250) (Version: - Telltale Games)
    Sam & Max 305: The City that Dares not Sleep (HKLM-x32\...\Steam App 31260) (Version: - Telltale Games)
    SamLogic USB Supervisor (HKLM-x32\...\SamLogic USB Supervisor) (Version: - )
    Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
    Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.14113.3 - Samsung Electronics Co., Ltd.) Hidden
    Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
    Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
    Saturday Morning RPG (HKLM-x32\...\Steam App 263320) (Version: - Mighty Rabbit Studios)
    Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    Scania Truck Driving Simulator (HKLM-x32\...\Steam App 258760) (Version: - SCS Software)
    Scratches: Director's Cut (HKLM-x32\...\Steam App 46460) (Version: - Nucleosys)
    Sentinel 3: Homeworld (HKLM-x32\...\Steam App 275350) (Version: - Origin8)
    Shadow Ops: Red Mercury (HKLM-x32\...\Steam App 286770) (Version: - Zombie Studios)
    Shadowrun Online (HKLM-x32\...\Steam App 267750) (Version: - Cliffhanger Productions)
    Shadowrun Returns (HKLM-x32\...\Steam App 234650) (Version: - Harebrained Schemes)
    SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
    Ship Simulator Extremes (HKLM-x32\...\Steam App 48800) (Version: - VStep)
    Ship Simulator: Maritime Search and Rescue (HKLM-x32\...\Steam App 274010) (Version: - Reality Twist GmbH)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
    Sid Meier's Colonization (Classic) (HKLM-x32\...\Steam App 327400) (Version: - MicroProse Software, Inc)
    Sid Meier's Covert Action (Classic) (HKLM-x32\...\Steam App 327390) (Version: - MicroProse Software, Inc)
    Sine Mora (HKLM-x32\...\Steam App 207040) (Version: - Digital Reality)
    Ski Region Simulator (HKLM-x32\...\Steam App 270950) (Version: - Giants Software)
    Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
    SkyDrift (HKLM-x32\...\Steam App 91100) (Version: - Digital Reality)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype for Salesforce Basic Edition (HKLM-x32\...\{75BFCF2D-E0EE-4A22-85AB-78E9AEAE9563}_is1) (Version: 2.3.0.1 - PamConsult GmbH)
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
    Slave Zero (HKLM-x32\...\Steam App 328470) (Version: - Accolade, Inc.)
    Smart Technology Programming Software 7.0.24.8 (HKLM\...\{AB98EBC0-1F36-4525-8CBE-E1C63700C7AD}) (Version: 7.0.24.8 - Mad Catz)
    SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
    Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 0.1.1405.0 - Hi-Rez Studios)
    Sniper Elite 3 (HKLM-x32\...\Steam App 238090) (Version: - Rebellion)
    Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version: - City Interactive)
    Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version: - City Interactive)
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sound Blaster Audigy 5_Audigy Rx (HKLM-x32\...\{81440118-F1CE-4C87-BC8B-F1EB8D3FA190}) (Version: 1.0 - Creative Technology Limited)
    Space Empires IV Deluxe (HKLM-x32\...\Steam App 1610) (Version: - Malfador Machinations)
    Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
    Space Trader: Merchant Marine (HKLM-x32\...\Steam App 11240) (Version: - Hermitworks Entertainment )
    Spacebase DF-9 (HKLM-x32\...\Steam App 246090) (Version: - Double Fine Productions)
    Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - YAGER)
    Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)
    Speed Kills (HKLM-x32\...\Steam App 284930) (Version: - Holy Warp)
    Speedball 2 HD (HKLM-x32\...\Steam App 251690) (Version: - Vivid Games)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
    Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios)
    Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.4.5.2 - Splashtop Inc.)
    Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
    Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.2.4 - Splashtop Inc.)
    Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
    Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
    Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
    Spotify (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
    Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - )
    StarDrive (HKLM-x32\...\Steam App 220660) (Version: - )
    StarForge Alpha (HKLM-x32\...\Steam App 227680) (Version: - CodeHatch)
    State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version: - Kot in Action Creative Artel)
    Still Life (HKLM-x32\...\Steam App 46480) (Version: - Anuman / Microids)
    Still Life 2 (HKLM-x32\...\Steam App 46490) (Version: - Anuman / Microids)
    Strike Suit Infinity (HKLM-x32\...\Steam App 234160) (Version: - Born Ready Games Ltd.)
    Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
    Strong Bad Episode 1: Homestar Ruiner (HKLM-x32\...\Steam App 8340) (Version: - Telltale Games)
    Strong Bad Episode 2: Strong Badia the Free (HKLM-x32\...\Steam App 8350) (Version: - Telltale Games)
    Strong Bad Episode 3: Baddest of the Bands (HKLM-x32\...\Steam App 8360) (Version: - Telltale Games)
    Strong Bad Episode 4: Dangeresque 3 (HKLM-x32\...\Steam App 8370) (Version: - Telltale Games)
    Strong Bad Episode 5: 8-Bit Is Enough (HKLM-x32\...\Steam App 8380) (Version: - Telltale Games)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    Super Monday Night Combat (HKLM-x32\...\Steam App 104700) (Version: - Uber Entertainment)
    Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - Gas Powered Games)
    Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version: - Gas Powered Games)
    SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
    SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31973 - Sierra Entertainment, Inc.)
    SWAT 4 (x32 Version: 1.0.31973 - Sierra Entertainment, Inc.) Hidden
    Swift Elite 1.0 Release 1.012 (HKLM-x32\...\SwiftElite10) (Version: - )
    Sword of the Samurai (HKLM-x32\...\Steam App 327950) (Version: - MicroProse Software, Inc)
    Syder Arcade (HKLM-x32\...\Steam App 252310) (Version: - Studio Evil)
    System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    Take On Helicopters (HKLM-x32\...\Steam App 65730) (Version: - Bohemia Interactive)
    Taxi (HKLM-x32\...\Steam App 315550) (Version: - Excalibur)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
    Telltale Texas Hold'Em (HKLM-x32\...\Steam App 8330) (Version: - Telltale Games)
    Tesla Effect (HKLM-x32\...\Steam App 261510) (Version: - Big Finish Games)
    The 39 Steps (HKLM-x32\...\Steam App 234940) (Version: - The Story Mechanics)
    The Ball (HKLM-x32\...\Steam App 35460) (Version: - Teotl Studios)
    The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)
    The Chronicles of Narnia - Prince Caspian (HKLM-x32\...\Steam App 320890) (Version: - Traveller's Tales)
    The Crew (HKLM-x32\...\Steam App 241560) (Version: - Ivory Tower in collaboration with Ubisoft Reflections)
    The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
    The Few (HKLM-x32\...\Steam App 300320) (Version: - BlackMoon Design)
    The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version: - NeocoreGames)
    The LEGO® Movie - Videogame (HKLM-x32\...\Steam App 267530) (Version: - TT Fusion)
    The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
    The Red Solstice (HKLM-x32\...\Steam App 265590) (Version: - Ironward)
    The Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
    The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight)
    The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight)
    The Ship Tutorial (HKLM-x32\...\Steam App 2430) (Version: - Outerlight)
    The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
    The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
    The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version: - Frogwares)
    The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
    The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
    theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)
    theRenamer 7.68 (HKLM-x32\...\{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1) (Version: - theRenamer)
    Thief (HKLM-x32\...\Steam App 239160) (Version: - Eidos-Montréal)
    This War of Mine (HKLM-x32\...\Steam App 282070) (Version: - 11 bit studios)
    Thunder Wolves (HKLM-x32\...\Steam App 232970) (Version: - Most Wanted Entertainment)
    Tidalis (HKLM-x32\...\Steam App 40420) (Version: - Arcen Games, LLC)
    Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version: - Size Five Games)
    Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
    Tixati (HKLM-x32\...\tixati) (Version: - )
    Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version: - Ubisoft Toronto)
    Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version: - Ubisoft Montreal)
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    Total Pro Golf 3 (HKLM-x32\...\Steam App 308320) (Version: - Wolverine Studios)
    Toy Story 3 (HKLM-x32\...\Steam App 300820) (Version: - Avalanche Software)
    Toy Story Mania (HKLM-x32\...\Steam App 317580) (Version: - Papaya Studio)
    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
    Trials Fusion (HKLM-x32\...\Steam App 245490) (Version: - RedLynx, in collaboration with Ubisoft Shanghai, Ubisoft Kiev)
    Tron 2.0 (HKLM-x32\...\Steam App 327740) (Version: - Monolith Productions, Inc.)
    TRON: Evolution (HKLM-x32\...\Steam App 315440) (Version: - GameStar)
    Tropico 3 - Steam Special Edition (HKLM-x32\...\Steam App 23490) (Version: - Haemimont Games)
    Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
    Trucks & Trailers (HKLM-x32\...\Steam App 302060) (Version: - SCS Software)
    Under the Ocean (HKLM-x32\...\Steam App 227720) (Version: - )
    Unity Web Player (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
    Urban Trial Freestyle (HKLM-x32\...\Steam App 243450) (Version: - Tate Multimedia)
    USB Multi-Channel Audio Device (HKLM\...\C-Media CM106 Like Sound Driver) (Version: - )
    USBFast (HKLM-x32\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.28 - Prolific Technology Inc.)
    Vector (HKLM-x32\...\Steam App 248970) (Version: - )
    Velvet Assassin (HKLM-x32\...\Steam App 16720) (Version: - Replay Studios)
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{267B6912-6F26-4FFD-9342-8E84A7B26151}) (Version: 2.13.1103 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{041E914E-7B73-4E8B-967F-B7FFC527FF80}) (Version: 2.14.0106 - Samsung Electronics Co., Ltd.)
    Viking: Battle for Asgard (HKLM-x32\...\Steam App 211160) (Version: - Creative Assembly, PC Port - Hardlight)
    VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version: - )
    War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version: - )
    Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version: - Relic)
    Wasteland 1 - The Original Classic (HKLM-x32\...\Steam App 259130) (Version: - inXile Entertainment)
    Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version: - inXile Entertainment)
    Watchmen: The End Is Nigh (HKLM-x32\...\Steam App 21010) (Version: - Deadline Games)
    Watchmen: The End Is Nigh Part 2 (HKLM-x32\...\Steam App 21030) (Version: - Deadline Games )
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WinCDG Pro 3.0 Release 3.0 (HKLM-x32\...\WinCDGPro3) (Version: Release 3.0 - TriceraSoft)
    Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
    Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
    WinPcap 4.0.2 (HKLM-x32\...\WinPcapInst) (Version: 4.0.0.1040 - CACE Technologies)
    WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
    Woodcutter Simulator 2013 (HKLM-x32\...\Steam App 267610) (Version: - United Independent Entertainment GmbH)
    Workspace Desktop (HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\workspacedesktop) (Version: - Starfield Technologies)
    World Basketball Tycoon (HKLM-x32\...\Steam App 260510) (Version: - )
    ZViewer version 1.0.1.31 (HKLM-x32\...\{1B00336F-393F-4DC7-9956-42C69ED6565E}_is1) (Version: 1.0.1.31 - ZMODO Technology Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1960\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    25-11-2014 12:36:41 avast! antivirus system restore point
    25-11-2014 12:39:30 Device Driver Package Install: Avast Network Service
    02-12-2014 16:05:05 Scheduled Checkpoint
    06-12-2014 14:44:56 Installed Samsung Kies3
    12-12-2014 17:56:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
    18-12-2014 21:40:25 Pre Anti-Root Kit
    19-12-2014 16:26:19 Installed DirectX

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2014-12-19 18:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {02EA73A5-F8AB-4E8F-B866-2D2F16237A4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000Core => C:\Users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
    Task: {21E21969-E586-4357-8991-5B0D79D6982F} - System32\Tasks\{9818FB97-0C4D-4EC5-9E1D-91F149DB3F28} => pcalua.exe -a C:\Users\KnightCat\Downloads\megamek-v0.35.43-windows\MegaMek.exe -d C:\Users\KnightCat\Downloads\megamek-v0.35.43-windows
    Task: {24E7A6E2-278F-402F-96B0-B61C3BE24875} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    Task: {2621594D-6017-4D2B-A148-A70D62E00085} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)
    Task: {2E276807-DDD2-4413-B52A-280B5340C332} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
    Task: {3A52FCBF-36EF-4007-A34B-DA5D4E6549FC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)
    Task: {3F2AE84D-D731-44B6-B82D-D833DBBDBFCF} - System32\Tasks\{05340D2D-A4C0-407A-B76B-4E8AEA31629E} => pcalua.exe -a C:\Users\KnightCat\Downloads\megamek-0.36.0-windows\MegaMek.exe -d C:\Users\KnightCat\Downloads\megamek-0.36.0-windows
    Task: {3F471A6C-E25F-447E-B661-6BE8A4BB5698} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
    Task: {404DD7D7-FDCA-430B-B574-0779876866A2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)
    Task: {43742458-783B-4A82-96CE-44F76ACFE4C4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {5792406E-C6A6-4609-9749-B323DD25D643} - System32\Tasks\{E440BCE0-0E4F-4BD8-A1BD-8B1BBB496D1F} => pcalua.exe -a "C:\Program Files\WinCDG Pro\TyrannUnInst.exe" -c C:\Program Files\WinCDG Pro\
    Task: {5A48F9CC-AEA4-4AFA-90E3-6D606351B075} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {5E9AD048-F243-402D-B6EC-878C6988EA41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {620B6348-6382-4BF6-BEB3-41D7E9A847D0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {66BFDB4A-A602-4F3C-9367-21034EA86C9E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)
    Task: {68835A6C-24F1-409C-96F4-51CAE81EFA26} - System32\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-20] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6A81C897-A6D1-4128-BAF9-24366D3068D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-05-23] (RealNetworks, Inc.)
    Task: {6DC294C1-E3A9-4D4C-AC82-4F1623B9A87D} - System32\Tasks\{D2A8705C-388D-4822-8CCC-2A9FA10DA951} => pcalua.exe -a C:\Users\KnightCat\Downloads\vcredist_x86.exe -d C:\Users\KnightCat\Downloads
    Task: {70EF2A1F-1F06-4A7D-96E6-6D9644CE58FD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2305213872-2505911372-3816809497-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-05-13] (RealNetworks, Inc.)
    Task: {7676A1BB-871A-40BA-BD0C-03D953A89D49} - System32\Tasks\{CBEF3558-09BA-477C-9A09-456D8DE04CA4} => G:\Origin\The Saboteur\Saboteur.exe [2009-12-11] (Electronic Arts)
    Task: {78CEC2C6-58EA-42BE-823C-FBF8B09C839C} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
    Task: {7C6BE817-1270-4ED0-A8B7-D1BFF9CD8D9C} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-08-31] ()
    Task: {7FA8B852-C46D-4547-85D9-4444DE6D1029} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
    Task: {8944CA38-CCC6-4047-A468-2CDE0ECA0D39} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {8D11CC5E-D9BB-4D76-B29C-B28E1495EA58} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {93A1D1CD-24CD-4BCE-8E3D-6A5B139F376A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
    Task: {A06FCFDF-A9B9-447C-9693-C8C364AD856F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
    Task: {B01E7EC8-9DCB-40E9-BBD2-DC55D0F03A24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000UA => C:\Users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-14] (Google Inc.)
    Task: {BCB029C6-8EC0-4939-88E0-13FF842CB05C} - System32\Tasks\RTSS => C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe [2014-08-30] ()
    Task: {BD990D74-510E-4035-9503-793C3F1E3E27} - System32\Tasks\{2057093D-D359-4431-840A-CFE57C05A68E} => pcalua.exe -a C:\Users\KnightCat\Downloads\SForceOffice.exe -d C:\Users\KnightCat\Downloads
    Task: {C291930A-41D4-453B-A5DD-45A502DAC5C7} - System32\Tasks\{AD5E976E-F00C-4CD7-8B87-3FB03A7B0E08} => pcalua.exe -a D:\Launch.exe -d D:\
    Task: {C2C01B21-69AA-4A8A-B24B-F4B8C38AA681} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KnightCat-PC-KnightCat KnightCat-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-07] (Microsoft Corporation)
    Task: {C6603369-0267-450F-B841-B14F867D4990} - System32\Tasks\{51937AD9-B00C-459B-AE6A-77AC4DD1F0BE} => pcalua.exe -a C:\Users\KnightCat\Downloads\setup_en.exe -d C:\Users\KnightCat\Downloads
    Task: {D3EE66AC-E8B8-4C2B-B540-AA22BAC5C742} - System32\Tasks\{6C587720-CE42-4823-A6B0-9DE9E61E5F67} => G:\Origin\The Saboteur\Saboteur.exe [2009-12-11] (Electronic Arts)
    Task: {D9D4094E-F3FD-48BC-B282-EA4CFDA88576} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
    Task: {DBBC874D-7491-4846-90AB-25BB3FDFC20E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-25] (AVAST Software)
    Task: {DEAAA5EB-60D2-417F-B9F9-42A0DCEAC707} - System32\Tasks\Core Temp Autostart => C:\Program Files\Core Temp\Core Temp.exe [2010-07-02] ()
    Task: {E76DDA54-28AC-4076-BECF-BB58B3A3E6CB} - System32\Tasks\AdobeAAMUpdater-1.0-KnightCat-PC-KnightCat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {E82B465F-7E44-4825-8F95-5D1DE92D4CC5} - System32\Tasks\{F9DFB0E6-4136-42BD-ABBE-639D034A1BD5} => K:\SWAT 2 FE\SWAT2\AUTORUN.EXE
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\2130\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000Core.job => C:\Users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000UA.job => C:\Users\KnightCat\AppData\Local\Google\Update\GoogleUpdate.exe
     
  20. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    ==================== Loaded Modules (whitelisted) =============

    2013-03-19 09:24 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-08-25 09:12 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
    2013-03-14 12:20 - 2013-03-14 12:20 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2014-09-22 09:33 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-03-18 08:57 - 2013-03-18 08:57 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
    2013-03-18 08:57 - 2013-03-18 08:57 - 00151552 _____ () C:\Windows\KMService.exe
    2014-05-17 15:08 - 2011-12-23 10:11 - 00155136 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe
    2014-05-17 15:08 - 2009-03-16 12:29 - 06562432 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe
    2014-05-17 15:08 - 2011-12-23 09:48 - 00176640 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe
    2013-04-11 15:14 - 2014-09-09 13:25 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-05-13 12:10 - 2014-05-13 12:10 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-05-23 00:34 - 2014-05-23 00:34 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2014-11-25 12:38 - 2014-11-25 12:38 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-11-25 12:38 - 2014-11-25 12:38 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2014-05-17 15:08 - 2011-12-23 10:12 - 00014848 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe
    2014-05-17 15:08 - 2011-12-23 10:12 - 00015872 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe
    2014-08-30 12:07 - 2014-08-30 12:07 - 00400384 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks64.dll
    2014-08-31 07:00 - 2014-08-31 07:00 - 00512512 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    2014-08-30 12:07 - 2014-08-30 12:07 - 00195584 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    2014-02-20 23:23 - 2010-07-02 13:52 - 00530448 _____ () C:\Program Files\Core Temp\Core Temp.exe
    2014-09-18 01:23 - 2014-09-18 01:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
    2014-10-14 12:51 - 2014-10-14 12:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
    2014-09-18 01:23 - 2014-09-18 01:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
    2014-10-14 12:51 - 2014-10-14 12:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
    2014-10-16 08:46 - 2014-11-20 14:45 - 00393376 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream64.dll
    2014-10-16 08:46 - 2014-11-20 14:51 - 02210480 _____ () C:\Program Files\Microsoft Office 15\root\office15\tmpod.dll
    2014-10-16 08:46 - 2014-10-16 08:48 - 00027304 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll
    2014-10-16 08:47 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2014-10-16 08:47 - 2014-09-23 07:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
    2014-10-16 08:46 - 2014-11-20 14:45 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll
    2014-08-30 12:07 - 2014-08-30 12:07 - 00026112 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
    2014-08-30 12:07 - 2014-08-30 12:07 - 00088576 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
    2014-05-01 13:29 - 2014-05-01 13:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2014-12-21 06:00 - 2014-12-21 06:00 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122100\algo.dll
    2014-11-25 12:38 - 2014-11-25 12:38 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-12-21 09:54 - 2014-12-21 09:54 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14122101\algo.dll
    2014-04-21 20:32 - 2009-10-23 11:31 - 00038912 _____ () C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll
    2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-03-14 12:20 - 2014-12-21 09:52 - 00029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-03-14 12:20 - 2013-03-14 12:20 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
    2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
    2013-12-17 03:42 - 2013-12-17 03:42 - 00335872 _____ () C:\Program Files (x86)\MediaMall\lua51a.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00176640 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmactionmgr.dll
    2014-05-17 15:08 - 2011-12-23 09:47 - 00496640 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\sdp.dll
    2014-05-17 15:08 - 2011-12-16 16:56 - 01318912 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\LIBMYSQL.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00116736 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\action.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00117248 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\adapter.dll
    2014-05-17 15:08 - 2011-12-23 09:48 - 00118784 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\mitoid.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00159232 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmmitcore.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00179200 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmsecucore.dll
    2014-05-17 15:08 - 2011-12-23 09:48 - 00128000 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\tdcne.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00139264 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\actionalarmout.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00142336 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\actioncupreview.dll
    2014-05-17 15:08 - 2011-12-23 09:48 - 00193536 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\tdccms.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00169984 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmlogcore.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00138240 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\msgcenter.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00168448 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\adapter_nru.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00211456 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmmit.dll
    2014-05-17 15:08 - 2011-12-23 09:47 - 00224768 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\license.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00130048 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmsecu.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00122368 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmfault.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00254464 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmfaultcore.dll
    2014-05-17 15:08 - 2011-12-23 09:53 - 00070656 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmexport.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00291840 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmvtdumgr.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00128000 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmuserproperty.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00158208 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\adapter_vtdu.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00116736 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmlog.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00215040 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\adapter_dvrs.dll
    2014-05-17 15:08 - 2011-12-16 16:56 - 01253376 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\HieClientUnit.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00250880 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmmap.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00156672 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmhydvrs.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00150528 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmnrumgr.dll
    2014-05-17 15:08 - 2011-12-23 10:11 - 00137216 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nmsys.dll
    2014-05-17 15:08 - 2011-12-23 09:48 - 00117248 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\avadapter.dll
    2014-05-17 15:08 - 2011-12-23 10:12 - 00031232 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nesys.dll
    2014-05-17 15:08 - 2011-12-23 09:49 - 00175616 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\avadapter_private.dll
    2014-05-17 15:08 - 2011-12-23 10:12 - 00148992 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\avadapter_private_vtdu.dll
    2014-05-17 15:08 - 2011-12-23 10:12 - 00133632 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nevtdu.dll
    2014-05-17 15:08 - 2011-12-23 09:49 - 00106496 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\avadapter_private_ex.dll
    2014-05-17 15:08 - 2011-12-23 09:49 - 00080384 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nenru_avr.dll
    2014-05-17 15:08 - 2011-12-23 09:50 - 00163328 _____ () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nenru.dll
    2014-08-31 06:58 - 2014-08-31 06:58 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
    2014-08-31 06:58 - 2014-08-31 06:58 - 00056832 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
    2014-08-31 06:59 - 2014-08-31 06:59 - 00217600 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
    2014-08-31 06:59 - 2014-08-31 06:59 - 00324608 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
    2014-08-31 07:00 - 2014-08-31 07:00 - 00648192 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
    2014-08-30 12:07 - 2014-08-30 12:07 - 00354816 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooks.dll
    2013-02-27 08:21 - 2013-02-27 08:21 - 00141312 _____ () C:\Program Files (x86)\MSI Afterburner\LogitechLcd.dll
    2014-08-30 12:07 - 2014-08-30 12:07 - 00056832 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTFC.dll
    2014-08-30 12:07 - 2014-08-30 12:07 - 00324608 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTUI.dll
    2014-08-30 12:07 - 2014-08-30 12:07 - 00071680 _____ () C:\Program Files (x86)\RivaTuner Statistics Server\RTMUI.dll
    2014-10-16 08:50 - 2014-09-23 05:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-04-12 15:56 - 2012-05-17 17:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    2013-04-12 15:55 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
    2014-08-21 17:56 - 2014-12-01 15:31 - 02396672 _____ () F:\Games\Steam2\libavcodec-56.dll
    2014-08-21 17:56 - 2014-12-01 15:31 - 00442880 _____ () F:\Games\Steam2\libavutil-54.dll
    2014-08-21 17:56 - 2014-12-01 15:31 - 00479744 _____ () F:\Games\Steam2\libavformat-56.dll
    2014-08-21 17:56 - 2014-12-01 15:31 - 00332800 _____ () F:\Games\Steam2\libavresample-2.dll
    2013-03-12 16:10 - 2014-11-11 12:47 - 00774656 _____ () F:\Games\Steam2\SDL2.dll
    2014-12-02 23:59 - 2014-12-01 18:29 - 05002752 _____ () F:\Games\Steam2\v8.dll
    2014-12-02 23:59 - 2014-12-01 18:29 - 01612800 _____ () F:\Games\Steam2\icui18n.dll
    2014-12-02 23:59 - 2014-12-01 18:29 - 01210368 _____ () F:\Games\Steam2\icuuc.dll
    2014-05-21 13:30 - 2014-12-19 17:38 - 02226880 _____ () F:\Games\Steam2\video.dll
    2014-08-21 17:56 - 2014-12-01 15:31 - 00485888 _____ () F:\Games\Steam2\libswscale-3.dll
    2013-02-25 06:39 - 2014-12-19 17:38 - 00696000 _____ () F:\Games\Steam2\bin\chromehtml.DLL
    2013-02-19 10:48 - 2014-12-19 17:38 - 34641288 _____ () F:\Games\Steam2\bin\libcef.dll
    2014-02-12 10:20 - 2014-02-12 10:20 - 00166816 _____ () C:\Program Files (x86)\Gizmo\GImage.DLL
    2014-02-12 10:20 - 2014-02-12 10:20 - 00315800 _____ () C:\Program Files (x86)\Gizmo\gmanager.DLL
    2014-02-12 10:20 - 2014-02-12 10:20 - 00404384 _____ () C:\Program Files (x86)\Gizmo\gdatabase.dll
    2014-02-12 10:20 - 2014-02-12 10:20 - 00394656 _____ () C:\Program Files (x86)\Gizmo\gdrive.dll
    2014-02-12 10:20 - 2014-02-12 10:20 - 00339864 _____ () C:\Program Files (x86)\Gizmo\geditor.dll
    2014-02-12 10:20 - 2014-02-12 10:20 - 00372632 _____ () C:\Program Files (x86)\Gizmo\ghash.dll
    2014-02-12 10:20 - 2014-02-12 10:20 - 00339864 _____ () C:\Program Files (x86)\Gizmo\gscript.dll
    2014-11-25 12:38 - 2014-11-25 12:38 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-03-14 12:21 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
    2013-03-14 12:21 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
    2013-03-14 12:21 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2013-04-12 15:55 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
    2013-03-14 12:21 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
    2013-03-14 12:21 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2013-03-14 12:21 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
    2013-03-14 12:21 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
    2013-03-14 12:21 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2013-04-12 15:55 - 2011-06-08 10:15 - 00651264 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Thermal Radar\ThermalRadar.dll
    2013-03-14 12:20 - 2013-03-14 12:20 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
    2013-03-14 12:21 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
    2014-12-21 09:56 - 2014-12-21 09:56 - 00098816 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32api.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00110080 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\pywintypes27.dll
    2014-12-21 09:56 - 2014-12-21 09:56 - 00364544 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\pythoncom27.dll
    2014-12-21 09:56 - 2014-12-21 09:56 - 00045568 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_socket.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 01160704 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_ssl.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00320512 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32com.shell.shell.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00713216 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_hashlib.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 01175040 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._core_.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00805888 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._gdi_.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00811008 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._windows_.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 01062400 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._controls_.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00735232 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._misc_.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00128512 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_elementtree.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00127488 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\pyexpat.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00557056 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\pysqlite2._sqlite.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00087552 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_ctypes.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00119808 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32file.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00108544 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32security.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00007168 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\hashobjs_ext.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00167936 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32gui.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00018432 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32event.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00038912 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32inet.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00011264 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32crypt.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00070656 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._html2.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00027136 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\_multiprocessing.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00035840 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32process.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00686080 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\unicodedata.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00122368 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._wizard.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00024064 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32pipe.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00025600 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32pdh.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00525640 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\windows._lib_cacheinvalidation.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00010240 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\select.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00017408 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32profile.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00022528 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\win32ts.pyd
    2014-12-21 09:56 - 2014-12-21 09:56 - 00078336 _____ () C:\Users\KnightCat\AppData\Local\Temp\_MEI86602\wx._animate.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
    2014-05-13 17:26 - 2014-05-13 17:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
    2014-05-13 17:26 - 2014-05-13 17:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
    2014-05-13 17:26 - 2014-05-13 17:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
    2014-05-13 17:26 - 2014-05-13 17:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
    2010-11-22 16:57 - 2010-11-22 16:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
    2010-11-22 16:56 - 2010-11-22 16:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
    2010-11-22 16:57 - 2010-11-22 16:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
    2010-11-22 16:57 - 2010-11-22 16:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
    2011-02-15 12:17 - 2011-02-15 12:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
    2010-11-22 16:57 - 2010-11-22 16:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
    2014-05-13 17:26 - 2014-05-13 17:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
    2010-11-22 16:57 - 2010-11-22 16:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
    2014-08-13 18:37 - 2014-08-13 18:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
    2014-08-13 18:37 - 2014-08-13 18:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
    2010-11-22 16:56 - 2010-11-22 16:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
    2010-11-22 16:57 - 2010-11-22 16:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
    2010-11-22 16:56 - 2010-11-22 16:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
    2013-11-20 18:05 - 2013-11-20 18:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2014-12-21 09:59 - 2014-12-21 09:59 - 00043008 _____ () c:\Users\KnightCat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslfy67.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2013-03-14 12:21 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
    2010-11-22 16:57 - 2010-11-22 16:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
    2014-06-17 18:56 - 2014-06-17 18:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
    2011-02-15 12:17 - 2011-02-15 12:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
    2010-11-22 17:06 - 2010-11-22 17:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
    2013-05-09 17:52 - 2013-05-09 17:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
    2013-05-09 17:52 - 2013-05-09 17:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
    2013-05-09 17:52 - 2013-05-09 17:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
    2013-05-03 12:56 - 2013-05-03 12:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
    2013-05-03 12:56 - 2013-05-03 12:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
    2013-05-03 12:56 - 2013-05-03 12:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
    2013-05-03 12:57 - 2013-05-03 12:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
    2014-06-01 03:08 - 2014-06-01 03:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2014-05-24 10:41 - 2014-05-24 10:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
    2014-05-24 10:41 - 2014-05-24 10:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
    2014-12-11 07:32 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
    2014-12-11 07:32 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
    2014-12-11 07:32 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
    2014-12-11 07:32 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
    2014-12-11 07:32 - 2014-12-05 19:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Program Files\Common Files\System:C2kJhahHhdkMjWM4eUH
    AlternateDataStreams: C:\ProgramData\Microsoft:suUGX6bOPy75ftjjBpH1G3VMPl
    AlternateDataStreams: C:\ProgramData\Microsoft:YUXqDiEEBhYVj2uBnu
    AlternateDataStreams: C:\ProgramData\Temp:F2721624
    AlternateDataStreams: C:\Users\KnightCat\Cookies:7kHVvuSbdjcBGtJGMQHGWky

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Users^KnightCat^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Salesforce.com Skype Adapter.lnk => C:\Windows\pss\Salesforce.com Skype Adapter.lnk.Startup
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: bitlord.exe => "C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe" -t
    MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
    MSCONFIG\startupreg: Spotify => "C:\Users\KnightCat\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2305213872-2505911372-3816809497-500 - Administrator - Disabled)
    ASPNET (S-1-5-21-2305213872-2505911372-3816809497-1007 - Limited - Enabled)
    Guest (S-1-5-21-2305213872-2505911372-3816809497-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2305213872-2505911372-3816809497-1016 - Limited - Enabled)
    KnightCat (S-1-5-21-2305213872-2505911372-3816809497-1000 - Administrator - Enabled) => C:\Users\KnightCat

    ==================== Faulty Device Manager Devices =============

    Name: PCI Simple Communications Controller
    Description: PCI Simple Communications Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Hook Test Driver
    Description: Hook Test Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SDHookDriver
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: Unknown Device
    Description: Unknown Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service:
    Problem: : Windows has stopped this device because it has reported problems. (Code 43)
    Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-19 18:10:22.848
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 18:10:22.793
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 18:10:22.736
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 18:10:22.680
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 00:02:16.409
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-19 00:02:16.358
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-03 12:20:48.534
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-03 12:20:48.516
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-03 12:20:48.497
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22280_none_c0008ddc1681bb4c\appidapi.dll because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-03 12:20:48.469
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7600.21490_none_be0f60ea19636b51\appidapi.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3960X CPU @ 3.30GHz
    Percentage of memory in use: 25%
    Total physical RAM: 32708.29 MB
    Available physical RAM: 24455.04 MB
    Total Pagefile: 65414.75 MB
    Available Pagefile: 57074.21 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.8 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:90.42 GB) NTFS
    Drive d: (Verizon Mobile) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive f: (Steam) (Fixed) (Total:5588.79 GB) (Free:2989.85 GB) NTFS
    Drive g: (Bulk Drive) (Fixed) (Total:3725.9 GB) (Free:3186.43 GB) NTFS
    Drive I: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive m: (Home Theater (Movies)) (Network) (Total:7451.79 GB) (Free:2327.79 GB) NTFS
    Drive t: (Home Theater (TV)) (Network) (Total:14903.59 GB) (Free:6711.73 GB) NTFS
    Drive y: (JAG_SEASON_3) (Network) (Total:7.4 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A60CB2D3)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I still need FRST.txt log.
     
  22. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
    Ran by KnightCat (administrator) on KNIGHTCAT-PC on 21-12-2014 11:30:12
    Running from C:\Users\KnightCat\Downloads
    Loaded Profile: KnightCat (Available profiles: KnightCat & DefaultAppPool)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
    (Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
    (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (GerixSoft) C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    () C:\Windows\SysWOW64\srvany.exe
    () C:\Windows\KMService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (MediaMall Technologies, Inc.) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    (Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
    () C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe
    () C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe
    () C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Dyn, Inc.) C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    () C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe
    () C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    () C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    () C:\Program Files\Core Temp\Core Temp.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
    (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
    (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (GerixSoft) C:\Program Files (x86)\IndieVolume\IndieVolume.GUI.exe
    (Spotify Ltd) C:\Users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Flux Software LLC) C:\Users\KnightCat\AppData\Local\FluxSoftware\Flux\flux.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (Valve Corporation) F:\Games\Steam2\Steam.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
    (Valve Corporation) F:\Games\Steam2\bin\steamwebhelper.exe
    (Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
    (Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    (SamLogic Software) C:\Program Files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
    (Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
    (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
    (Dropbox, Inc.) C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\groove.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
    (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
    () C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
    () C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google) C:\Users\KnightCat\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
    HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
    HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
    HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [USBsupervisor] => C:\Program Files (x86)\SamLogic\USB Supervisor\USBsupervisor.exe [1634928 2012-07-24] (SamLogic Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [Steam] => F:\Games\Steam2\steam.exe [1941696 2014-12-19] (Valve Corporation)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [IndieVolume] => C:\Program Files (x86)\IndieVolume\IndieVolume.GUI.exe [3736576 2013-04-02] (GerixSoft)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [Spotify Web Helper] => C:\Users\KnightCat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [f.lux] => C:\Users\KnightCat\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [22672536 2014-10-14] (Microsoft Corporation)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30872160 2014-12-03] (Skype Technologies S.A.)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6780256 2014-12-16] (Binary Fortress Software)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe [610888 2014-12-19] (Citrix Online, LLC)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2014-02-12] (Arainia Solutions)
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
    ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
    ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
    ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
    Startup: C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\KnightCat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk
    ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
    ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Skype4Salesforce.BrowserMonitor -> {090F4A60-3146-41b5-8584-297FBF7D5B59} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll No File
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - No Name - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No File
    Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKU\S-1-5-21-2305213872-2505911372-3816809497-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} https://www.asus.com/support/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {688C8675-1834-48FA-9DEF-4755CEFB9EDE} http://192.168.1.101/EDVR.CAB
    DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.1.99:5050/codebase/DVM_IPCam2.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\KnightCat\AppData\Roaming\Mozilla\Firefox\Profiles\ewzku24u.Seth
    FF Keyword.URL:
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll (MediaMall Technologies, Inc.)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.10.8 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.10 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.10.8 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @citrixonline.com/appdetectorplugin -> C:\Users\KnightCat\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @starfield.com/off -> C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @starfield.com/off64 -> C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @starfield.com/wbe -> C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @starfield.com/wbe64 -> C:\Users\KnightCat\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @talk.google.com/O1DPlugin -> C:\Users\KnightCat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @tools.google.com/Google Update;version=3 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @tools.google.com/Google Update;version=9 -> C:\Users\KnightCat\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\KnightCat\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF Plugin HKU\S-1-5-21-2305213872-2505911372-3816809497-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\KnightCat\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
    FF Extension: WBE Paste - C:\Users\KnightCat\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-09-30]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-10]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-12-10]
    FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - F:\Programs\Adobe Creative Suite\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-12]
    FF HKLM-x32\...\Firefox\Extensions: [{7ADCCCD0-FDEC-4A18-A329-550A87710223}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-06]
    FF HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Easy Auto Refresh) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2013-10-22]
    CHR Extension: (BetterTTV) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-09-07]
    CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-09-20]
    CHR Extension: (Google Drive) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
    CHR Extension: (Web Developer) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-07]
    CHR Extension: (Keeper Browser Extension) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfogiafebfohielmmehodmfbbebbbpei [2014-09-20]
    CHR Extension: (YouTube) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
    CHR Extension: (Open Selected Links) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbmiafnaglmnkhnohfdkdgaohdhndkjp [2014-09-20]
    CHR Extension: (Add to Amazon Wish List) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-03-14]
    CHR Extension: (Google Search) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
    CHR Extension: (Kingdoms Of Camelot) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkadejngfdiifodimfhejphllfecigmm [2013-10-10]
    CHR Extension: (MightyText - SMS Text Messaging ⟷ Computer) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2014-09-20]
    CHR Extension: (Grooveshark Downloader) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmoaliddiejknfhdgicfdlaplbojem [2014-09-20]
    CHR Extension: (Full Page Screen Capture) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2014-10-31]
    CHR Extension: (AdBlock) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-20]
    CHR Extension: (Crimson: Steam Pirates) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfbkgkceahodalogdpenjoekbacjfcj [2014-09-20]
    CHR Extension: (Avast Online Security) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-24]
    CHR Extension: (RealPlayer Downloader) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-06-06]
    CHR Extension: (colorPicker 0.9) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jegimleidpfmpepbfajjlielaheedkdo [2014-09-20]
    CHR Extension: (Fieldrunners) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak [2014-09-20]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
    CHR Extension: (Google Wallet) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
    CHR Extension: (Black Black Chrome Theme Hot Pink Highlight) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdhfcagdlpjbpfldpabhkdibdcbaiih [2014-12-18]
    CHR Extension: (Gmail) - C:\Users\KnightCat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-20]
    CHR HKU\S-1-5-21-2305213872-2505911372-3816809497-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-05-13]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
    R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
    U2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [1457152 2012-06-13] (ASUSTeK Computer Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-25] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-25] (Avast Software)
    S3 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [909592 2013-04-26] (BitRaider, LLC)
    S4 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
    S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
    S4 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
    R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [3075440 2014-12-16] (Binary Fortress Software)
    R2 Dyn Updater; C:\Program Files (x86)\Dyn Updater\DynUpSvc.exe [95608 2011-11-15] (Dyn, Inc.)
    R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241728 2014-03-11] (Foxit Corporation)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
    R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-02-12] (Arainia Solutions)
    U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2013-02-08] (Hi-Rez Studios) [File not signed]
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
    R2 IndieVolumeService; C:\Program Files (x86)\IndieVolume\IndieVolume.SVC.exe [182248 2013-04-02] (GerixSoft)
    R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-03-18] () [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
    R2 MediaMall Server; C:\Program Files (x86)\MediaMall\MediaMallServer.exe [5826352 2014-11-24] (MediaMall Technologies, Inc.)
    S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 NVMS-SRV-CMS; C:\Program Files (x86)\NVMS5 Standard Edition\bin\cms.exe [155136 2011-12-23] () [File not signed]
    R2 NVMS-SRV-DB; C:\Program Files (x86)\NVMS5 Standard Edition\data\bin\mysqld.exe [6562432 2009-03-16] ()
    R2 NVMS-SRV-NRU; C:\Program Files (x86)\NVMS5 Standard Edition\bin\nru.exe [15872 2011-12-23] () [File not signed]
    R2 NVMS-SRV-VTDU; C:\Program Files (x86)\NVMS5 Standard Edition\bin\vtdu.exe [14848 2011-12-23] () [File not signed]
    R2 NVMS-SRV-WATCH; C:\Program Files (x86)\NVMS5 Standard Edition\bin\watch.exe [176640 2011-12-23] () [File not signed]
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-12-01] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-09-09] ()
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-05-13] ()
    S4 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-06] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]
    S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
    S3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-03-14] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-03-14] ()
    R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
    S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
    S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-25] ()
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-25] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-25] (AVAST Software)
    R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-25] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-25] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-25] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-25] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-25] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-25] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-25] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
    S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
    S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
    R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-02-12] (Arainia Solutions LLC)
    R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
    R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
    S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
    R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
    R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
    R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-02-01] (Saitek)
    R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-02-01] (Saitek)
    R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-18] ()
    S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
    S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1310720 2010-08-12] (C-Media Electronics Inc)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-25] (Avast Software)
    S3 vl810filter; C:\Windows\System32\DRIVERS\vl810filter.sys [17008 2011-11-17] (VIA Labs, Inc.)
    R3 ALSysIO; \??\C:\Users\KNIGHT~1\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
  23. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 11:30 - 2014-12-21 11:30 - 00046791 _____ () C:\Users\KnightCat\Downloads\FRST.txt
    2014-12-21 11:30 - 2014-12-21 11:30 - 00000000 ____D () C:\FRST
    2014-12-21 11:29 - 2014-12-21 11:29 - 02122240 _____ (Farbar) C:\Users\KnightCat\Downloads\FRST64.exe
    2014-12-21 10:38 - 2014-12-21 10:38 - 00002626 _____ () C:\Users\KnightCat\Desktop\JRT.txt
    2014-12-21 10:04 - 2014-12-21 10:04 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-21 10:03 - 2014-12-21 10:03 - 01707646 _____ (Thisisu) C:\Users\KnightCat\Downloads\JRT.exe
    2014-12-21 09:59 - 2014-12-21 09:59 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2305213872-2505911372-3816809497-1000
    2014-12-21 09:59 - 2014-12-21 09:59 - 00003252 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2305213872-2505911372-3816809497-1000
    2014-12-21 09:30 - 2014-12-21 09:33 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 09:25 - 2014-12-21 09:25 - 02166272 _____ () C:\Users\KnightCat\Downloads\adwcleaner_4.105.exe
    2014-12-20 22:57 - 2014-12-20 22:57 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2305213872-2505911372-3816809497-1000
    2014-12-19 18:27 - 2014-12-19 18:27 - 00062153 _____ () C:\ComboFix.txt
    2014-12-19 15:56 - 2014-12-19 15:57 - 07847342 _____ () C:\Users\KnightCat\Downloads\report1419026171640.csv
    2014-12-19 09:04 - 2014-12-19 09:04 - 00001460 _____ () C:\Users\KnightCat\Desktop\GoToAssist Expert.lnk
    2014-12-19 09:04 - 2014-12-19 09:04 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
    2014-12-19 01:27 - 2014-12-21 11:23 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\DisplayFusion
    2014-12-19 01:04 - 2014-12-19 01:24 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\DisplayFusion
    2014-12-19 01:04 - 2014-12-19 01:04 - 00000000 ____D () C:\ProgramData\Binary Fortress Software
    2014-12-19 00:59 - 2014-12-19 00:59 - 00001304 _____ () C:\Users\Public\Desktop\DisplayFusion.lnk
    2014-12-19 00:59 - 2014-12-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
    2014-12-19 00:59 - 2014-12-19 00:59 - 00000000 ____D () C:\Program Files (x86)\DisplayFusion
    2014-12-19 00:57 - 2014-12-19 00:57 - 13287584 _____ (Binary Fortress Software ) C:\Users\KnightCat\Downloads\DisplayFusionSetup-7.0.exe
    2014-12-19 00:09 - 2014-12-20 22:57 - 00003230 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2305213872-2505911372-3816809497-1000
    2014-12-18 23:26 - 2014-12-19 18:27 - 00000000 ____D () C:\Qoobox
    2014-12-18 23:26 - 2014-12-19 00:16 - 00000000 ____D () C:\Windows\erdnt
    2014-12-18 23:26 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-18 23:26 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-18 23:26 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-18 23:26 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-18 23:26 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-18 23:26 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-18 23:26 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-18 23:26 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-18 23:21 - 2014-12-18 23:22 - 05601641 ____R (Swearware) C:\Users\KnightCat\Desktop\ComboFix.exe
    2014-12-18 22:24 - 2014-12-18 22:24 - 00000000 ____D () C:\found.000
    2014-12-18 21:42 - 2014-12-18 22:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-18 21:41 - 2014-12-18 22:04 - 00000000 ____D () C:\Users\KnightCat\Desktop\mbar
    2014-12-18 21:41 - 2014-12-18 21:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\KnightCat\Downloads\mbar-1.08.2.1001.exe
    2014-12-18 21:30 - 2014-12-18 21:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-18 21:30 - 2014-12-18 21:30 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-18 19:26 - 2014-12-18 19:27 - 15201368 _____ () C:\Users\KnightCat\Desktop\RogueKiller.exe
    2014-12-18 18:31 - 2014-12-18 18:31 - 00149107 _____ () C:\Users\KnightCat\Downloads\report1418949121651.csv
    2014-12-18 18:28 - 2014-12-18 18:28 - 00120525 _____ () C:\Users\KnightCat\Downloads\report1418948901904.csv
    2014-12-18 18:27 - 2014-12-18 18:27 - 00452155 _____ () C:\Users\KnightCat\Downloads\report1418948879329.xls
    2014-12-18 10:17 - 2014-12-18 10:17 - 00044008 _____ () C:\Users\KnightCat\Desktop\dds.txt
    2014-12-18 10:17 - 2014-12-18 10:17 - 00024481 _____ () C:\Users\KnightCat\Desktop\attach.txt
    2014-12-18 10:15 - 2014-12-18 10:15 - 00688992 ____R (Swearware) C:\Users\KnightCat\Desktop\dds.com
    2014-12-17 07:24 - 2014-12-17 07:24 - 00262516 _____ () C:\Users\KnightCat\Downloads\report1418822671322.csv
    2014-12-16 17:02 - 2014-12-16 17:02 - 00030263 _____ () C:\Users\KnightCat\Downloads\Pricebooks with Products.xlsx
    2014-12-16 17:00 - 2014-12-16 17:00 - 00103289 _____ () C:\Users\KnightCat\Downloads\report1418770830522.xls
    2014-12-16 16:49 - 2014-12-16 16:49 - 00005559 _____ () C:\Users\KnightCat\Downloads\report1418770189813.csv
    2014-12-16 16:40 - 2014-12-16 16:40 - 00084709 _____ () C:\Users\KnightCat\Downloads\report1418769638817.csv
    2014-12-16 16:38 - 2014-12-16 16:38 - 00352520 _____ () C:\Users\KnightCat\Downloads\report1418769528369.xls
    2014-12-16 13:05 - 2014-12-16 13:05 - 00383614 _____ () C:\Users\KnightCat\Downloads\report1418756721846.csv
    2014-12-16 11:24 - 2014-12-16 11:24 - 00395001 _____ () C:\Users\KnightCat\Downloads\report1418750706625.xls
    2014-12-16 10:44 - 2014-12-16 10:44 - 00394971 _____ () C:\Users\KnightCat\Downloads\report1418748274496.xls
    2014-12-15 13:04 - 2014-12-15 13:04 - 00360737 _____ () C:\Users\KnightCat\Downloads\SpecOps Patch logo CAT.psd
    2014-12-15 12:12 - 2014-12-15 12:16 - 00349951 _____ () C:\Users\KnightCat\Downloads\SpecOps Patch logo.psd
    2014-12-12 17:51 - 2014-12-12 17:52 - 67350808 _____ (Logitech Inc.) C:\Users\KnightCat\Downloads\LGS_8.57.145_x64_Logitech.exe
    2014-12-12 09:20 - 2014-12-12 09:20 - 00017188 _____ () C:\Users\KnightCat\Downloads\report1418397613232.csv
    2014-12-12 09:18 - 2014-12-12 09:18 - 00000924 _____ () C:\Users\KnightCat\Downloads\report1418397540009.csv
    2014-12-12 09:16 - 2014-12-12 09:16 - 00035674 _____ () C:\Users\KnightCat\Downloads\report1418397385777.csv
    2014-12-12 09:12 - 2014-12-12 09:12 - 00028742 _____ () C:\Users\KnightCat\Downloads\report1418397129224.csv
    2014-12-11 18:20 - 2014-12-11 18:20 - 00000000 __SHD () C:\Users\KnightCat\AppData\Local\EmieBrowserModeList
    2014-12-10 18:08 - 2014-12-10 18:08 - 00293744 _____ () C:\Users\KnightCat\Downloads\report1418256534284.csv
    2014-12-10 14:56 - 2014-12-10 14:56 - 00017218 _____ () C:\Users\KnightCat\Downloads\report1418244975049.xls
    2014-12-10 13:38 - 2014-12-10 13:38 - 00352398 _____ () C:\Users\KnightCat\Downloads\report1418240310841.xls
    2014-12-10 12:53 - 2014-12-10 12:53 - 00352396 _____ () C:\Users\KnightCat\Downloads\report1418237631957.xls
    2014-12-10 11:21 - 2014-12-10 11:21 - 01674572 _____ () C:\Users\KnightCat\Downloads\report1418232077889.xls
    2014-12-10 11:16 - 2014-12-10 11:16 - 01556486 _____ () C:\Users\KnightCat\Downloads\report1418231809574.xls
    2014-12-10 10:49 - 2014-12-10 10:49 - 00383121 _____ () C:\Users\KnightCat\Downloads\report1418230151336.xls
    2014-12-10 10:39 - 2014-12-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-12-10 08:29 - 2014-12-10 08:29 - 00619870 _____ () C:\Users\KnightCat\Downloads\report1418221794988.csv
    2014-12-09 17:09 - 2014-12-09 17:09 - 00136693 _____ () C:\Users\KnightCat\Downloads\DA Account List 12-5-14.xlsx
    2014-12-09 13:52 - 2014-12-09 13:52 - 00231580 _____ () C:\Users\KnightCat\Downloads\report1418154726737.xls
    2014-12-09 13:50 - 2014-12-09 13:50 - 00059103 _____ () C:\Users\KnightCat\Downloads\report1418154607510.xls
    2014-12-09 12:53 - 2014-12-09 12:53 - 00379287 _____ () C:\Users\KnightCat\Downloads\report1418151233926.xls
    2014-12-08 16:14 - 2014-12-08 16:14 - 00000000 ____D () C:\Users\KnightCat\AppData\OICE_15_974FA576_32C1D314_273D
    2014-12-08 16:13 - 2014-12-08 16:13 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-12-08 16:13 - 2014-11-12 14:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-12-08 16:12 - 2014-11-12 15:56 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2014-12-08 16:10 - 2014-11-17 16:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2014-12-08 16:10 - 2014-11-17 16:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-12-08 16:10 - 2014-11-12 18:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2014-12-08 16:10 - 2014-11-12 18:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2014-12-08 15:09 - 2014-12-08 15:09 - 00004976 _____ () C:\Users\KnightCat\Downloads\report1418072957836.xls
    2014-12-08 11:23 - 2014-12-08 11:23 - 00683753 _____ () C:\Users\KnightCat\Downloads\report1418059417843.xls
    2014-12-08 10:47 - 2014-12-08 10:47 - 00684537 _____ () C:\Users\KnightCat\Downloads\report1418057227799.xls
    2014-12-07 14:10 - 2014-12-14 13:53 - 00000000 ____D () C:\Users\KnightCat\Documents\ProfileCache
    2014-12-07 14:10 - 2014-12-14 13:42 - 00000000 ____D () C:\Users\KnightCat\Documents\The Crew
    2014-12-07 14:07 - 2014-12-07 14:07 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\Ubisoft
    2014-11-30 16:16 - 2014-11-30 16:17 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2014-11-30 16:16 - 2014-11-30 16:17 - 00000000 ____D () C:\Windows\system32\vbox
    2014-11-25 12:39 - 2014-11-25 12:39 - 00001970 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
    2014-11-25 12:39 - 2014-11-25 12:39 - 00001910 _____ () C:\Users\Public\Desktop\Avast Premier.lnk
    2014-11-25 12:39 - 2014-11-25 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-25 12:38 - 2014-11-25 12:38 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
    2014-11-25 12:38 - 2014-11-25 12:38 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-25 12:38 - 2014-11-25 12:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-21 18:06 - 2014-11-21 18:06 - 00562368 _____ () C:\Users\KnightCat\Downloads\report1416614782822.xls
    2014-11-21 17:49 - 2014-11-21 17:49 - 00008631 _____ () C:\Users\KnightCat\Downloads\report1416613760998.xls
    2014-11-21 17:40 - 2014-11-21 17:40 - 00022480 _____ () C:\Users\KnightCat\Downloads\report1416613256800.xls
    2014-11-21 17:38 - 2014-11-21 17:38 - 00018229 _____ () C:\Users\KnightCat\Downloads\report1416613114855.xls
    2014-11-21 11:00 - 2014-11-21 11:00 - 00014130 _____ () C:\Users\KnightCat\Downloads\report1416589249186.xls
    2014-11-21 09:21 - 2014-11-21 09:21 - 00292674 _____ () C:\Users\KnightCat\Downloads\report1416583294340.xls

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-21 11:18 - 2013-03-19 20:39 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000UA.job
    2014-12-21 11:17 - 2014-04-01 19:04 - 00000546 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000.job
    2014-12-21 10:59 - 2013-03-14 21:53 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\Skype
    2014-12-21 10:43 - 2013-04-08 16:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-21 10:31 - 2013-03-14 10:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-21 10:05 - 2009-07-13 22:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 10:05 - 2009-07-13 22:45 - 00027184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 10:01 - 2013-03-14 10:28 - 01054043 _____ () C:\Windows\WindowsUpdate.log
    2014-12-21 10:00 - 2013-04-29 08:30 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\Raptr
    2014-12-21 09:59 - 2014-10-16 08:32 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KnightCat-PC-KnightCat KnightCat-PC
    2014-12-21 09:59 - 2013-08-27 13:42 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\Dropbox
    2014-12-21 09:58 - 2014-06-23 11:33 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\CrashDumps
    2014-12-21 09:57 - 2013-03-14 10:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-21 09:54 - 2014-07-05 08:48 - 00000000 ____D () C:\ProgramData\MediaMall
    2014-12-21 09:53 - 2009-07-13 22:51 - 00110463 _____ () C:\Windows\setupact.log
    2014-12-21 09:51 - 2013-03-19 09:24 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-12-21 09:51 - 2010-11-20 21:47 - 00798872 _____ () C:\Windows\PFRO.log
    2014-12-21 09:51 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-21 09:24 - 2013-03-14 10:35 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\Apps\2.0
    2014-12-21 06:23 - 2014-03-26 08:53 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
    2014-12-21 02:00 - 2014-06-25 01:00 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\Adobe
    2014-12-20 21:55 - 2014-10-13 08:40 - 00003038 _____ () C:\Windows\System32\Tasks\MSIAfterburner
    2014-12-20 18:53 - 2014-04-01 19:04 - 00003592 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2305213872-2505911372-3816809497-1000
    2014-12-20 18:39 - 2014-11-15 09:01 - 00000000 ____D () C:\Users\KnightCat\Documents\Assassin's Creed Unity
    2014-12-20 13:18 - 2013-03-19 20:39 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305213872-2505911372-3816809497-1000Core.job
    2014-12-19 18:18 - 2014-03-13 13:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-12-19 18:17 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-19 16:31 - 2013-09-16 20:12 - 00000000 ____D () C:\ProgramData\Origin
    2014-12-19 16:30 - 2014-03-10 23:19 - 00000663 _____ () C:\Users\Public\Desktop\Titanfall.lnk
    2014-12-19 16:27 - 2013-03-15 15:23 - 00714933 _____ () C:\Windows\DirectX.log
    2014-12-19 16:13 - 2013-09-16 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2014-12-19 16:13 - 2013-09-16 20:12 - 00000000 ____D () C:\Program Files (x86)\Origin
    2014-12-19 11:29 - 2013-03-20 17:07 - 00000000 ____D () C:\Users\KnightCat\DataLoader Results
    2014-12-19 11:01 - 2013-03-14 21:30 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\TS3Client
    2014-12-19 09:16 - 2013-03-26 14:59 - 00000000 ____D () C:\Users\KnightCat\AppData\Local\Citrix
    2014-12-19 09:03 - 2013-03-26 15:00 - 00000000 ____D () C:\Program Files (x86)\Citrix
    2014-12-19 00:52 - 2014-05-08 08:54 - 00001122 _____ () C:\SSUUpdater.log
    2014-12-19 00:19 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
    2014-12-19 00:02 - 2013-06-11 17:48 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
    2014-12-18 22:37 - 2014-10-13 08:58 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
    2014-12-18 22:37 - 2013-03-16 20:54 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
    2014-12-18 21:42 - 2014-09-23 08:26 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-18 21:41 - 2014-09-23 08:26 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-18 21:28 - 2014-10-14 12:25 - 00003042 _____ () C:\Windows\System32\Tasks\RTSS
    2014-12-18 13:43 - 2014-04-25 13:57 - 00000000 ____D () C:\Users\DefaultAppPool
    2014-12-18 13:43 - 2013-03-14 09:04 - 00000000 ____D () C:\Users\KnightCat
    2014-12-18 13:41 - 2014-04-06 11:03 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-12-18 10:41 - 2014-11-07 17:47 - 04931577 _____ () C:\Windows\{00000006-00000000-00000000-00001102-00000008-10241102}.CDF
    2014-12-18 10:41 - 2014-04-06 16:16 - 27787264 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000003
    2014-12-18 10:41 - 2014-04-06 16:16 - 15990784 _____ () C:\Users\KnightCat\.ghost-ntfs-3g-00000000000000000009
    2014-12-18 10:41 - 2014-04-06 16:16 - 111673344 _____ () C:\Windows\system32\config\.ghost-ntfs-3g-00000000000000000001
    2014-12-18 09:58 - 2013-04-08 16:51 - 00007597 _____ () C:\Users\KnightCat\AppData\Local\resmon.resmoncfg
    2014-12-18 08:56 - 2014-09-23 08:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-12-18 08:56 - 2014-09-23 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-18 08:56 - 2014-09-23 08:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-18 08:49 - 2014-09-02 10:43 - 00001033 _____ () C:\Users\KnightCat\Desktop\Dropbox.lnk
    2014-12-18 08:49 - 2014-09-02 10:41 - 00000000 ____D () C:\Users\KnightCat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-12-18 08:48 - 2014-07-29 17:08 - 00000000 ____D () C:\Program Files (x86)\ControlCenter
    2014-12-18 08:39 - 2013-08-13 14:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-18 04:42 - 2014-04-06 11:03 - 00000000 ____D () C:\Jumpshot
    2014-12-17 12:14 - 2014-10-16 09:18 - 00000000 ___RD () C:\Users\KnightCat\OneDrive - Digital Air Strike
    2014-12-15 13:07 - 2013-06-03 20:27 - 00000132 _____ () C:\Users\KnightCat\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2014-12-15 12:28 - 2014-10-13 08:34 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
    2014-12-14 11:37 - 2009-07-13 23:13 - 00903332 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-12 17:58 - 2013-03-16 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2014-12-12 17:58 - 2013-03-16 20:57 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
    2014-12-12 17:56 - 2014-02-12 10:37 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-12-11 07:32 - 2013-03-14 10:35 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-10 17:13 - 2013-03-14 21:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-12-10 17:13 - 2013-03-14 21:53 - 00000000 ____D () C:\ProgramData\Skype
    2014-12-10 02:43 - 2013-04-08 16:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-10 02:43 - 2013-04-08 16:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-10 02:43 - 2013-04-08 16:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-08 16:30 - 2013-04-29 08:30 - 00000000 ____D () C:\Program Files (x86)\Raptr
    2014-12-08 16:13 - 2014-10-11 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-12-08 16:13 - 2013-03-14 10:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-12-07 14:18 - 2014-04-25 13:57 - 00262144 ___SH () C:\Users\DefaultAppPool\.ghost-ntfs-3g-00000000000000000013
    2014-12-07 14:08 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-12-06 14:46 - 2014-11-15 12:57 - 00001973 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
    2014-11-25 12:39 - 2014-03-12 14:59 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2014-11-25 12:38 - 2014-05-07 13:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-25 12:38 - 2014-03-13 13:35 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2014-11-25 12:38 - 2014-03-13 13:32 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-25 12:38 - 2014-03-13 13:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-25 12:38 - 2014-03-12 15:00 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-11-25 12:38 - 2014-03-12 14:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-25 12:38 - 2014-03-12 14:59 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-25 12:38 - 2014-03-12 14:59 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2014-11-24 15:17 - 2014-07-05 08:48 - 00000000 ____D () C:\Program Files (x86)\MediaMall
    2014-11-22 20:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-22 19:17 - 2014-09-22 09:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-11-22 19:14 - 2009-07-13 22:45 - 05043888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-21 23:19 - 2014-03-18 14:44 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-21 23:13 - 2014-11-07 17:47 - 04931577 _____ () C:\Windows\{00000006-00000000-00000000-00001102-00000008-10241102}.BAK
    2014-11-21 06:14 - 2014-09-23 08:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-21 06:14 - 2013-09-29 00:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    Files to move or delete:
    ====================
    C:\Users\KnightCat\IP_Log_Data.js
    C:\Users\KnightCat\Network_Meter_Data.js
    C:\Users\KnightCat\Swift Elite Setup.exe


    Some content of TEMP:
    ====================
    C:\Users\KnightCat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslfy67.dll
    C:\Users\KnightCat\AppData\Local\Temp\Quarantine.exe
    C:\Users\KnightCat\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


    LastRegBack: 2014-12-15 00:55

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. KnightCat

    KnightCat TS Rookie Topic Starter Posts: 19

    I'm getting a Line 9878 (File "C:\USers\KnightCat\Desktop\FRST64.exe"):

    Error: Error in expression.

    upload_2014-12-21_16-28-40.png
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...