TechSpot

Hyazrof.exe hogging resources in task manager

By UndefinedHell
Nov 13, 2014
  1. I don't know how I got it originally but I know It has something to do with half-sleepy me clicking on one of them fake updateflashplayer_1234567689.exe. So... ugh... what do I do?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 13/11/2014
    Scan Time: 22:01:49
    Logfile: log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.13.09
    Rootkit Database: v2014.11.12.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Scott

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 406104
    Time Elapsed: 8 min, 33 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 13
    PUP.Optional.Spigot, HKLM\SOFTWARE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [fb5247f49ede51e5abfe23990200e21e],
    PUP.Optional.Spigot, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [fb5247f49ede51e5abfe23990200e21e],
    PUP.Optional.Spigot, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [fb5247f49ede51e5abfe23990200e21e],
    PUP.Optional.Spigot, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}, Quarantined, [fb5247f49ede51e5abfe23990200e21e],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cikkkfooompgefbcjlgdjejfdknkheaj, Quarantined, [09444eed0b7101359d456ec7659e54ac],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gpiifgmgnfdiblgpaepbmfdkcheicgof, Quarantined, [73da1f1cea9242f4be257bba3bc8c739],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\hbcennhacfaagdopikcegfcobcadeocj, Quarantined, [d677d962730962d4781bf0685da6cf31],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\icdlfehblmklkikfigmjhbmmpmkmpooj, Quarantined, [024bfa4180fc6acc593b87d1ec17cd33],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mhkaekfpcppmmioggniknbnbdbcigpkk, Quarantined, [3d10d8636913f4421b7a5206a55e13ed],
    PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfndaklgolladniicklehhancnlgocpp, Quarantined, [094445f6c8b41125a5f12e2ad42f09f7],
    PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WeDlMngr, Quarantined, [064726151567be783e34b1932ad9ec14],
    PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [83ca0a31df9d1d19d412f278956e34cc],
    PUP.Optional.Spigot.A, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, Quarantined, [9fae1f1cf48837ffa78ec8dd887c728e],

    Registry Values: 4
    Trojan.FakeMS, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HugyoMapuq, regsvr32.exe "C:\ProgramData\HugyoMapuq\HugyoMapuq.dat", Quarantined, [8cc1b18ad3a994a23b8623c020e18b75]
    Trojan.Agent, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Video Library, C:\Windows\system32\rundll32.exe C:\Users\Scott\AppData\Local\Temp\Rpcqt.dll,Sets, Quarantined, [70dd02392c50ad8961dfb92ddc27d62a]
    Trojan.Ransom.Gen, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LehcAyco, regsvr32.exe "C:\ProgramData\LehcAyco\LehcAyco.dat", Quarantined, [e06d2912681462d40862386c8381f40c]
    Trojan.Ransom.Gen, HKU\S-1-5-21-3627555642-523329072-3733843303-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PehbeGiqsu, regsvr32.exe "C:\ProgramData\PehbeGiqsu\PehbeGiqsu.dat", Quarantined, [64e96fccb7c544f28fdb455f5ca8639d]

    Registry Data: 0
    (No malicious items detected)

    Folders: 3
    PUP.Optional.Spigot.A, C:\Users\Scott\AppData\LocalLow\Search Settings, Quarantined, [054852e9c2ba73c3bd23d04a9b68f50b],
    PUP.Optional.Spigot.A, C:\Users\Scott\AppData\LocalLow\Search Settings\res, Quarantined, [054852e9c2ba73c3bd23d04a9b68f50b],
    PUP.Optional.Spigot.A, C:\Users\Scott\AppData\LocalLow\Search Settings\temp, Quarantined, [054852e9c2ba73c3bd23d04a9b68f50b],

    Files: 14
    Trojan.FakeMS, C:\ProgramData\HugyoMapuq\HugyoMapuq.dat, Quarantined, [8cc1b18ad3a994a23b8623c020e18b75],
    PUP.Optional.Spigot, C:\Users\Scott\AppData\Roaming\Slick Savings\Coupons.dll, Quarantined, [fb5247f49ede51e5abfe23990200e21e],
    Trojan.Agent.DED, C:\ProgramData\Windows Genuine Advantage\{12135A71-7702-49AE-9DCD-50D3C197310F}\msiexec.exe, Quarantined, [9bb28daea2dabd790b520dd62dd4fd03],
    Trojan.Agent.DED, C:\ProgramData\Windows Genuine Advantage\{4A6C9797-99AB-4BC3-AEE0-F2D3D80BFDA1}\msiexec.exe, Quarantined, [b19cdf5c95e758de1746ca1902ffca36],
    Backdoor.Papras, C:\ProgramData\Windows Genuine Advantage\{71B92184-8ABC-4C7E-8E22-0ABC37923052}\api-ms-win-system-lsmproxy-l1-1-0.dll, Quarantined, [4d00c576ec903cfa466521c2d829cc34],
    Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{95B7E254-1E0D-4E37-8055-3F11B440BC9D}\msiexec.exe, Quarantined, [81cc3efd92ea06308c629948d72a29d7],
    Trojan.Zemot.ED, C:\ProgramData\Windows Genuine Advantage\{CF51F359-01B1-4112-87BC-3C1B8493AD14}\msiexec.exe, Quarantined, [89c4f04b4438d561c080aa39be43da26],
    Trojan.Agent.ED, C:\ProgramData\Windows Genuine Advantage\{EA18C5D1-D72C-4767-807B-D35FD9A459B2}\msiexec.exe, Quarantined, [d07d4eed8af2ad899e50fde4dc2517e9],
    Spyware.Vawtrak, C:\ProgramData\Windows Genuine Advantage\{F54A5B7F-0C52-4FDD-B6B5-6CC5F724BC24}\msiexec.exe, Quarantined, [86c72417e498be784989e4fdb64b26da],
    Trojan.Agent.ED, C:\Users\Scott\AppData\Local\Temp\UpdateFlashPlayer_e01fc37a.exe, Quarantined, [28254bf05f1dc86e42aea33d8e7326da],
    PUP.Optional.Spigot.A, C:\Windows\Installer\MSIAB68.tmp, Quarantined, [86c7d2696418dc5a19873d87976af60a],
    Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 82098135.job, Quarantined, [e46938032e4eda5c2926650c976dcf31],
    Trojan.Ransom.Gen, C:\ProgramData\LehcAyco\LehcAyco.dat, Quarantined, [e06d2912681462d40862386c8381f40c],
    Trojan.Ransom.Gen, C:\ProgramData\PehbeGiqsu\PehbeGiqsu.dat, Quarantined, [64e96fccb7c544f28fdb455f5ca8639d],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.72.2
    Run by Scott at 22:15:22 on 2014-11-13
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8071.5196 [GMT 0:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
    C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe
    C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWlan.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files (x86)\Clownfish\Clownfish.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = reddit.com
    mStart Page = about:blank
    mWinlogon: Userinit = userinit.exe,
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Ads Removal: {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Spotify Web Helper] "C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [Browser Extensions] "C:\Users\Scott\AppData\Roaming\Slick Savings\CouponsHelper.exe"
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
    uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
    dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
    dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
    dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
    dRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
    StartupFolder: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: ShutdownWithoutLogonBeforeSoftXpand = dword:1
    mPolicies-System: DisableCAD = dword:1
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    LSP: C:\Program Files\MiniFrame\SoftXpand 2011\MfLsp32.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{195DA130-D154-4535-B2CE-788C4B03B908} : DHCPNameServer = 208.122.23.23 208.122.23.22
    TCP: Interfaces\{D8C42C25-83F7-4AD2-BF14-72BB52CE17E5}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{D8C42C25-83F7-4AD2-BF14-72BB52CE17E5}\960216D602771647368696E6760297F657 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Scott\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = about:blank
    x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    Hosts: 0.0.0.0 media.opencandy.com
    Hosts: 0.0.0.0 cdn.opencandy.com
    Hosts: 0.0.0.0 tracking.opencandy.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
    R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-1-25 20464]
    R0 mfcore;mfcore;C:\Windows\System32\drivers\mfcore.sys [2014-10-4 80312]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2014-1-26 21184]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-1-25 21584]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-8-19 283064]
    R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-11-13 893216]
    R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-13 815392]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-9-15 239616]
    R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-9-21 2436280]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-11-3 2530128]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-5-25 9216]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-11-13 344896]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-8-27 747520]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2014-1-25 169432]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-10-21 417552]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2014-4-27 72216]
    R2 Process Blocker;Process Blocker;C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2014-10-3 2233168]
    R2 RealtekSE;RealtekSE;C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [2014-1-25 36864]
    R2 SoftXpand 2011 Watchdog;SoftXpand 2011 Watchdog;C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe [2014-1-1 34744]
    R2 Unchecky;Unchecky;C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [2014-8-5 111208]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
    R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2014-11-13 23048]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-1-25 368112]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-1-25 786416]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-13 129752]
    R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2014-11-13 34848]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-13 941784]
    R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2014-11-13 3300568]
    R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2013-5-5 39168]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-11-13 34544]
    R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2014-11-13 23016]
    S1 UsbCharger;UsbCharger;C:\Windows\System32\drivers\UsbCharger.sys [2014-1-25 21584]
    S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe --> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [?]
    S2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe --> C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-1-25 2630432]
    S2 mfcoresvc;mfcoresvc;C:\Windows\System32\mfcoresvc.exe [2014-10-4 16824]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [2014-11-9 78088]
    S3 BRSptStub;BitRaider Mini-Support Service Stub Loader;C:\ProgramData\BitRaider\BRSptStub.exe [2014-11-9 363208]
    S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [2014-2-28 520416]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-18 111616]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-5-16 450520]
    S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-8-27 828376]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-6 19456]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2014-1-25 1142376]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-6 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-3-6 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-26 1255736]
    .
    =============== File Associations ===============
    .
    ShellExec: SC2Editor.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Editor.exe" "%1"
    ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2014-11-13 22:01:34 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-11-13 22:01:29 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-13 22:01:29 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-13 22:01:29 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-13 22:01:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-11-13 22:01:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-13 16:45:45 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-11-13 16:44:32 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-13 16:43:22 941784 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    2014-11-13 16:43:22 73800 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2014-11-13 16:40:50 34544 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys
    2014-11-13 16:39:38 3300568 ----a-w- C:\Windows\System32\drivers\rtwlane.sys
    2014-11-13 16:28:13 -------- d-----w- C:\Users\Scott\AppData\Roaming\Luefzo
    2014-11-13 16:11:23 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
    2014-11-13 16:11:17 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
    2014-11-13 16:03:39 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D801153D-DC27-4B63-8578-F3B2F81BFFE4}\mpengine.dll
    2014-11-13 16:02:01 -------- d-----w- C:\Program Files\Softros Systems
    2014-11-12 21:53:03 -------- d-----w- C:\ProgramData\PehbeGiqsu
    2014-11-12 21:52:59 -------- d-----w- C:\ProgramData\LehcAyco
    2014-11-12 21:45:06 -------- d-----w- C:\ProgramData\HugyoMapuq
    2014-11-12 20:26:13 -------- d-----w- C:\Games
    2014-11-12 19:50:36 -------- d-----w- C:\Program Files\Nexus Mod Manager
    2014-11-12 19:20:36 -------- d-----w- C:\Users\Scott\AppData\Roaming\Mount&Blade
    2014-11-10 17:35:42 -------- d-----w- C:\Users\Scott\AppData\Roaming\TS3Client
    2014-11-10 17:35:33 -------- d-----w- C:\Users\Scott\AppData\Local\TeamSpeak 3 Client
    2014-11-09 10:48:16 -------- d-----w- C:\Users\Scott\AppData\Local\SWTOR
    2014-11-09 10:19:29 -------- d-----w- C:\ProgramData\BitRaider
    2014-11-09 10:19:10 -------- d-----w- C:\Users\Scott\AppData\Local\SWTORPerf
    2014-11-09 10:18:00 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
    2014-11-07 16:59:49 -------- d-----w- C:\Users\Scott\AppData\Roaming\AMD
    2014-11-04 15:10:02 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2014-10-30 21:04:10 -------- d-----w- C:\Users\Scott\AppData\Local\Robot Entertainment
    2014-10-28 00:29:23 -------- d-----w- C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
    2014-10-25 15:11:17 -------- d-----w- C:\Users\Scott\AppData\Roaming\StunlockStudios
    2014-10-24 22:42:59 -------- d-----w- C:\Users\Scott\AppData\Local\Arma 3
    2014-10-24 22:42:59 -------- d-----w- C:\ProgramData\Bohemia Interactive
    2014-10-24 15:35:58 -------- d-----w- C:\Users\Scott\AppData\Local\Playfire_Ltd
    2014-10-24 15:31:23 -------- d-----w- C:\Program Files (x86)\PlayfireClientGames
    2014-10-24 15:29:37 -------- d-----w- C:\Users\Scott\AppData\Roaming\Vulcan
    2014-10-24 15:29:37 -------- d-----w- C:\Users\Scott\AppData\Local\Vulcan
    2014-10-24 15:29:05 -------- d-----w- C:\Program Files (x86)\Playfire
    2014-10-23 17:58:58 -------- d-----w- C:\Program Files (x86)\Clownfish
    2014-10-18 07:05:56 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 16:10:08 -------- d-----r- C:\Program Files (x86)\Skype
    .
    ==================== Find3M ====================
    .
    2014-11-13 16:46:29 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-13 16:46:29 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-13 16:43:22 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
    2014-10-28 06:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-04 14:09:39 67472 ----a-w- C:\Windows\SysWow64\mfcoresfp.x86
    2014-10-04 14:09:39 519576 ----a-w- C:\Windows\SysWow64\mfcoresfp.dll
    2014-10-04 14:09:39 426376 ----a-w- C:\Windows\System32\mfcoredll.dll
    2014-10-04 14:09:39 387464 ----a-w- C:\Windows\SysWow64\mfcoredll.dll
    2014-10-04 14:09:39 319168 ----a-w- C:\Windows\SysWow64\mfcoresfp.exe
    2014-10-04 14:09:39 16824 ----a-w- C:\Windows\System32\mfcoresvc.exe
    2014-10-04 14:09:39 151440 ----a-w- C:\Windows\System32\mfcoresfp.x64
    2014-10-04 14:09:39 1312664 ----a-w- C:\Windows\System32\mfcoresfp.dll
    2014-10-04 14:09:39 1259568 ----a-w- C:\Windows\System32\mfcoresfp.exe
    2014-10-04 14:09:38 80312 ----a-w- C:\Windows\System32\drivers\mfcore.sys
    2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-09-26 19:31:43 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2014-09-26 19:31:43 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2014-09-26 19:30:55 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-09-15 22:32:04 128384 ----a-w- C:\Windows\System32\amdhcp64.dll
    2014-09-15 22:32:04 118096 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
    2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\atimpc64.dll
    2014-09-15 22:32:00 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
    2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2014-09-15 22:32:00 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2014-09-15 22:31:50 144328 ----a-w- C:\Windows\System32\atiuxp64.dll
    2014-09-15 22:31:48 126848 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2014-09-15 22:31:46 118096 ----a-w- C:\Windows\System32\atiu9p64.dll
    2014-09-15 22:31:44 100032 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2014-09-15 22:31:42 1335544 ----a-w- C:\Windows\System32\aticfx64.dll
    2014-09-15 22:31:40 1113576 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2014-09-15 22:31:34 10826488 ----a-w- C:\Windows\System32\atidxx64.dll
    2014-09-15 22:31:30 9254184 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2014-09-15 22:31:22 7207592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2014-09-15 22:31:16 7028336 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2014-09-15 22:31:06 8044976 ----a-w- C:\Windows\System32\atiumd6a.dll
    2014-09-15 22:31:02 8296296 ----a-w- C:\Windows\System32\atiumd64.dll
    2014-09-15 22:29:04 293088 ----a-w- C:\Windows\System32\drivers\amdacpksd.sys
    2014-09-15 22:26:58 16750080 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2014-09-15 22:18:06 235008 ----a-w- C:\Windows\System32\clinfo.exe
    2014-09-15 22:18:00 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2014-09-15 22:17:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2014-09-15 22:17:56 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
    2014-09-15 22:17:56 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2014-09-15 22:17:54 33867264 ----a-w- C:\Windows\System32\amdocl64.dll
    2014-09-15 22:17:04 28770304 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2014-09-15 22:16:18 65024 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-09-15 22:16:18 58880 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-09-15 22:13:24 27918336 ----a-w- C:\Windows\System32\atio6axx.dll
    2014-09-15 22:09:38 48128 ----a-w- C:\Windows\System32\amdmmcl6.dll
    2014-09-15 22:09:36 37888 ----a-w- C:\Windows\SysWow64\amdmmcl.dll
    2014-09-15 22:09:10 127488 ----a-w- C:\Windows\System32\mantle64.dll
    2014-09-15 22:09:04 113664 ----a-w- C:\Windows\SysWow64\mantle32.dll
    2014-09-15 22:09:00 5639168 ----a-w- C:\Windows\System32\amdmantle64.dll
    2014-09-15 22:08:08 23375360 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2014-09-15 22:07:48 367104 ----a-w- C:\Windows\System32\atiapfxx.exe
    2014-09-15 22:07:46 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
    2014-09-15 22:07:44 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2014-09-15 22:07:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
    2014-09-15 22:07:42 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2014-09-15 22:07:36 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
    2014-09-15 22:06:46 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2014-09-15 22:05:52 4480000 ----a-w- C:\Windows\SysWow64\amdmantle32.dll
    2014-09-15 22:03:28 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2014-09-15 22:03:26 31232 ----a-w- C:\Windows\System32\atimuixx.dll
    2014-09-15 22:03:24 619008 ----a-w- C:\Windows\System32\atieclxx.exe
    2014-09-15 22:03:18 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
    2014-09-15 22:03:12 91648 ----a-w- C:\Windows\System32\mantleaxl64.dll
    .
    ============= FINISH: 22:16:27.34 ===============
     
  5. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/01/2014 19:32:57
    System Uptime: 13/11/2014 22:12:02 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | H87-HD3
    Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz | SOCKET 0 | 3101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 94.985 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 429.962 GiB free.
    F: is CDROM ()
    G: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\SCSIADAPTER\0001
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SCSIADAPTER\0001
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: BlueStacks Hypervisor
    Device ID: ROOT\LEGACY_BSTHDDRV\0000
    Manufacturer:
    Name: BlueStacks Hypervisor
    PNP Device ID: ROOT\LEGACY_BSTHDDRV\0000
    Service: BstHdDrv
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer:
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP274: 13/11/2014 16:00:58 - Installed Process Blocker 1.0.8.0
    RP275: 13/11/2014 16:01:21 - Windows Update
    RP276: 13/11/2014 16:38:32 - Driver Booster : ASUS PCE-N10 11n Wireless LAN PCI-E Card
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    Hosts: 0.0.0.0 media.opencandy.com
    Hosts: 0.0.0.0 cdn.opencandy.com
    Hosts: 0.0.0.0 tracking.opencandy.com
    Hosts: 0.0.0.0 api.opencandy.com
    Hosts: 0.0.0.0 installer.betterinstaller.com
    Hosts: 0.0.0.0 installer.filebulldog.com
    Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    Hosts: 0.0.0.0 inno.bisrv.com
    Hosts: 0.0.0.0 nsis.bisrv.com
    Hosts: 0.0.0.0 cdn.file2desktop.com
    Hosts: 0.0.0.0 cdn.goateastcach.us
    Hosts: 0.0.0.0 cdn.guttastatdk.us
    Hosts: 0.0.0.0 cdn.inskinmedia.com
    Hosts: 0.0.0.0 cdn.insta.oibundles2.com
    Hosts: 0.0.0.0 cdn.insta.playbryte.com
    Hosts: 0.0.0.0 cdn.llogetfastcach.us
    Hosts: 0.0.0.0 cdn.montiera.com
    Hosts: 0.0.0.0 cdn.msdwnld.com
    Hosts: 0.0.0.0 cdn.mypcbackup.com
    Hosts: 0.0.0.0 cdn.ppdownload.com
    Hosts: 0.0.0.0 cdn.riceateastcach.us
    Hosts: 0.0.0.0 cdn.shyapotato.us
    Hosts: 0.0.0.0 cdn.solimba.com
    Hosts: 0.0.0.0 cdn.tuto4pc.com
    Hosts: 0.0.0.0 cdn.appround.biz
    Hosts: 0.0.0.0 cdn.bigspeedpro.com
    Hosts: 0.0.0.0 cdn.bispd.com
    Hosts: 0.0.0.0 cdn.bisrv.com
    Hosts: 0.0.0.0 cdn.cdndp.com
    Hosts: 0.0.0.0 cdn.download.sweetpacks.com
    Hosts: 0.0.0.0 cdn.dpdownload.com
    Hosts: 0.0.0.0 cdn.visualbee.net
    .
    ==== Installed Programs ======================
    .
    «The Sims 3 Deluxe Edition» (build 10.2)
    3DMark Demo
    7-Zip 9.20
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Photoshop CC
    Adobe Photoshop Elements 2.0
    Adobe Reader XI (11.0.09)
    Advanced SystemCare 7
    Advanced SystemCare 8
    Alan Wake's American Nightmare
    AMD Accelerated Video Transcoding
    AMD Catalyst Control Center
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    AMD Wireless Display v3.0
    Anarchy Arcade
    Antichamber
    Arma 2
    ASUS PCE-N10 WLAN Card Utilities & Driver
    Audacity 2.0.5
    Awesomenauts
    Battle.net
    Battlelog Web Plugins
    Beer goggles
    Binary Domain
    BioShock
    BioShock 2
    BIT.TRIP RUNNER
    BitRaider Streaming Client
    BitTorrent
    Black Shell Games - SanctuaryRPG -
    Blacklight: Retribution
    BlueStacks Notification Center
    Borderlands
    Borderlands 2 - Game Of The Year Edition
    Borderlands: The Pre-Sequel
    BOSS
    Botanicula
    Browser Extensions
    Burnout Paradise: The Ultimate Box
    Cargo Commander
    Carmageddon Mod version 3.1.3
    Castle Crashers
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cheat Engine 6.3
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Clownfish for Skype
    Command and Conquer: Red Alert 3 - Uprising
    Company of Heroes (New Steam Version)
    Content Manager Assistant for PlayStation(R)
    Counter-Strike: Global Offensive
    Counter-Strike: Source
    Crusader Kings II
    Cube World v0.1.0 (FIXED)(5 July 2013)
    D3DX10
    DAEMON Tools Lite
    Darksiders
    DarksidersInstaller
    Dead Island Riptide
    Dead Island: Epidemic
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dino D-Day
    Dota 2
    Dota 2 Test
    Dota 2 Workshop Tools Alpha
    Driver Booster 2
    Dungeon Defenders
    Dungeon Keeper 2
    Dungeon Keeper Gold
    Dust: An Elysian Tail
    Empire: Total War
    Enemy Territory - QUAKE Wars(TM)
    Enhanced Steam Standalone
    Factorio version 0.9.8
    Firefall
    Flawless Widescreen version 1.0.12
    Floating Point
    Fraps (remove only)
    FTL: Faster Than Light
    Futuremark SystemInfo
    Game Dev Tycoon
    GameRanger
    Garry's Mod
    GIMP 2.8.10
    Glyph
    GOG.com Dungeon Keeper 2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Gratuitous Space Battles
    Guacamelee! Gold Edition
    Guitar Pro 5.2
    Guncraft
    Guns of Icarus Online
    Hack n Slash Prototype
    Ham Sandwich Simulator
    Hearthstone
    Hi-Rez Studios Authenticate and Update Service
    Insurgency
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel® Trusted Connect Service Client
    IObit Malware Fighter
    IObit Uninstaller
    Java 7 Update 72
    Java 7 Update 72 (64-bit)
    Just Cause 2
    Just Cause 2: Multiplayer Mod
    Katawa Shoujo
    Kerbal Space Program
    Killing Floor
    King's Bounty: The Legend
    LBOTS Top mouse Driver
    League of Legends
    Left 4 Dead 2
    Little Inferno
    LIVE gaming on Windows Runtime Version 1.0.6027
    LogMeIn Hamachi
    Mafia II
    MagicDisc 2.7.106
    Magicka
    Magicka: Wizard Wars
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mass Effect™
    Mass Effect™ 2
    Mass Effect™ 3
    Metro 2033
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
    Microsoft Office 365 ProPlus - en-us
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office on Demand Browser Add-ons
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0 Refresh
    Mirror's Edge
    Mortal Kombat Komplete Edition
    Mount and Blade
    Movie Maker
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    Mumble 1.2.7
    My Game Long Name
    Natural Selection 2
    Neverwinter
    Nexus Mod Manager
    No More Room in Hell
    NVIDIA PhysX
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    ON_OFF Charge 2 B13.0910.1
    OnTopReplica
    Open Broadcaster Software
    OpenAL
    OpenRA
    Orcs Must Die! 2
    Origin
    ORION: Dino Horde
    Papers, Please
    PAYDAY: The Heist
    PCSX2 - Playstation 2 Emulator
    PDF Settings CC
    Photo Common
    Photo Gallery
    PlanetSide 2
    Playfire
    Prison Architect
    Process Blocker 1.0.8.0
    PunkBuster Services
    Quake Live
    Rainmeter
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Receiver
    Renegade X
    Reus
    RIFT™
    Risen
    Risen 2 - Dark Waters
    Risk of Rain
    Robocraft
    Rocksmith 2014
    RollerCoaster Tycoon 2
    RollerCoaster Tycoon 2: Time Twister
    RollerCoaster Tycoon 2: Wacky Worlds
    RPG Maker VX Ace
    S.T.A.L.K.E.R.: Shadow of Chernobyl
    S.W.A.P version 1.0.0.0
    Sacrifice
    Saints Row: The Third
    Sanctum 2
    Sang-Froid - Tales of Werewolves
    Search Protection
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Sid Meier's Ace Patrol
    Sid Meier's Civilization IV
    Sid Meier’s Ace Patrol: Pacific Skies
    Sid Meiers Civilization Beyond Earth
    SimCity™
    Skype™ 6.21
    Slick Savings
    SlimDX Runtime .NET 4.0 x86 (January 2012)
    Smart Defrag 3
    Sniper Elite V2
    SoftXpand Duo Pro
    Sonic & All-Stars Racing Transformed
    Space Engineers
    Space Pirates and Zombies
    Spec Ops: The Line
    Speccy
    SPORE™
    Spotify
    Stalker Complete 2009
    Star Wars: The Old Republic
    Steam
    Surfing Protection
    Surgeon Simulator 2013
    System Requirements Lab CYRI
    Team Fortress 2
    TeamSpeak 3 Client
    Terraria
    The Binding of Isaac
    The Bureau: XCOM Declassified
    The Darkness II
    The Elder Scrolls IV: Oblivion
    The Elder Scrolls Online Beta
    The Elder Scrolls V: Skyrim
    The Ship
    The Showdown Effect
    The Sims 2: Ultimate Collection
    The Sims™ 3
    The Sims™ 3 ??? ????????
    The Sims™ 3 ???? ???????
    The Sims™ 3 ????? ?? ??????? ???????
    The Sims™ 3 ???????
    The Sims™ 3 ??????? ????
    The Sims™ 3 ???????? 70-?, 80-?, 90-? ???????
    The Sims™ 3 ????????? ????? ???????
    The Sims™ 3 ?????????? ????? ???????
    The Sims™ 3 ?????????? ??????? ???????
    The Sims™ 3 ??????????? ??????? ???????
    The Sims™ 3 Diesel ???????
    The Sims™ 3 Katy Perry ??????? ???????
    The Swapper
    The Witcher 2: Assassins of Kings Enhanced Edition
    The Witcher: Enhanced Edition
    Thomas Was Alone
    Tiny and Big: Grandpa's Leftovers
    Torchlight
    Total War: SHOGUN 2
    Tower of Guns
    TrackMania Nations Forever
    Tropico 4
    Tropico 5
    Unchecky v0.3.3
    Unity
    Unity Web Player
    Universe Sandbox
    Unturned
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
    USB Drum V1.03
    Velvet Sundown
    VirtualCloneDrive
    VLC media player
    VVVVVV
    Wanderlust: Rebirth
    Warcraft III Reign of Chaos & The Frozen Throne
    Warframe
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II – Retribution™
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Wing Commander III
    WinPcap 4.1.2
    WinRAR 5.01 (64-bit)
    X-COM: Apocalypse
    X-COM: Enforcer
    X-COM: Interceptor
    X-COM: Terror from the Deep
    X-COM: UFO Defense
    XCOM: Enemy Unknown
    Xiph.Org Open Codecs 0.85.17777
    Zen Bound® 2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/11/2014 22:12:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: UsbCharger
    13/11/2014 22:12:39, Error: Service Control Manager [7001] - The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: The system cannot find the path specified.
    13/11/2014 22:12:37, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    13/11/2014 22:12:34, Error: Service Control Manager [7000] - The BlueStacks Updater Service service failed to start due to the following error: The system cannot find the file specified.
    13/11/2014 22:12:34, Error: Service Control Manager [7000] - The BlueStacks Log Rotator Service service failed to start due to the following error: The system cannot find the file specified.
    13/11/2014 22:12:34, Error: Service Control Manager [7000] - The BlueStacks Hypervisor service failed to start due to the following error: The system cannot find the path specified.
    13/11/2014 22:12:31, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
    13/11/2014 19:38:59, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    13/11/2014 16:59:11, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    13/11/2014 16:38:40, Error: Service Control Manager [7000] - The cpuz137 service failed to start due to the following error: The system cannot find the path specified.
    13/11/2014 16:31:03, Error: Service Control Manager [7030] - The Advanced SystemCare Service 7 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    13/11/2014 16:31:02, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
    13/11/2014 16:31:02, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/11/2014 16:11:18, Error: Service Control Manager [7030] - The Advanced SystemCare Service 8 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    13/11/2014 16:11:02, Error: Service Control Manager [7034] - The Advanced SystemCare Service 7 service terminated unexpectedly. It has done this 1 time(s).
    13/11/2014 16:05:19, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The system cannot find the file specified.
    13/11/2014 15:45:18, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
    13/11/2014 15:14:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    13/11/2014 15:14:01, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/11/2014 15:13:17, Error: Service Control Manager [7000] - The Intel(R) Capability Licensing Service Interface service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/11/2014 15:13:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Capability Licensing Service Interface service to connect.
    13/11/2014 15:12:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
    12/11/2014 19:27:11, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/11/2014 15:10:31, Error: volmgr [46] - Crash dump initialization failed!
    12/11/2014 15:10:09, Error: NetBT [4300] - The driver could not be created.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] I don't see any AV program running.
    Step 1 in our preliminaries calls for install one if you don't have any.
    Please explain.

    [​IMG] Uninstall Advanced SystemCare.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

     
  7. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    My apologies, I assumed one of the programs I had installed would have been and AV, oh well.

    I have installed and ran Avast AntiVirus and uninstalled Advance SystemCare - what would you like me to do now?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  9. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Malwarebytes Anti-Rootkit BETA 1.08.1.1001
    www.malwarebytes.org

    Database version: v2014.11.14.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    Scott :: INDIEINSIDE [administrator]

    14/11/2014 16:54:36
    mbar-log-2014-11-14 (16-54-36).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 404153
    Time elapsed: 10 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$RHKQK2J.exe (Trojan.Zbot) -> Delete on reboot. [2e801b20f686d75f54549b499e6360a0]
    C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$R56DP0G\hyazrof.exe (Trojan.Zbot) -> Delete on reboot. [6c42f942b9c3d66007a106dea55cba46]
    C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$RPUAJ9W\hyazrof.exe (Trojan.Zbot) -> Delete on reboot. [c0eedf5c8bf149ed2b7d8c58e31ef60a]
    C:\Users\Scott\AppData\Local\Temp\UpdateFlashPlayer_4c43741d.exe (Trojan.Zbot) -> Delete on reboot. [aa04de5d166654e23573727232cfcb35]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.1.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 3.092000 GHz
    Memory total: 8462684160, free: 4562698240

    Downloaded database version: v2014.11.14.06
    Downloaded database version: v2014.11.12.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    11/14/2014 16:54:28
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\mfcore.sys
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\drivers\FLTMGR.SYS
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\iusb3hcs.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStorA.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\SmartDefragDriver.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\DRIVERS\iaStorF.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\AppleCharger.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\system32\DRIVERS\iusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\rtwlane.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\lmimirr.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\ScpVBus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\iusb3hub.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
    \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
    \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\usp10.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\sechost.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\nsi.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007ce9060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007e\
    Lower Device Object: 0xfffffa8007ab9060
    Lower Device Driver Name: \Driver\iaStorA\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007ce8060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000007d\
    Lower Device Object: 0xfffffa8007a859c0
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007ce9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007ce9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007ce9060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007bb8c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
    DevicePointer: 0xfffffa8007ab9060, DeviceName: \Device\0000007e\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007ce8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007ce8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007ce8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007bb7c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
    DevicePointer: 0xfffffa8007a859c0, DeviceName: \Device\0000007d\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2B7E7AE6

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 64 Numsec = 976751936

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Drive 1
    This is a System drive
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: DB156B0F

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 206848 Numsec = 1953314816
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$RHKQK2J.exe --> [Trojan.Zbot]
    Infected: C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$R56DP0G\hyazrof.exe --> [Trojan.Zbot]
    Infected: C:\$Recycle.Bin\S-1-5-21-3627555642-523329072-3733843303-1000\$RPUAJ9W\hyazrof.exe --> [Trojan.Zbot]
    Infected: C:\Users\Scott\AppData\Local\Temp\UpdateFlashPlayer_4c43741d.exe --> [Trojan.Zbot]
    Scan finished
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-206848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  11. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Scott [Administrator]
    Mode : Delete -- Date : 11/14/2014 16:52:18

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 26 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\Microsoft\Windows\CurrentVersion\Run | Browser Extensions : "C:\Users\Scott\AppData\Roaming\Slick Savings\CouponsHelper.exe" [x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\Microsoft\Windows\CurrentVersion\Run | Browser Extensions : "C:\Users\Scott\AppData\Roaming\Slick Savings\CouponsHelper.exe" -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC (\??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptStub ("C:\ProgramData\BitRaider\BRSptStub.exe") -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64_1_3_3_E02B25FC (\??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptStub ("C:\ProgramData\BitRaider\BRSptStub.exe") -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64_1_3_3_E02B25FC (\??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptStub ("C:\ProgramData\BitRaider\BRSptStub.exe") -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv (\??\C:\Windows\gdrv.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\Microsoft\Internet Explorer\Main | Start Page : reddit.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\Microsoft\Internet Explorer\Main | Start Page : reddit.com -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{195DA130-D154-4535-B2CE-788C4B03B908} | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{195DA130-D154-4535-B2CE-788C4B03B908} | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{195DA130-D154-4535-B2CE-788C4B03B908} | DhcpNameServer : 208.122.23.23 208.122.23.22 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path?Suspicious.Startup][File] PowerReg Scheduler V3.exe -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Deleted

    ¤¤¤ Hosts File : 34 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
    [C:\Windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 19727260f673b0e440398a0fcf867432
    [BSP] 86502e86158c83cec0941a4c1dc4b65c : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64 | Size: 476929 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

    +++++ PhysicalDrive1: ST1000DX ST1000DX001-1CM1 SCSI Disk Device +++++
    --- User ---
    [MBR] 93c895eb9e4ecb78dfadcf71c6bbc3e8
    [BSP] 25461f3bd942406721e25147bcc9beed : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )


    ============================================
    RKreport_SCN_11142014_165214.log
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    ComboFix 14-11-15.01 - Scott 14/11/2014 18:11:16.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8071.4270 [GMT 0:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\1390683339.bdinstall.bin
    c:\programdata\1394733152.bdinstall.bin
    c:\programdata\1397835321.bdinstall.bin
    c:\programdata\1400477055.bdinstall.bin
    c:\programdata\1400477057.bdinstall.bin
    c:\users\Scott\AppData\Roaming\Love
    c:\users\Scott\AppData\Roaming\Love\mari0\options.txt
    c:\users\Scott\AppData\Roaming\Slick Savings
    c:\users\Scott\AppData\Roaming\Slick Savings\Button.exe
    c:\users\Scott\AppData\Roaming\Slick Savings\Button64.exe
    c:\users\Scott\AppData\Roaming\Slick Savings\ButtonWrap.dll
    c:\users\Scott\AppData\Roaming\Slick Savings\ButtonWrap64.dll
    c:\users\Scott\AppData\Roaming\Slick Savings\coupons.xpi
    c:\users\Scott\AppData\Roaming\Slick Savings\coupons_2.4.crx
    c:\users\Scott\AppData\Roaming\Slick Savings\coupons_2.9.xpi
    c:\users\Scott\AppData\Roaming\Slick Savings\Uninstall.exe
    c:\windows\msdownld.tmp
    C:\WindowsALGER.tt2
    C:\WindowsBAUHS93.tt2
    C:\WindowsHARLOWSI.tt2
    C:\WindowsLEELAWAD.tt2
    C:\WindowsLEELAWDB.tt2
    C:\WindowsMSJH.tt2
    C:\WindowsMSJHBD.tt2
    C:\WindowsMSUIGHUR.tt2
    C:\WindowsMSYH.tt2
    C:\WindowsMSYHBD.tt2
    C:\WindowsVIVALDII.tt2
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-14 to 2014-11-14 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-14 16:54 . 2014-11-14 18:24 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-11-14 16:48 . 2014-11-14 16:48 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-14 16:48 . 2014-11-14 16:48 -------- d-----w- c:\programdata\RogueKiller
    2014-11-14 15:34 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB2A37CB-300B-41F9-99E2-5A9008D22E3E}\mpengine.dll
    2014-11-14 15:20 . 2014-11-14 15:20 -------- d-----w- c:\users\Scott\AppData\Roaming\AVAST Software
    2014-11-14 15:20 . 2014-11-14 15:24 -------- d-----w- c:\windows\system32\vbox
    2014-11-14 15:20 . 2014-11-14 15:24 -------- d-----w- c:\windows\SysWow64\vbox
    2014-11-14 15:19 . 2014-11-14 15:19 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-11-14 15:19 . 2014-11-14 15:19 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-11-14 15:19 . 2014-11-14 15:19 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-11-14 15:19 . 2014-11-14 15:19 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-11-14 15:19 . 2014-11-14 15:19 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-11-14 15:19 . 2014-11-14 15:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-11-14 15:19 . 2014-11-14 15:19 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-11-14 15:19 . 2014-11-14 15:19 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-11-14 15:19 . 2014-11-14 15:19 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2014-11-14 15:19 . 2014-11-14 15:19 43152 ----a-w- c:\windows\avastSS.scr
    2014-11-14 15:19 . 2014-11-14 15:19 -------- d-----w- c:\program files\AVAST Software
    2014-11-14 15:18 . 2014-11-14 15:19 -------- d-----w- c:\programdata\AVAST Software
    2014-11-14 06:44 . 2014-11-14 06:54 -------- d-----w- c:\users\Scott\Outerra
    2014-11-14 06:44 . 2014-11-14 06:44 -------- d-----w- c:\program files (x86)\Outerra
    2014-11-13 22:01 . 2014-11-14 16:54 131800 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-13 22:01 . 2014-11-14 16:54 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-13 22:01 . 2014-11-13 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-13 22:01 . 2014-11-13 22:01 -------- d-----w- c:\programdata\Malwarebytes
    2014-11-13 22:01 . 2014-10-01 11:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-13 22:01 . 2014-10-01 11:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-13 16:45 . 2014-11-13 16:45 319912 ----a-w- c:\windows\system32\javaws.exe
    2014-11-13 16:45 . 2014-11-13 16:45 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-11-13 16:45 . 2014-11-13 16:45 189352 ----a-w- c:\windows\system32\java.exe
    2014-11-13 16:45 . 2014-11-13 16:45 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-11-13 16:45 . 2014-11-13 16:45 -------- d-----w- c:\program files\Java
    2014-11-13 16:44 . 2014-11-13 16:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-13 16:44 . 2014-11-13 16:44 -------- d-----w- c:\program files (x86)\Java
    2014-11-13 16:43 . 2014-11-13 16:43 941784 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2014-11-13 16:43 . 2014-11-13 16:43 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
    2014-11-13 16:40 . 2014-11-13 16:40 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
    2014-11-13 16:39 . 2014-11-13 16:39 3300568 ----a-w- c:\windows\system32\drivers\rtwlane.sys
    2014-11-13 16:13 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-11-13 16:12 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-11-13 16:12 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-11-13 16:11 . 2014-11-13 16:11 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
    2014-11-13 16:11 . 2014-11-13 16:11 -------- d-----w- c:\program files (x86)\Common Files\IObit
    2014-11-13 16:02 . 2014-11-13 16:02 -------- d-----w- c:\program files\Softros Systems
    2014-11-12 21:53 . 2014-11-13 22:10 -------- d-----w- c:\programdata\PehbeGiqsu
    2014-11-12 21:52 . 2014-11-13 22:10 -------- d-----w- c:\programdata\LehcAyco
    2014-11-12 21:45 . 2014-11-13 22:12 -------- d-----w- c:\programdata\HugyoMapuq
    2014-11-12 20:26 . 2014-11-12 20:26 -------- d-----w- C:\Games
    2014-11-12 19:50 . 2014-11-12 20:26 -------- d-----w- c:\program files\Nexus Mod Manager
    2014-11-12 19:20 . 2014-11-12 19:24 -------- d-----w- c:\users\Scott\AppData\Roaming\Mount&Blade
    2014-11-10 17:35 . 2014-11-10 18:08 -------- d-----w- c:\users\Scott\AppData\Roaming\TS3Client
    2014-11-10 17:35 . 2014-11-10 17:35 -------- d-----w- c:\users\Scott\AppData\Local\TeamSpeak 3 Client
    2014-11-09 10:48 . 2014-11-09 10:48 -------- d-----w- c:\users\Scott\AppData\Local\SWTOR
    2014-11-09 10:19 . 2014-11-09 10:19 -------- d-----w- c:\programdata\BitRaider
    2014-11-09 10:18 . 2014-11-09 10:18 -------- d-----w- c:\program files (x86)\Common Files\BioWare
    2014-11-07 16:59 . 2014-11-07 16:59 -------- d-----w- c:\users\Scott\AppData\Roaming\AMD
    2014-11-04 15:10 . 2014-11-04 15:10 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2014-10-30 21:04 . 2014-10-30 21:04 -------- d-----w- c:\users\Scott\AppData\Local\Robot Entertainment
    2014-10-28 00:29 . 2014-10-28 00:41 -------- d-----w- c:\program files (x86)\Sid Meiers Civilization Beyond Earth
    2014-10-25 15:11 . 2014-10-25 15:11 -------- d-----w- c:\users\Scott\AppData\Roaming\StunlockStudios
    2014-10-24 22:42 . 2014-10-24 23:30 -------- d-----w- c:\users\Scott\AppData\Local\Arma 3
    2014-10-24 22:42 . 2014-10-24 22:42 -------- d-----w- c:\programdata\Bohemia Interactive
    2014-10-24 15:35 . 2014-10-24 15:35 -------- d-----w- c:\users\Scott\AppData\Local\Playfire_Ltd
    2014-10-24 15:29 . 2014-10-24 15:31 -------- d-----w- c:\users\Scott\AppData\Local\Vulcan
    2014-10-24 15:29 . 2014-10-24 15:29 -------- d-----w- c:\users\Scott\AppData\Roaming\Vulcan
    2014-10-24 15:29 . 2014-10-24 15:29 -------- d-----w- c:\program files (x86)\Playfire
    2014-10-23 17:58 . 2014-10-23 17:58 -------- d-----w- c:\program files (x86)\Clownfish
    2014-10-18 07:05 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll
    2014-10-18 06:59 . 2014-10-18 06:59 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-11-14 15:16 . 2014-03-13 17:59 103374192 ----a-w- c:\windows\system32\MRT.exe
    2014-11-13 16:46 . 2014-03-16 21:57 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-11-13 16:46 . 2014-02-19 15:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-13 16:43 . 2014-01-25 21:18 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2014-10-28 06:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-04 14:09 . 2014-10-04 14:09 67472 ----a-w- c:\windows\SysWow64\mfcoresfp.x86
    2014-10-04 14:09 . 2014-10-04 14:09 519576 ----a-w- c:\windows\SysWow64\mfcoresfp.dll
    2014-10-04 14:09 . 2014-10-04 14:09 426376 ----a-w- c:\windows\system32\mfcoredll.dll
    2014-10-04 14:09 . 2014-10-04 14:09 387464 ----a-w- c:\windows\SysWow64\mfcoredll.dll
    2014-10-04 14:09 . 2014-10-04 14:09 319168 ----a-w- c:\windows\SysWow64\mfcoresfp.exe
    2014-10-04 14:09 . 2014-10-04 14:09 16824 ----a-w- c:\windows\system32\mfcoresvc.exe
    2014-10-04 14:09 . 2014-10-04 14:09 151440 ----a-w- c:\windows\system32\mfcoresfp.x64
    2014-10-04 14:09 . 2014-10-04 14:09 1312664 ----a-w- c:\windows\system32\mfcoresfp.dll
    2014-10-04 14:09 . 2014-10-04 14:09 1259568 ----a-w- c:\windows\system32\mfcoresfp.exe
    2014-10-04 14:09 . 2014-10-04 14:09 80312 ----a-w- c:\windows\system32\drivers\mfcore.sys
    2014-09-26 19:31 . 2014-04-24 07:00 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2014-09-26 19:31 . 2014-04-24 06:50 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2014-09-26 19:30 . 2014-04-24 06:50 280856 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2014-09-25 02:08 . 2014-10-02 16:10 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-02 16:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-21 18:58 . 2014-09-21 19:00 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-09-15 22:32 . 2014-09-15 22:32 128384 ----a-w- c:\windows\system32\amdhcp64.dll
    2014-09-15 22:32 . 2014-09-15 22:32 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
    2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
    2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
    2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2014-09-15 22:31 . 2013-12-06 22:04 144328 ----a-w- c:\windows\system32\atiuxp64.dll
    2014-09-15 22:31 . 2013-12-06 22:03 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2014-09-15 22:31 . 2014-04-18 02:42 118096 ----a-w- c:\windows\system32\atiu9p64.dll
    2014-09-15 22:31 . 2013-12-06 22:02 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2014-09-15 22:31 . 2013-12-06 22:01 1335544 ----a-w- c:\windows\system32\aticfx64.dll
    2014-09-15 22:31 . 2013-12-06 22:01 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2014-09-15 22:31 . 2013-12-06 22:00 10826488 ----a-w- c:\windows\system32\atidxx64.dll
    2014-09-15 22:31 . 2013-12-06 21:59 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2014-09-15 22:31 . 2013-12-06 21:59 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2014-09-15 22:31 . 2013-12-06 21:58 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2014-09-15 22:31 . 2014-04-18 02:42 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
    2014-09-15 22:31 . 2014-04-18 02:42 8296296 ----a-w- c:\windows\system32\atiumd64.dll
    2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
    2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
    2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
    2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
    2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
    2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
    2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
    2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
    2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
    2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
    2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
    2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
    2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
    2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
    2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
    2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
    2014-09-15 22:03 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
    2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
    2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
    2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
    2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
    2014-09-15 22:00 . 2014-09-15 22:00 95744 ----a-w- c:\windows\system32\amdave64.dll
    2014-09-15 22:00 . 2014-09-15 22:00 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
    2014-09-15 21:59 . 2014-09-15 21:59 89088 ----a-w- c:\windows\system32\atisamu64.dll
    2014-09-15 21:59 . 2014-09-15 21:59 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
    2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
    2014-09-15 21:59 . 2014-04-18 01:09 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2014-09-15 17:21 . 2014-09-15 17:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
    2014-09-15 17:19 . 2014-09-15 17:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
    2014-09-12 07:03 . 2014-09-12 07:03 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2014-09-12 07:03 . 2014-09-12 07:03 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2014-09-09 22:11 . 2014-09-26 07:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-09 21:47 . 2014-09-26 07:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-08-30 10:48 . 2012-07-17 14:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-23 02:07 . 2014-08-29 19:52 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-29 19:52 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-19 20:20 . 2014-08-19 20:20 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-12 1940160]
    "Spotify Web Helper"="c:\users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-10 1514040]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    "Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-11-03 3835728]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-14 5225064]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-02-06 567888]
    "Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-02-06 614232]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2014-1-26 113664]
    Content Manager Assistant for PlayStation(R).lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-10-15 3526776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R2 mfcoresvc;mfcoresvc;c:\windows\system32\mfcoresvc.exe;c:\windows\SYSNATIVE\mfcoresvc.exe [x]
    R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
    R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
    R3 BRSptStub;BitRaider Mini-Support Service Stub Loader;c:\programdata\BitRaider\BRSptStub.exe;c:\programdata\BitRaider\BRSptStub.exe [x]
    R3 cpuz137;cpuz137;c:\users\Scott\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Scott\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
    R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 mfcore;mfcore;c:\windows\system32\drivers\mfcore.sys;c:\windows\SYSNATIVE\drivers\mfcore.sys [x]
    S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
    S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 Process Blocker;Process Blocker;c:\program files\Softros Systems\Process Blocker\Process Blocker.exe;c:\program files\Softros Systems\Process Blocker\Process Blocker.exe [x]
    S2 RealtekSE;RealtekSE;c:\program files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe;c:\program files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [x]
    S2 SoftXpand 2011 Watchdog;SoftXpand 2011 Watchdog;c:\program files\MiniFrame\SoftXpand 2011\MFwatchdog.exe;c:\program files\MiniFrame\SoftXpand 2011\MFwatchdog.exe [x]
    S2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
    S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-29 20:30 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-16 16:46]
    .
    2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 20:39]
    .
    2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25 20:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
    2014-11-13 16:11 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-11-14 15:19 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-11-13 13672152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-25 391128]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-25 771544]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-25 770520]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = reddit.com
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    LSP: c:\program files\MiniFrame\SoftXpand 2011\MfLsp32.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: hola.org
    Trusted Zone: sharepoint.com\shottonhallacademy
    Trusted Zone: sharepoint.com\shottonhallacademy-my
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Handler: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - c:\users\Scott\Microsoft Office 15\root\office15\MSOSB.DLL
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-BlueStacks Agent - c:\program files (x86)\BlueStacks\HD-Agent.exe
    Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
    Wow6432Node-HKU-Default-Run-Advanced SystemCare 7 - c:\program files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-Black Shell Games SanctuaryRPG - c:\program files (x86)\Black Shell Games\SanctuaryRPG\uninstall.exe
    AddRemove-Borderlands 2 - Game Of The Year Edition_is1 - c:\program files (x86)\2K Games\Borderlands 2 - Game Of The Year Edition\Uninstall\unins000.exe
    AddRemove-Cheat Engine 6.3_is1 - c:\program files (x86)\Cheat Engine 6.3\unins000.exe
    AddRemove-Cube World v0.1.0 (FIXED)(5 July 2013)0.1.0 - c:\program files (x86)\1-click run\Cube World v0.1.0 (FIXED)(5 July 2013)\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    AddRemove-Rainmeter - c:\program files\Rainmeter\uninst.exe
    AddRemove-{0FF4BBB6-B94A-4462-B50F-CF21828944F4}_is1 - c:\program files (x86)\Carmageddon Mod\unins000.exe
    AddRemove-{3A787631-66A2-4634-B928-A37E73B58FB6} - c:\users\Scott\AppData\Roaming\Slick Savings\uninstall.exe
    AddRemove-{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1 - c:\program files (x86)\Flawless Widescreen\unins000.exe
    AddRemove-{9810E17A-BB1B-4C35-803B-380C5FB19570}_is1 - c:\program files (x86)\Chaos Theory Games\S.W.A.P\unins000.exe
    AddRemove-{3A787631-66A2-4634-B928-A37E73B58FB6} - c:\users\Scott\AppData\Roaming\Slick Savings\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:39,3e,77,08,13,9e,84,14,5b,3d,df,2d,fa,dd,dd,65,52,78,1d,e4,30,8a,29,
    e8,62,c7,0e,6e,37,2f,ea,50,9e,76,ea,6c,78,17,ca,76,d0,9d,96,88,59,d8,37,2b,\
    "??"=hex:ba,d3,b9,e7,69,ae,af,ad,65,12,b9,2d,48,84,56,bf
    .
    [HKEY_USERS\S-1-5-21-3627555642-523329072-3733843303-1000\Software\SecuROM\License information*]
    "datasecu"=hex:12,a1,7e,1b,8f,df,14,d2,bd,a1,cc,d5,15,7a,6a,44,cc,ee,9f,ca,bb,
    38,67,b4,c9,ad,3f,04,0d,c4,60,34,d8,da,68,1e,9b,4f,eb,72,75,bd,f5,d2,22,4e,\
    "rkeysecu"=hex:86,2b,02,95,45,ea,0d,e0,5f,ec,5b,3c,bd,c3,47,67
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWlan.exe
    c:\program files (x86)\Unchecky\bin\unchecky_bg.exe
    c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-14 18:30:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-11-14 18:30
    .
    Pre-Run: 145,295,286,272 bytes free
    Post-Run: 146,934,571,008 bytes free
    .
    - - End Of File - - 4DEB287EC161F273EB454FC548503D44
    2F5FF753CE860809A7CFE5A530FC7553
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    # AdwCleaner v4.101 - Report created 14/11/2014 at 19:16:38
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-13.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Scott - INDIEINSIDE
    # Running from : C:\Users\Scott\Desktop\adwcleaner_4.101.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Scott\AppData\Local\Slick Savings
    Folder Deleted : C:\Users\Scott\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\Scott\AppData\Roaming\Search Protection
    Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}
    File Deleted : C:\END
    File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\user.js
    File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

    ***** [ Scheduled Tasks ] *****

    Task Deleted : Driver Booster Scan
    Task Deleted : Driver Booster Update

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKCU\Software\OCS
    Key Deleted : HKCU\Software\AppDataLow\Software\Browser Extensions
    Key Deleted : HKLM\SOFTWARE\YourFileDownloader
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v


    -\\ Google Chrome v38.0.2125.111

    [C:\Users\Guesty\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    -\\ Chromium v

    [C:\Users\Guesty\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
    [C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [2462 octets] - [14/11/2014 19:14:12]
    AdwCleaner[S0].txt - [2665 octets] - [14/11/2014 19:16:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2725 octets] ##########
     
  16. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.7 (11.08.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Scott on 14/11/2014 at 19:21:05.67
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Windows\prefetch\DRIVERBOOSTER.EXE-51D78DCC.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 14/11/2014 at 19:25:43.33
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
    Ran by Scott (administrator) on INDIEINSIDE on 14-11-2014 19:26:20
    Running from C:\Users\Scott\Desktop
    Loaded Profile: Scott (Available profiles: Scott & Guesty & Guest)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
    (Realtek) C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe
    (MiniFrame LTD.) C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Spotify Ltd) C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
    () C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWLan.exe
    (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
    (Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    () C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-11-13] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-14] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-12] (Valve Corporation)
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Run: [Spotify Web Helper] => C:\Users\Scott\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-10] (Spotify Ltd)
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1323776 2014-09-24] (Bogdan Sharkov)
    HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-06] (Bitdefender)
    HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-06] (Bitdefender)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation(R).lnk
    ShortcutTarget: Content Manager Assistant for PlayStation(R).lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = reddit.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2251BE560D1ACF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKCU - {671409F7-889C-4A3A-9DE5-7A4E9B48CE34} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-3627555642-523329072-3733843303-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Scott\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

    FireFox:
    ========
    FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3627555642-523329072-3733843303-1000: @microsoft.com/Office on Demand;version=1 -> C:\Users\Scott\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
    FF Plugin HKU\S-1-5-21-3627555642-523329072-3733843303-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Scott\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF SearchPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\searchplugins\yahoo_ff.xml
    FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-13]
    FF Extension: Hola Unblocker - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-05-18]
    FF Extension: Reddit Enhancement Suite - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-05-16]
    FF Extension: Adblock Plus - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-16]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14]
    FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\ascsurfingprotection@iobit.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
    FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\adremoveext@adremoveext.net [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSearchURL: Default -> http://www.google.com/search?q={sea...lParameter}sourceid=chrome&ie={inputEncoding}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-05-16]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
    CHR Extension: (Adblock Plus) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-20]
    CHR Extension: (Console to potato) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjiofehpfmeacpgepkaeebbaokaejdi [2014-06-09]
    CHR Extension: (Avast Online Security) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-14]
    CHR Extension: (Reddit Enhancement Suite) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-05-19]
    CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
    CHR Extension: (AlienTube for YouTube™) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2014-07-20]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-09] (BitRaider, LLC)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [93048 2014-05-28] (EasyAntiCheat Ltd)
    S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
    R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
    S2 mfcoresvc; C:\Windows\system32\mfcoresvc.exe [16824 2014-10-04] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-02] ()
    R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2233168 2014-10-03] (Softros Systems, Inc.)
    R2 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2012-10-02] (Realtek) [File not signed]
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
    R2 SoftXpand 2011 Watchdog; C:\Program Files\MiniFrame\SoftXpand 2011\MFwatchdog.exe [34744 2014-01-01] (MiniFrame LTD.)
    R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-10-22] (RaMMicHaeL)
    S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
    S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-14] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-09] (BitRaider)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
    S4 LMIRfsClientNP; No ImagePath
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-16] (Intel Corporation)
    R0 mfcore; C:\Windows\System32\drivers\mfcore.sys [80312 2014-10-04] ()
    R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-11-13] (Realtek Semiconductor Corporation )
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2014-01-25] (Scarlet.Crush Productions)
    R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-11-13] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-14] ()
    S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] ()
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)
    S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz137; \??\C:\Users\Scott\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    U0 mfcorefs; No ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  18. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-14 19:26 - 2014-11-14 19:26 - 00027627 _____ () C:\Users\Scott\Desktop\FRST.txt
    2014-11-14 19:26 - 2014-11-14 19:26 - 00000000 ____D () C:\FRST
    2014-11-14 19:25 - 2014-11-14 19:25 - 00000911 _____ () C:\Users\Scott\Desktop\JRT.txt
    2014-11-14 19:22 - 2014-11-14 19:22 - 00002809 _____ () C:\Users\Scott\Desktop\AdwCleaner[S0].txt
    2014-11-14 19:21 - 2014-11-14 19:21 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-14 19:18 - 2014-11-14 19:18 - 00000000 ____D () C:\Users\Guesty\AppData\Roaming\AVAST Software
    2014-11-14 19:14 - 2014-11-14 19:16 - 00000000 ____D () C:\AdwCleaner
    2014-11-14 19:13 - 2014-11-14 19:12 - 01706808 _____ (Thisisu) C:\Users\Scott\Desktop\JRT.exe
    2014-11-14 19:12 - 2014-11-14 19:12 - 02140160 _____ () C:\Users\Scott\Downloads\adwcleaner_4.101.exe
    2014-11-14 19:12 - 2014-11-14 19:12 - 02140160 _____ () C:\Users\Scott\Desktop\adwcleaner_4.101.exe
    2014-11-14 19:12 - 2014-11-14 19:12 - 02116608 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
    2014-11-14 19:12 - 2014-11-14 19:12 - 02116608 _____ (Farbar) C:\Users\Scott\Desktop\FRST64.exe
    2014-11-14 19:12 - 2014-11-14 19:12 - 01706808 _____ (Thisisu) C:\Users\Scott\Downloads\JRT.exe
    2014-11-14 18:30 - 2014-11-14 18:30 - 00041379 _____ () C:\ComboFix.txt
    2014-11-14 18:27 - 2014-11-14 18:27 - 00000197 _____ () C:\Windows\system32\2014-11-14-18-27-31.089-AvastVBoxSVC.exe-2920.log
    2014-11-14 18:09 - 2014-11-14 18:30 - 00000000 ____D () C:\Qoobox
    2014-11-14 18:09 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-11-14 18:09 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-11-14 18:09 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-11-14 18:09 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-11-14 18:09 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-11-14 18:09 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-11-14 18:09 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-11-14 18:09 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-11-14 18:08 - 2014-11-14 18:28 - 00000000 ____D () C:\Windows\erdnt
    2014-11-14 18:06 - 2014-11-14 18:06 - 05598504 ____R (Swearware) C:\Users\Scott\Desktop\ComboFix.exe
    2014-11-14 18:06 - 2014-11-14 18:06 - 05598504 _____ (Swearware) C:\Users\Scott\Downloads\ComboFix.exe
    2014-11-14 17:10 - 2014-11-14 17:10 - 00000197 _____ () C:\Windows\system32\2014-11-14-17-10-12.027-AvastVBoxSVC.exe-5048.log
    2014-11-14 16:54 - 2014-11-14 18:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-11-14 16:54 - 2014-11-14 17:05 - 00000000 ____D () C:\Users\Scott\Desktop\mbar
    2014-11-14 16:53 - 2014-11-14 16:54 - 14439696 _____ (Malwarebytes Corp.) C:\Users\Scott\Downloads\mbar-1.08.1.1001.exe
    2014-11-14 16:52 - 2014-11-14 16:52 - 00008734 _____ () C:\Users\Scott\Desktop\RKreport_DEL_11142014_165218.log
    2014-11-14 16:48 - 2014-11-14 16:48 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-11-14 16:48 - 2014-11-14 16:48 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-11-14 16:47 - 2014-11-14 16:47 - 14678104 _____ () C:\Users\Scott\Desktop\RogueKiller.exe
    2014-11-14 15:48 - 2014-11-14 15:48 - 00000247 _____ () C:\Windows\system32\2014-11-14-15-48-12.096-aswFe.exe-7004.log
    2014-11-14 15:45 - 2014-11-14 15:48 - 00000247 _____ () C:\Windows\system32\2014-11-14-15-45-04.008-aswFe.exe-5704.log
    2014-11-14 15:44 - 2014-11-14 15:44 - 00000197 _____ () C:\Windows\system32\2014-11-14-15-44-19.014-AvastVBoxSVC.exe-7008.log
    2014-11-14 15:20 - 2014-11-14 15:24 - 00000000 ____D () C:\Windows\SysWOW64\vbox
    2014-11-14 15:20 - 2014-11-14 15:24 - 00000000 ____D () C:\Windows\system32\vbox
    2014-11-14 15:20 - 2014-11-14 15:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-11-14 15:20 - 2014-11-14 15:20 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2014-11-14 15:20 - 2014-11-14 15:20 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AVAST Software
    2014-11-14 15:20 - 2014-11-14 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2014-11-14 15:19 - 2014-11-14 15:19 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-11-14 15:19 - 2014-11-14 15:19 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-11-14 15:19 - 2014-11-14 15:19 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-11-14 15:19 - 2014-11-14 15:19 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-14 15:18 - 2014-11-14 15:19 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-14 15:17 - 2014-11-14 15:18 - 132469808 _____ (AVAST Software) C:\Users\Scott\Downloads\avast_free_antivirus_setup.exe
    2014-11-14 07:34 - 2014-11-14 07:49 - 00000939 _____ () C:\Users\Scott\Desktop\Game Over.txt
    2014-11-14 07:34 - 2014-09-07 19:14 - 00063034 _____ () C:\Users\Scott\Desktop\Poetry and stoof.pptx
    2014-11-14 07:31 - 2014-11-14 07:31 - 00049315 _____ () C:\Users\Scott\Downloads\Semicolons!.pptx
    2014-11-14 07:31 - 2014-11-14 07:31 - 00049315 _____ () C:\Users\Scott\Desktop\Semicolons!.pptx
    2014-11-14 06:44 - 2014-11-14 06:54 - 00000000 ____D () C:\Users\Scott\Outerra
    2014-11-14 06:44 - 2014-11-14 06:44 - 00002023 _____ () C:\Users\Scott\Desktop\Outerra Anteworld.lnk
    2014-11-14 06:44 - 2014-11-14 06:44 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outerra
    2014-11-14 06:44 - 2014-11-14 06:44 - 00000000 ____D () C:\Program Files (x86)\Outerra
    2014-11-14 06:29 - 2014-11-14 06:31 - 444091960 _____ () C:\Users\Scott\Downloads\Anteworld-0.8.3.4883.exe
    2014-11-13 22:16 - 2014-11-13 22:16 - 00032512 _____ () C:\Users\Scott\Desktop\dds.txt
    2014-11-13 22:16 - 2014-11-13 22:16 - 00018326 _____ () C:\Users\Scott\Desktop\attach.txt
    2014-11-13 22:15 - 2014-11-13 22:15 - 00688992 ____R (Swearware) C:\Users\Scott\Desktop\dds.com
    2014-11-13 22:15 - 2014-11-13 22:15 - 00688992 _____ (Swearware) C:\Users\Scott\Downloads\dds.com
    2014-11-13 22:01 - 2014-11-14 16:54 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-13 22:01 - 2014-11-14 16:54 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-13 22:01 - 2014-11-13 22:01 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-13 22:01 - 2014-11-13 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-13 22:01 - 2014-11-13 22:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-13 22:01 - 2014-11-13 22:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-13 22:01 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-13 22:01 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-13 22:00 - 2014-11-13 22:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Scott\Downloads\mbam-setup-2.0.3.1025.exe
    2014-11-13 21:20 - 2014-11-13 21:44 - 00000000 ____D () C:\Users\Scott\Downloads\Iron Maiden Ultimate Discography
    2014-11-13 20:55 - 2014-11-13 20:55 - 07597587 _____ () C:\Users\Scott\Downloads\videoplayback.m4a
    2014-11-13 20:52 - 2014-11-13 20:52 - 00003975 _____ () C:\Users\Scott\Downloads\youtube2mp3.crx
    2014-11-13 16:57 - 2014-11-14 19:18 - 00010778 _____ () C:\Windows\PFRO.log
    2014-11-13 16:46 - 2014-11-14 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-13 16:46 - 2014-11-13 16:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-13 16:45 - 2014-11-13 16:45 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-11-13 16:45 - 2014-11-13 16:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-11-13 16:45 - 2014-11-13 16:45 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-11-13 16:45 - 2014-11-13 16:45 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-11-13 16:45 - 2014-11-13 16:45 - 00000000 ____D () C:\Program Files\Java
    2014-11-13 16:44 - 2014-11-13 16:44 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-11-13 16:44 - 2014-11-13 16:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-11-13 16:44 - 2014-11-13 16:44 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-11-13 16:44 - 2014-11-13 16:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-13 16:44 - 2014-11-13 16:44 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-13 16:43 - 2014-11-13 16:43 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
    2014-11-13 16:43 - 2014-11-13 16:43 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2014-11-13 16:41 - 2014-11-13 16:41 - 28343384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 14863448 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 12894808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2014-11-13 16:41 - 2014-11-13 16:41 - 03959384 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02117424 _____ () C:\Windows\system32\SStudio.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2014-11-13 16:41 - 2014-11-13 16:41 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01934424 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01317976 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01168472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
    2014-11-13 16:41 - 2014-11-13 16:41 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00900696 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00291488 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00033592 _____ () C:\Windows\system32\audioLibVc.dll
    2014-11-13 16:41 - 2014-11-13 16:41 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2014-11-13 16:41 - 2014-11-13 16:41 - 00000000 ____D () C:\Program Files\Synaptics
    2014-11-13 16:40 - 2014-11-13 16:40 - 00034544 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
    2014-11-13 16:39 - 2014-11-13 16:39 - 03300568 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2014-11-13 16:30 - 2014-11-14 18:26 - 00002860 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (SYSTEM)
    2014-11-13 16:30 - 2014-11-13 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
    2014-11-13 16:14 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-13 16:14 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-13 16:14 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-13 16:14 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-13 16:14 - 2014-09-19 09:46 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-13 16:14 - 2014-09-19 09:46 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-11-13 16:14 - 2014-09-19 09:42 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-11-13 16:14 - 2014-09-19 09:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-11-13 16:14 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-13 16:14 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-13 16:14 - 2014-09-19 09:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-13 16:13 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-13 16:12 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-13 16:12 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-13 16:11 - 2014-11-13 16:11 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Scott
    2014-11-13 16:11 - 2014-11-13 16:11 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2014-11-13 16:11 - 2014-11-13 16:11 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
    2014-11-13 16:02 - 2014-11-13 16:02 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Blocker
    2014-11-13 16:02 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files\Softros Systems
    2014-11-13 07:10 - 2014-11-14 19:19 - 00002318 _____ () C:\Windows\setupact.log
    2014-11-13 07:10 - 2014-11-13 07:10 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-12 21:53 - 2014-11-13 22:10 - 00000000 ____D () C:\ProgramData\PehbeGiqsu
    2014-11-12 21:53 - 2014-11-12 21:53 - 00024694 _____ () C:\Users\Scott\AppData\Roaming\hs_err_pid7708.log
    2014-11-12 21:52 - 2014-11-13 22:10 - 00000000 ____D () C:\ProgramData\LehcAyco
    2014-11-12 21:45 - 2014-11-13 22:12 - 00000000 ____D () C:\ProgramData\HugyoMapuq
    2014-11-12 21:45 - 2014-11-12 21:52 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-11-12 20:27 - 2014-11-12 20:27 - 00002297 _____ () C:\Users\Guesty\Desktop\Skyrim (SKSE).lnk
    2014-11-12 20:27 - 2014-11-12 20:27 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk
    2014-11-12 20:26 - 2014-11-12 20:26 - 00000000 ____D () C:\Games
    2014-11-12 19:50 - 2014-11-12 20:26 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
    2014-11-12 19:22 - 2014-11-12 19:22 - 00000000 ____D () C:\Users\Scott\Documents\Mount&Blade Savegames
    2014-11-12 19:20 - 2014-11-12 19:24 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mount&Blade
    2014-11-10 17:35 - 2014-11-10 18:08 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\TS3Client
    2014-11-10 17:35 - 2014-11-10 17:35 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    2014-11-10 17:35 - 2014-11-10 17:35 - 00000000 ____D () C:\Users\Scott\AppData\Local\TeamSpeak 3 Client
    2014-11-09 11:03 - 2014-11-09 11:03 - 00000625 _____ () C:\Users\Scott\Documents\Uninstall STAR WARS The Old Republic.log
    2014-11-09 10:48 - 2014-11-09 10:48 - 00000000 ____D () C:\Users\Scott\AppData\Local\SWTOR
    2014-11-09 10:19 - 2014-11-09 10:19 - 00000000 ____D () C:\Users\Scott\AppData\Local\SWTORPerf
    2014-11-09 10:19 - 2014-11-09 10:19 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
    2014-11-09 10:19 - 2014-11-09 10:19 - 00000000 ____D () C:\ProgramData\BitRaider
    2014-11-09 10:18 - 2014-11-09 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
    2014-11-09 10:14 - 2014-11-09 10:18 - 00014679 _____ () C:\Users\Scott\Documents\Install STAR WARS The Old Republic.log
    2014-11-07 16:59 - 2014-11-07 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\AMD
    2014-11-04 15:10 - 2014-11-04 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    2014-11-04 15:10 - 2014-11-04 15:10 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
    2014-10-30 21:04 - 2014-10-30 21:21 - 00000000 ____D () C:\Users\Scott\Documents\Shiner
    2014-10-30 21:04 - 2014-10-30 21:04 - 00000000 ____D () C:\Users\Scott\Documents\Robot Entertainment
    2014-10-30 21:04 - 2014-10-30 21:04 - 00000000 ____D () C:\Users\Scott\AppData\Local\Robot Entertainment
    2014-10-29 21:43 - 2014-10-29 21:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
    2014-10-28 00:29 - 2014-10-28 00:41 - 00000000 ____D () C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
    2014-10-28 00:29 - 2014-10-28 00:29 - 00001052 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
    2014-10-28 00:06 - 2014-11-01 08:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BeamNG
    2014-10-25 16:29 - 2014-10-25 18:40 - 00000000 ____D () C:\Users\Scott\Documents\Riptide
    2014-10-25 15:11 - 2014-10-25 15:11 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\StunlockStudios
    2014-10-24 22:43 - 2014-10-24 22:44 - 00000000 ____D () C:\Users\Scott\Documents\Arma 3
    2014-10-24 22:42 - 2014-10-24 23:30 - 00000000 ____D () C:\Users\Scott\AppData\Local\Arma 3
    2014-10-24 22:42 - 2014-10-24 22:42 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
    2014-10-24 15:35 - 2014-10-24 15:35 - 00000000 ____D () C:\Users\Scott\AppData\Local\Playfire_Ltd
    2014-10-24 15:31 - 2014-10-24 15:31 - 00000000 ____D () C:\Program Files (x86)\PlayfireClientGames
    2014-10-24 15:29 - 2014-10-24 15:31 - 00000000 ____D () C:\Users\Scott\AppData\Local\Vulcan
    2014-10-24 15:29 - 2014-10-24 15:29 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Vulcan
    2014-10-24 15:29 - 2014-10-24 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playfire
    2014-10-24 15:29 - 2014-10-24 15:29 - 00000000 ____D () C:\Program Files (x86)\Playfire
    2014-10-23 17:59 - 2014-10-23 17:59 - 00000000 ____D () C:\Users\Scott\Documents\Skype Voice Records
    2014-10-23 17:59 - 2014-10-23 17:59 - 00000000 ____D () C:\Users\Scott\Documents\Clownfish Avatars
    2014-10-23 17:58 - 2014-10-23 17:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
    2014-10-23 17:58 - 2014-10-23 17:58 - 00000000 ____D () C:\Program Files (x86)\Clownfish
    2014-10-23 15:48 - 2014-10-23 15:48 - 00001386 ___SH () C:\Users\Scott\AppData\Roaming\systemMK.$dk
    2014-10-23 15:46 - 2014-10-23 15:47 - 00000000 ____D () C:\Users\Scott\Documents\MacroKeysData
    2014-10-18 07:06 - 2014-10-10 02:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-18 07:06 - 2014-10-10 02:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-18 07:06 - 2014-10-10 02:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-18 07:06 - 2014-10-07 02:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-18 07:06 - 2014-10-07 02:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-18 07:06 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-18 07:06 - 2014-09-25 22:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-18 07:06 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-18 07:06 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-18 07:06 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-18 07:06 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-18 07:06 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-18 07:06 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-18 07:06 - 2014-09-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-18 07:06 - 2014-09-19 01:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-18 07:06 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-18 07:06 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-18 07:06 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-18 07:06 - 2014-09-19 01:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-18 07:06 - 2014-09-19 01:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-18 07:06 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-18 07:06 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-18 07:06 - 2014-09-19 01:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-18 07:06 - 2014-09-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-18 07:06 - 2014-09-19 01:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-18 07:06 - 2014-09-19 01:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-18 07:06 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-18 07:06 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-18 07:06 - 2014-09-19 01:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-18 07:06 - 2014-09-19 01:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-18 07:06 - 2014-09-19 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-18 07:06 - 2014-09-19 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-18 07:06 - 2014-09-19 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-18 07:06 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-18 07:06 - 2014-09-19 01:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-18 07:06 - 2014-09-19 01:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-18 07:06 - 2014-09-19 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-18 07:06 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-18 07:06 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-18 07:06 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-18 07:06 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-18 07:06 - 2014-09-19 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-18 07:06 - 2014-09-19 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-18 07:06 - 2014-09-19 00:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-18 07:06 - 2014-09-19 00:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-18 07:06 - 2014-09-19 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-18 07:06 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-18 07:06 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-18 07:06 - 2014-09-19 00:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-18 07:06 - 2014-09-19 00:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-18 07:06 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-18 07:06 - 2014-09-19 00:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-18 07:06 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-18 07:06 - 2014-09-19 00:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-18 07:06 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-18 07:06 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-18 07:06 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-18 07:06 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-18 07:06 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-18 07:06 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-18 07:05 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-18 07:05 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-18 07:05 - 2014-08-29 02:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-18 07:05 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-18 07:05 - 2014-08-29 02:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2014-10-18 07:05 - 2014-08-29 02:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-10-18 07:05 - 2014-08-29 02:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-18 07:05 - 2014-08-29 01:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-18 07:05 - 2014-08-29 01:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-18 07:05 - 2014-08-29 01:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-18 07:05 - 2014-08-29 01:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-10-18 07:05 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-18 07:05 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-18 07:05 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-18 07:05 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-18 07:05 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-18 07:05 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-18 07:05 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-18 06:59 - 2014-10-18 06:59 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit
    2014-10-18 06:59 - 2014-10-18 06:59 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit
    2014-10-15 16:10 - 2014-10-15 16:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-10-15 16:10 - 2014-10-15 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-14 19:25 - 2009-07-14 04:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-14 19:25 - 2009-07-14 04:45 - 00029136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-14 19:24 - 2009-07-14 05:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-14 19:23 - 2014-01-25 19:32 - 01728348 _____ () C:\Windows\WindowsUpdate.log
    2014-11-14 19:19 - 2014-04-27 16:28 - 00000000 ____D () C:\Users\Scott\AppData\Local\LogMeIn Hamachi
    2014-11-14 19:19 - 2014-01-25 20:41 - 00000000 ____D () C:\Program Files (x86)\Steam
    2014-11-14 19:19 - 2014-01-25 20:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-14 19:18 - 2014-10-04 14:23 - 00000000 ____D () C:\Users\Guesty\AppData\Local\LogMeIn Hamachi
    2014-11-14 19:18 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-14 19:10 - 2014-05-05 16:35 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Spotify
    2014-11-14 19:02 - 2014-01-26 19:33 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Skype
    2014-11-14 18:47 - 2014-01-25 20:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-14 18:30 - 2009-07-14 03:20 - 00000000 __RHD () C:\Users\Default
    2014-11-14 18:25 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
    2014-11-14 18:05 - 2014-06-20 17:26 - 00000000 ____D () C:\Users\Scott\Documents\Witcher 2
    2014-11-14 17:26 - 2014-05-05 16:39 - 00000000 ____D () C:\Users\Scott\AppData\Local\Spotify
    2014-11-14 17:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
    2014-11-14 16:52 - 2014-02-04 21:25 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashDumps
    2014-11-14 15:58 - 2014-01-25 21:11 - 00000000 ____D () C:\Program Files (x86)\IObit
    2014-11-14 15:43 - 2014-02-20 19:02 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2014-11-14 15:43 - 2014-02-20 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2014-11-14 15:43 - 2014-02-03 18:28 - 00000000 ____D () C:\Program Files\WinRAR
    2014-11-14 15:42 - 2014-01-25 20:39 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-14 15:42 - 2014-01-25 20:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-14 15:30 - 2014-03-17 07:26 - 05077520 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-14 15:18 - 2014-09-13 07:24 - 00000000 ____D () C:\ProgramData\Unchecky
    2014-11-14 15:16 - 2014-03-13 17:59 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-14 15:16 - 2014-03-13 17:59 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-14 06:44 - 2014-01-25 19:32 - 00000000 ____D () C:\Users\Scott
    2014-11-14 06:12 - 2014-07-17 06:24 - 00000000 ____D () C:\Users\Scott\AppData\Local\Adobe
    2014-11-13 22:12 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Branding
    2014-11-13 22:11 - 2014-03-01 18:45 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\BitTorrent
    2014-11-13 16:46 - 2014-03-16 21:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-13 16:46 - 2014-02-19 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-13 16:43 - 2014-01-25 21:18 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
    2014-11-13 16:42 - 2014-01-25 21:25 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
    2014-11-13 16:30 - 2014-01-26 14:01 - 00003170 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
    2014-11-13 16:30 - 2014-01-26 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
    2014-11-13 16:30 - 2014-01-25 21:11 - 00000000 ____D () C:\ProgramData\ProductData
    2014-11-13 16:15 - 2014-01-25 21:11 - 00000000 ____D () C:\ProgramData\IObit
    2014-11-13 16:13 - 2014-01-25 21:03 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\IObit
    2014-11-13 16:07 - 2014-03-27 15:42 - 00007598 _____ () C:\Users\Scott\AppData\Local\Resmon.ResmonCfg
    2014-11-13 15:50 - 2014-05-22 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
    2014-11-12 20:55 - 2014-06-21 19:53 - 00000000 ____D () C:\Users\Scott\AppData\Local\Skyrim
    2014-11-12 20:26 - 2014-06-21 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
    2014-11-12 20:13 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-11-12 19:57 - 2014-07-30 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Factorio
    2014-11-12 19:41 - 2014-02-20 18:12 - 00000000 ____D () C:\Users\Scott\Documents\Nexus Mod Manager
    2014-11-12 18:46 - 2014-01-31 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    2014-11-12 18:45 - 2014-01-31 08:06 - 00000000 ____D () C:\GOG Games
    2014-11-12 15:10 - 2014-01-26 10:06 - 84279296 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
    2014-11-12 15:10 - 2014-01-26 10:06 - 01032192 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
    2014-11-12 15:10 - 2014-01-26 10:06 - 00098304 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
    2014-11-12 15:10 - 2014-01-26 10:06 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
    2014-11-04 17:58 - 2014-03-05 18:19 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\OBS
    2014-11-01 17:19 - 2014-01-26 10:06 - 43876352 _____ () C:\Windows\system32\config\COMPONENTS.iodefrag.bak
    2014-10-29 10:16 - 2014-03-01 08:10 - 00000003 _____ () C:\Windows\system32\HRUPPROG.TXT
    2014-10-29 10:03 - 2014-05-27 14:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
    2014-10-28 06:34 - 2010-11-21 03:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-28 00:41 - 2014-04-26 09:40 - 00000000 ____D () C:\ProgramData\Steam
    2014-10-28 00:41 - 2014-01-26 10:46 - 00000000 ____D () C:\Users\Scott\AppData\Local\My Games
    2014-10-28 00:41 - 2014-01-26 01:35 - 00000000 ____D () C:\Users\Scott\Documents\my games
    2014-10-27 21:35 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-24 23:18 - 2014-02-12 19:55 - 00000000 ____D () C:\Users\Scott\Documents\ArmA 2
    2014-10-24 15:28 - 2014-01-25 20:57 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-10-19 07:39 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-19 07:37 - 2014-05-05 11:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-18 07:17 - 2014-09-21 18:53 - 00000000 ____D () C:\Program Files\Microsoft Office 15
    2014-10-15 16:10 - 2014-01-26 19:33 - 00000000 ____D () C:\ProgramData\Skype

    Files to move or delete:
    ====================
    C:\Users\Scott\jagex_cl_runescape_LIVE.dat
    C:\Users\Scott\random.dat


    Some content of TEMP:
    ====================
    C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
    C:\Users\Scott\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-11-05 20:13

    ==================== End Of Log ============================
     
  19. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
    Ran by Scott at 2014-11-14 19:27:03
    Running from C:\Users\Scott\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    «The Sims 3 Deluxe Edition» (build 10.2) (HKLM-x32\...\«The Sims 3 Deluxe Edition»_is1) (Version: - R.G. Catalyst)
    3DMark Demo (HKLM-x32\...\Steam App 231350) (Version: - Futuremark)
    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
    Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version: - Remedy Entertainment)
    AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Anarchy Arcade (HKLM-x32\...\Steam App 266430) (Version: - Elijah Newman-Gomez)
    Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
    Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
    ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.1.0 - ASUS)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
    Beer goggles (HKLM\...\UDK-52a6e785-7c03-473d-afcc-12e5243b10f3) (Version: - Epic Games, Inc.)
    Binary Domain (HKLM-x32\...\Steam App 203750) (Version: - Devil's Details)
    BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
    BioShock 2 (HKLM-x32\...\Steam App 8850) (Version: - 2K Marin)
    BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    BitTorrent (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
    Black Shell Games - SanctuaryRPG - (HKLM-x32\...\Black Shell Games SanctuaryRPG) (Version: "1.0.0.1.0.0.1.0.0" - "Black Shell Games")
    Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version: - Zombie, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
    Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 - Game Of The Year Edition (HKLM-x32\...\Borderlands 2 - Game Of The Year Edition_is1) (Version: Borderlands 2 - Game Of The Year Edition - )
    Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
    BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
    Botanicula (HKLM-x32\...\Steam App 207690) (Version: - Amanita Design)
    Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
    Cargo Commander (HKLM-x32\...\Steam App 220460) (Version: - Serious Brew)
    Carmageddon Mod version 3.1.3 (HKLM-x32\...\{0FF4BBB6-B94A-4462-B50F-CF21828944F4}_is1) (Version: 3.1.3 - GiphtWorks)
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
    Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
    Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)
    Content Manager Assistant for PlayStation(R) (HKLM-x32\...\{32C46540-7693-49E1-A81E-121B09C8303B}) (Version: 3.00.7187.47 - Sony Computer Entertainment Inc.)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
    Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version: - Paradox Development Studio)
    Cube World v0.1.0 (FIXED)(5 July 2013) (HKLM-x32\...\Cube World v0.1.0 (FIXED)(5 July 2013)0.1.0) (Version: 0.1.0 - Friends in War)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
    DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
    Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version: - Techland)
    Dead Island: Epidemic (HKLM-x32\...\Steam App 222900) (Version: - Stunlock Studios)
    Dino D-Day (HKLM-x32\...\Steam App 70000) (Version: - 800 North and Digital Ranch)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dota 2 Test (HKLM-x32\...\Steam App 205790) (Version: - )
    Dota 2 Workshop Tools Alpha (HKLM-x32\...\Steam App 316570) (Version: - )
    Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
    Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
    Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
    Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
    Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
    Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
    Enemy Territory - QUAKE Wars(TM) (HKLM-x32\...\InstallShield_{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}) (Version: 1.0 - Activision)
    Enemy Territory - QUAKE Wars(TM) (x32 Version: 1.0 - Activision) Hidden
    Enhanced Steam Standalone (HKLM-x32\...\Enhanced Steam) (Version: - )
    Factorio version 0.9.8 (HKLM\...\Factorio_is1) (Version: - )
    Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)
    Flawless Widescreen version 1.0.12 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.12 - Flawless Widescreen)
    Floating Point (HKLM-x32\...\Steam App 302380) (Version: - Suspicious Developments)
    Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
    FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
    Futuremark SystemInfo (HKLM-x32\...\{EF7EA37B-C009-4D53-AE2A-FF7C6AEC35CE}) (Version: 4.26.386 - Futuremark)
    Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
    GameRanger (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\GameRanger) (Version: - GameRanger Technologies)
    Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
    GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version: - Positech Games)
    Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
    Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music)
    Guncraft (HKLM-x32\...\Steam App 241720) (Version: - Exato Games Studio)
    Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version: - Muse Games)
    Hack n Slash Prototype (HKLM-x32\...\Steam App 228080) (Version: - )
    Ham Sandwich Simulator (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Ham Sandwich Simulator) (Version: - )
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
    Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
    Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
    Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche)
    Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - JC2-MP Team)
    Katawa Shoujo (HKLM-x32\...\Katawa Shoujo) (Version: - )
    Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
    Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)
    King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version: - 1C Company)
    LBOTS Top mouse Driver (HKLM-x32\...\{F1A273BD-6A9E-41D8-A111-5E56ACD286F8}) (Version: 1.0 - Togran)
    League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
    League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
    Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
    Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
    LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM-x32\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
    Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
    MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
    Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Magicka: Wizard Wars (HKLM-x32\...\Steam App 202090) (Version: - Paradox North)
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
    Mass Effect™ 2 (HKLM-x32\...\{E19B628D-A9BC-4519-B1D4-4C8C09074F7F}) (Version: 1.2.1604.0 - Electronic Arts)
    Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
    Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
    Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
    Microsoft Office on Demand Browser Add-ons (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Microsoft Office on Demand Browser Add-ons) (Version: - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
    Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
    Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    Mumble 1.2.7 (HKLM-x32\...\{CF8BBFA2-5502-4904-A9E9-8D5CAA8DF785}) (Version: 1.2.7 - Thorvald Natvig)
    My Game Long Name (HKLM\...\UDK-4097d3b9-32d9-46d9-9d0d-27d2db8135ec) (Version: - Epic Games, Inc.)
    Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
    Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
    Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
    No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
    ON_OFF Charge 2 B13.0910.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
    ON_OFF Charge 2 B13.0910.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
    OnTopReplica (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\OnTopReplica) (Version: 3.4 - Lorenz Cuno Klopfenstein)
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenRA (HKLM-x32\...\OpenRA) (Version: - OpenRA developers)
    Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version: - Robot Entertainment)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
    ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
    Outerra - Anteworld - Outerra Anteworld Demo (HKLM-x32\...\Outerra Anteworld) (Version: "0.8.3-4883" - "Outerra")
    Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
    PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)
    PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
    PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
    Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
    Playfire (HKLM-x32\...\{bc221981-d0cd-4571-a939-67242a4b438d}) (Version: 0.0.70.0 - Playfire)
    Playfire (x32 Version: 0.0.70.0 - Playfire) Hidden
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
    Process Blocker 1.0.8.0 (HKLM\...\{CA9508EC-27DB-422C-BF2B-154F2106050F}) (Version: 1.0.8.0 - Softros Systems, Inc.)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
    Quake Live (HKLM-x32\...\Steam App 282440) (Version: - id Software)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)
    Renegade X (HKLM-x32\...\UDK-4fc3a6b6-3d0e-4dce-b127-8e60191e2b1e) (Version: Open Beta 1 - Totem Arts)
    Reus (HKLM-x32\...\Steam App 222730) (Version: - Abbey Games)
    RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
    Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes)
    Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
    Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )
    Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
    Rocksmith 2014 (HKLM-x32\...\Rocksmith 20141.3) (Version: 1.3 - Ubisoft)
    RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
    RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
    RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
    RPG Maker VX Ace (HKLM-x32\...\Steam App 220700) (Version: - Enterbrain)
    S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version: - GSC Game World)
    S.W.A.P version 1.0.0.0 (HKLM-x32\...\{9810E17A-BB1B-4C35-803B-380C5FB19570}_is1) (Version: 1.0.0.0 - Chaos Theory Games)
    Sacrifice (HKLM-x32\...\Sacrifice_is1) (Version: - GOG.com)
    Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
    Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
    Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version: - Artifice Studio)
    Sid Meier’s Ace Patrol: Pacific Skies (HKLM-x32\...\Steam App 244090) (Version: - Firaxis)
    Sid Meier's Ace Patrol (HKLM-x32\...\Steam App 244070) (Version: - Firaxis Games)
    Sid Meiers Civilization Beyond Earth (HKLM-x32\...\U2lkTWVpZXJzQ2l2aWxpemF0aW9uQmV5b25kRWFydGg=_is1) (Version: 1 - )
    Sid Meier's Civilization IV (HKLM-x32\...\Steam App 3900) (Version: - Firaxis Games)
    SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
    Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
    SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
    Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.3 - IObit)
    Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
    SoftXpand Duo Pro (HKLM\...\{787DFE02-CC6C-4AAC-B455-166BBEE4C5AF}) (Version: 1.2.5 - MiniFrame)
    Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
    Space Engineers (HKLM-x32\...\Steam App 244850) (Version: - )
    Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
    Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version: - Yager)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
    Spotify (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version: - )
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
    Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
    System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
    Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
    TeamSpeak 3 Client (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
    The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin)
    The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes)
    The Elder Scrolls IV: Oblivion (HKLM-x32\...\Steam App 22330) (Version: - Bethesda Game Studios)
    The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
    The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
    The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
    The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version: - Arrowhead Game Studios)
    The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.4 - Electronic Arts)
    The Sims™ 3 Diesel Каталог (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
    The Sims™ 3 Katy Perry Сладкие радости (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
    The Sims™ 3 Времена года (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
    The Sims™ 3 Все возрасты (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
    The Sims™ 3 Городская жизнь Каталог (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
    The Sims™ 3 Изысканная спальня Каталог (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
    The Sims™ 3 Карьера (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
    The Sims™ 3 Кино Каталог (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
    The Sims™ 3 Отдых на природе Каталог (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
    The Sims™ 3 Скоростной режим Каталог (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
    The Sims™ 3 Современная роскошь Каталог (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.9.6 - Electronic Arts)
    The Sims™ 3 Стильные 70-е, 80-е, 90-е Каталог (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
    The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
    The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
    The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
    Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
    Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version: - Black Pants Game Studio)
    Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
    Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
    Tower of Guns (HKLM-x32\...\Steam App 266110) (Version: - Terrible Posture Games)
    TrackMania Nations Forever (HKLM-x32\...\Steam App 11020) (Version: - Nadeo)
    Tropico 4 (HKLM-x32\...\Steam App 57690) (Version: - Haemimont Games)
    Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)
    Unchecky v0.3.3 (HKLM-x32\...\Unchecky) (Version: 0.3.3 - RaMMicHaeL)
    Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
    Unity Web Player (HKU\S-1-5-21-3627555642-523329072-3733843303-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
    Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version: - Giant Army)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    USB Drum V1.03 (HKLM-x32\...\USB Drum_is1) (Version: - )
    Velvet Sundown (HKLM-x32\...\Steam App 307290) (Version: - Tribe Studios)
    VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VVVVVV (HKLM-x32\...\Steam App 70300) (Version: - Terry Cavanagh)
    Wanderlust: Rebirth (HKLM-x32\...\Steam App 211580) (Version: - Yeti Trunk)
    Warcraft III Reign of Chaos & The Frozen Throne (HKLM-x32\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )
    Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
    Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
    Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version: - Relic Entertainment)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Wing Commander III (HKLM-x32\...\{F96B9930-E22A-44D6-81B5-6C8E92C21B4B}) (Version: 2.0.0.2 - Electronic Arts)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
    X-COM: Apocalypse (HKLM-x32\...\Steam App 7660) (Version: - MicroProse Software, Inc)
    XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games)
    X-COM: Enforcer (HKLM-x32\...\Steam App 7770) (Version: - MicroProse Software, Inc)
    X-COM: Interceptor (HKLM-x32\...\Steam App 7730) (Version: - MicroProse Software, Inc)
    X-COM: Terror from the Deep (HKLM-x32\...\Steam App 7650) (Version: - MicroProse Software, Inc)
    X-COM: UFO Defense (HKLM-x32\...\Steam App 7760) (Version: - MicroProse Software, Inc)
    Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
    Zen Bound® 2 (HKLM-x32\...\Steam App 61600) (Version: - Secret Exit Ltd.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-3627555642-523329072-3733843303-1000_Classes\CLSID\{225F8CFE-1B76-48E6-8E75-62CC471AFA28}\InprocServer32 -> C:\Users\Scott\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\RoamingOfficeActiveX.64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    14-11-2014 15:14:49 Windows Update
    14-11-2014 16:53:20 Pre-Malware

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-05-16 06:57 - 2014-11-14 19:18 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com

    There are 5 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {048956D2-ADE8-4BEA-8543-DDDB0B320886} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
    Task: {0B04B492-D668-4C3D-A2D8-88191EB4E79E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
    Task: {4A4B8207-81A0-4FD7-AB3C-0098CE6104FE} - System32\Tasks\Shutdown1 => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
    Task: {574C36C7-CDF8-4CAF-8BA7-771CB599B0D4} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-28] (IObit)
    Task: {5A9250F8-0D74-4626-8E45-6DD7E8353B63} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: {5B2DF359-CE8A-4634-A6E7-A30124B8905A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
    Task: {5E535E08-AD95-4E4C-B5A0-16DA63B80A14} - System32\Tasks\AdobeAAMUpdater-1.0-IndieInside-Scott => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)
    Task: {6D23752D-1857-4998-B04D-F655785BDE1D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3627555642-523329072-3733843303-1000
    Task: {700E3BAC-430A-4765-BAA7-567A86F2743E} - System32\Tasks\Uninstaller_SkipUac_Scott => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
    Task: {860033B9-E579-4B8E-AEF2-1A622B45CCFE} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
    Task: {922B9753-1E97-404E-9B3F-2C0284675D98} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
    Task: {B4C690A7-0A2D-4223-A71F-52ED0CC8A737} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3627555642-523329072-3733843303-1001
    Task: {CB7C2950-2A7D-4183-A2A7-3BD5F23EAC69} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-25] (Google Inc.)
    Task: {D4FCB8E5-81A0-4D09-8AC1-FB8AF3D35BC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
    Task: {E4488050-D2F9-4FB7-83D2-BAF767878FA9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
    Task: {F09D9160-26D5-4B10-B284-C447B3EF7644} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-09-21 18:53 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2014-04-24 06:50 - 2014-07-02 14:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-01-25 19:55 - 2012-10-02 18:46 - 06856704 _____ () C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtWlan.exe
    2014-11-14 15:19 - 2014-11-14 15:19 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
    2014-11-14 15:19 - 2014-11-14 15:19 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
    2014-10-18 07:16 - 2014-09-09 14:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-09-25 15:47 - 2014-08-11 20:35 - 01009952 _____ () C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\Plugin\SPNativeMessage.exe
    2014-11-14 18:10 - 2014-11-14 18:10 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111400\algo.dll
    2014-11-14 15:19 - 2014-11-14 15:19 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
    2014-11-14 15:19 - 2014-11-14 15:19 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-22 10:55 - 2014-11-11 18:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2014-08-22 10:55 - 2014-11-11 18:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2014-08-22 10:55 - 2014-11-11 18:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2014-01-25 20:45 - 2014-11-11 18:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2014-05-01 05:14 - 2014-11-12 01:04 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
    2014-08-22 10:55 - 2014-11-11 18:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2014-08-22 10:55 - 2014-11-11 18:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2014-01-25 20:45 - 2014-11-12 01:04 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-01-25 19:55 - 2012-10-02 19:13 - 00126976 _____ () C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\EnumDevLib.dll
    2014-01-25 21:11 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2014-01-25 21:11 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2014-01-25 21:11 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2014-01-25 20:45 - 2014-11-11 18:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2014-01-25 21:10 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-10-29 20:31 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
    2014-10-29 20:31 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
    2014-10-29 20:31 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
    2014-10-29 20:31 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
    2014-10-18 07:16 - 2014-09-09 13:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2014-10-29 20:31 - 2014-10-22 04:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Dare-U mouse => "C:\Program Files (x86)\Gaming Mouse\DareUMonitor.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-3627555642-523329072-3733843303-500 - Administrator - Disabled)
    Guest (S-1-5-21-3627555642-523329072-3733843303-501 - Limited - Disabled) => C:\Users\Guest
    Guesty (S-1-5-21-3627555642-523329072-3733843303-1001 - Limited - Enabled) => C:\Users\Guesty
    Scott (S-1-5-21-3627555642-523329072-3733843303-1000 - Administrator - Enabled) => C:\Users\Scott

    ==================== Faulty Device Manager Devices =============

    Name: LogMeIn Kernel Information Provider
    Description: LogMeIn Kernel Information Provider
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: LMIInfo
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: BlueStacks Hypervisor
    Description: BlueStacks Hypervisor
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BstHdDrv
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-11-14 18:21:13.979
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-11-14 18:21:13.928
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
    Percentage of memory in use: 40%
    Total physical RAM: 8070.64 MB
    Available physical RAM: 4823.55 MB
    Total Pagefile: 16139.47 MB
    Available Pagefile: 12231.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:931.41 GB) (Free:136.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive e: (Data) (Fixed) (Total:465.75 GB) (Free:429.97 GB) NTFS
    Drive g: (Borderlands 2 GO) (CDROM) (Total:8.75 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 2B7E7AE6)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DB156B0F)
    Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2014 02
    Ran by Scott at 2014-11-14 20:18:42 Run:1
    Running from C:\Users\Scott\Desktop
    Loaded Profile: Scott (Available profiles: Scott & Guesty & Guest)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-3627555642-523329072-3733843303-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\ascsurfingprotection@iobit.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
    FF Extension: No Name - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\adremoveext@adremoveext.net [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
    S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
    S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz137; \??\C:\Users\Scott\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    U0 mfcorefs; No ImagePath
    C:\Users\Scott\jagex_cl_runescape_LIVE.dat
    C:\Users\Scott\random.dat
    C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
    C:\Users\Scott\AppData\Local\Temp\sqlite3.dll

    *****************

    "HKU\S-1-5-21-3627555642-523329072-3733843303-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\ascsurfingprotection@iobit.com not found.
    C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
    C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\dffs8p0f.default\extensions\adremoveext@adremoveext.net not found.
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
    BstHdAndroidSvc => Service deleted successfully.
    BstHdLogRotatorSvc => Service deleted successfully.
    BstHdUpdaterSvc => Service deleted successfully.
    BstHdDrv => Service deleted successfully.
    catchme => Service deleted successfully.
    cpuz137 => Service deleted successfully.
    EagleX64 => Service deleted successfully.
    gdrv => Service deleted successfully.
    GPUZ => Service deleted successfully.
    LMIInfo => Service deleted successfully.
    mfcorefs => Service deleted successfully.
    C:\Users\Scott\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\Scott\random.dat => Moved successfully.
    C:\Users\Scott\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Scott\AppData\Local\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog ====
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  23. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.89
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 72
    Java version out of Date!
    Adobe Flash Player 15.0.0.223
    Adobe Reader XI
    Google Chrome 38.0.2125.104
    Google Chrome 38.0.2125.111
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast ng vbox\AvastVBoxSVC.exe
    AVAST Software Avast ng ngservice.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Scott (administrator) on 14-11-2014 at 22:49:49
    Running from "C:\Users\Scott\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  24. UndefinedHell

    UndefinedHell TS Rookie Topic Starter Posts: 18

    C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
    C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth\steam_api.dll Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
    C:\Program Files (x86)\Ubisoft\Rocksmith 2014\rocksmith2014-nocable-loader.exe a variant of Win32/HackTool.Patcher.N potentially unsafe application deleted - quarantined
    C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe a variant of Win32/Delf.QZL trojan cleaned by deleting - quarantined
    C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
    C:\Qoobox\Quarantine\C\Users\Scott\AppData\Roaming\Slick Savings\coupons_2.9.xpi.vir JS/Adware.Spigot.A application deleted - quarantined
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    =============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...