I have a backdoor malware! "Windows/temp/svchost.exe"

Solved
By Boldimore
Dec 18, 2013
  1. Today I started up my PC and as soon as it gotten to the desktop, AVG detected "General detection behavior" from a svchost.exe locaed in the Windows/temp folder. I searched on the net and found out that I cant remove it without your help. Please instruct me on how to remove this treat. Thanks in advance!
    Virus.jpg
  2. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    I followed the instructions from this link:
    http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/
    ---------------------------------------------------------------------------------------------------------
    I have 2 logs, the second is after a computer restart(I wasn't prompted to do a restart)
    • First Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.18.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Boldimore :: BOLDIMORE-PC [administrator]

    Protection: Enabled

    18.12.2013. 13:07:31
    mbam-log-2013-12-18 (13-07-31).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215652
    Time elapsed: 4 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

    (end)
    ---------------------------------------------------------------------------------------------------------
    • Second Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.18.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Boldimore :: BOLDIMORE-PC [administrator]

    Protection: Enabled

    18.12.2013. 13:19:51
    mbam-log-2013-12-18 (13-19-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 215550
    Time elapsed: 5 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
    C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

    (end)
    ---------------------------------------------------------------------------------------------------------
    • DDS logs: DDS.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by Boldimore at 13:33:20 on 2013-12-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.6143.4560 [GMT 1:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Boldimore Program Files\Hard Disk Sentinel\HDSentinel.exe
    C:\Boldimore Program Files\Core Temp\Core Temp.exe
    C:\Windows\System32\schtasks.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Boldimore Program Files\Super Charger\ChargeService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Boldimore Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 32-bit\bin\ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 32-bit\bin\jp2ssv.dll
    EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DAEMON Tools Lite] "C:\Boldimore Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [AVG_UI] "C:\Boldimore Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Boldimore Program Files\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3F0D3C39-705F-4E7E-9505-8476A2C9F8AC} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{E112D929-BF71-4EEB-BFE5-B4EFF94397DD} : DHCPNameServer = 7.254.254.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 64-bit\bin\ssv.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 64-bit\bin\jp2ssv.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\
    FF - plugin: C:\Boldimore Program Files\Java 32-bit\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Boldimore Program Files\Java 32-bit\bin\plugin2\npjp2.dll
    FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
    R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-2 283064]
    R2 avgwd;AVG WatchDog;C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
    R2 MSI_SuperCharger;MSI_SuperCharger;C:\Boldimore Program Files\Super Charger\ChargeService.exe [2013-7-19 161264]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-13 1370912]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 15128352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-23 414496]
    R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-16 5341536]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Boldimore Program Files\Super Charger\NTIOLib_X64.sys [2013-7-19 13368]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-13 39200]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-8-30 31232]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-7-20 44672]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-18 418376]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-18 701512]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-18 25928]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-19 19456]
    S3 RTCore64;RTCore64;C:\Boldimore Program Files\EVGA Precision X\RTCore64.sys [2013-7-18 15176]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-19 805088]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-19 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-19 30208]
    S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
    S3 TunngleService;TunngleService;C:\Boldimore Program Files\Tunngle\TnglCtrl.exe [2013-8-30 759192]
    S3 vncserver;VNC Server;C:\Boldimore Program Files\RealVNC\VNC Server\vncserver.exe [2013-10-22 4787008]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-11 1255736]
    S3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-7-29 17160]
    .
    =============== Created Last 30 ================
    .
    2013-12-18 12:02:36 -------- d-----w- C:\Users\Boldimore\AppData\Roaming\Malwarebytes
    2013-12-18 12:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-12-18 12:02:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-12-18 12:02:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-18 11:27:50 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-12-18 11:27:47 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\mpengine.dll
    2013-12-16 17:50:13 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2013-12-15 20:41:02 -------- d-----w- C:\Users\Boldimore\AppData\Local\Apple
    2013-12-14 10:43:29 -------- d-----w- C:\Windows\Migration
    2013-12-13 11:53:02 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2013-12-13 11:53:02 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2013-12-12 23:32:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2013-12-12 23:32:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2013-12-12 23:32:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2013-12-12 23:32:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2013-12-12 23:30:58 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-12-12 23:30:57 5769216 ----a-w- C:\Windows\System32\jscript9.dll
    2013-12-12 23:30:40 -------- d-----w- C:\Windows\PCHEALTH
    2013-12-10 23:00:30 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2013-12-09 13:42:01 -------- d-----w- C:\ProgramData\Stardock
    2013-12-09 13:42:01 -------- d-----w- C:\ProgramData\Ironclad Games
    2013-12-08 09:36:15 -------- d-----w- C:\Users\Boldimore\VirtualBox VMs
    2013-12-08 09:31:58 -------- d-----w- C:\Users\Boldimore\.VirtualBox
    2013-12-08 09:31:39 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2013-12-08 09:31:33 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2013-12-02 12:44:33 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2013-11-29 16:43:00 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2013-11-29 16:43:00 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2013-11-29 16:40:46 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2013-11-23 11:18:38 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2013-11-20 19:43:52 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-11-20 19:43:11 -------- d-----w- C:\ProgramData\Oracle
    2013-11-20 19:43:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-11-20 10:45:16 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
    2013-11-20 10:44:59 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
    .
    ==================== Find3M ====================
    .
    2013-12-17 21:44:24 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2013-12-17 21:44:24 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2013-12-16 19:14:32 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-12-10 23:00:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-10 23:00:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-29 16:56:58 1096480 ----a-w- C:\Windows\System32\nvspcap64.dll
    2013-11-29 16:56:57 979744 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-23 17:42:12 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-11-23 17:42:12 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-11-23 17:42:10 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-11-23 17:42:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-11-23 17:42:10 219424 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-11-22 16:28:31 3498475 ----a-w- C:\Windows\System32\nvcoproc.bin
    2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
    2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2013-11-05 20:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
    2013-11-04 20:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-10-31 22:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2013-10-31 21:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2013-10-30 17:02:58 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
    2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
    2013-10-24 21:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2013-10-23 14:11:22 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
    2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
    2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
    2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
    2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
    2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
    2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
    2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
    2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
    2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
    2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
    2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
    2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
    2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
    2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
    2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
    2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
    2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
    2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
    2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
    2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
    2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
    2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
    2013-10-03 10:34:12 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys
    2013-10-03 10:34:12 37704 ----a-w- C:\Windows\System32\VNCpm.dll
    2013-10-03 10:34:12 26112 ----a-w- C:\Windows\System32\vncmirror.dll
    2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
    2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
    2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
    2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
    2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
    2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
    2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
    2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
    2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
    2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
    2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
    2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
    2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
    2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2013-09-30 23:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2013-09-27 08:57:55 1884448 ----a-w- C:\Windows\System32\nvdispco6433140.dll
    2013-09-27 08:57:55 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433140.dll
    2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    .
    ============= FINISH: 13:33:46,25 ===============
    ---------------------------------------------------------------------------------------------------------
    • DDS logs: Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19.7.2013. 19:15:52
    System Uptime: 18.12.2013. 13:17:07 (0 hours ago)
    .
    Motherboard: MSI | | 870A-G54 (FX)
    Processor: AMD FX(tm)-6100 Six-Core Processor | CPU1 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 250,116 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75991462&REV_03\4&28B85F88&0&00A9
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75991462&REV_03\4&28B85F88&0&00A9
    Service: RTL8167
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Tools for .Net 3.5
    7-Zip 9.20 (x64 edition)
    Acoustica Mixcraft 6
    Adobe After Effects CS6
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Manager
    Adobe Photoshop CS6
    Adobe Reader XI (11.0.05)
    Adobe Story
    Advanced Installer 10.3
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    APB Reloaded
    Apple Application Support
    Apple Software Update
    µTorrent
    Aurora 24.0a2 (x86 en-US)
    Aurora 27.0a2 (x86 en-US)
    AVG 2014
    Bandicam
    Bandisoft MPEG-1 Decoder
    Blend for Visual Studio 2012
    Blend for Visual Studio 2012 ENU resources
    Blend for Visual Studio Add-in for Adobe FXG Import
    Blend for Visual Studio SDK for .NET 4.5
    Blend for Visual Studio SDK for Silverlight 5
    Catalyst Control Center InstallProxy
    CCleaner
    Cheat Engine 6.3
    Cities in Motion 2 (c) Paradox Interactive version 1
    Click Speed Tester
    Click Speed Tester v2.5.1
    Command & Conquer™ Red Alert™ 3
    Core Temp version 0.99.7
    CPUID CPU-Z 1.67.1
    Crossfire 1.9
    DAEMON Tools Lite
    Deadpool
    Die Sims™ 3
    Dotfuscator and Analytics Community Edition
    Entity Framework Designer for Visual Studio 2012 - enu
    EVGA Precision X 4.2.1
    EXPERTool v8.9
    Foul Play
    GamersFirst LIVE!
    GeForce Experience NvStream Client Components
    Google Chrome
    Google Update Helper
    GRID 2 (c) Codemasters version 1
    GSplit 3
    Hangman
    Hangman v1.0.0
    Hard Disk Sentinel PRO
    IIS 8.0 Express
    IIS Express Application Compatibility Database for x64
    IIS Express Application Compatibility Database for x86
    Java 7 Update 45
    Java 7 Update 45 (64-bit)
    Java Auto Updater
    JavaScript Tooling
    LocalESPC
    LocalESPCui for en-us
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft .NET Framework 4.5.1
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
    Microsoft ASP.NET MVC 4 Runtime
    Microsoft ASP.NET Web Pages
    Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
    Microsoft ASP.NET Web Pages 2 Runtime
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Help Viewer 2.0
    Microsoft LightSwitch for Visual Studio 2012 Core
    Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
    Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
    Microsoft NuGet - Visual Studio 2012
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 2012
    Microsoft Silverlight
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5 SDK
    Microsoft SQL Server 2012 Command Line Utilities
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 Native Client
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL Compiler Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Compilers
    Microsoft Visual C++ 2012 Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 Extended Libraries
    Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2012 Devenv
    Microsoft Visual Studio 2012 Devenv Resources
    Microsoft Visual Studio 2012 IntelliTrace Core amd64
    Microsoft Visual Studio 2012 IntelliTrace Core x86
    Microsoft Visual Studio 2012 IntelliTrace Front End x86
    Microsoft Visual Studio 2012 Performance Collection Tools
    Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    Microsoft Visual Studio 2012 Preparation
    Microsoft Visual Studio 2012 SharePoint Developer Tools
    Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
    Microsoft Visual Studio 2012 Shell (Minimum)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2012 Shell (Minimum) Resources
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    Microsoft Visual Studio Premium 2012
    Microsoft Visual Studio Premium 2012 - ENU
    Microsoft Visual Studio Professional 2012
    Microsoft Visual Studio Professional 2012 - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
    Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    Microsoft Visual Studio Ultimate 2012
    Microsoft Visual Studio Ultimate 2012 - ENU
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    Microsoft Web Deploy 3.0
    Microsoft Web Deploy dbSqlPackage Provider - enu
    Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
    Microsoft Web Platform Installer 4.0
    Microsoft WSE 3.0 Runtime
    Microsoft XML Parser
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    MorphVOX Pro
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notepad++
    NVIDIA 3D Vision Controller Driver 331.93
    NVIDIA 3D Vision Driver 331.93
    NVIDIA Control Panel 331.93
    NVIDIA GeForce Experience 1.8
    NVIDIA Graphics Driver 331.93
    NVIDIA HD Audio Driver 1.3.26.4
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA Photoshop Plug-ins 64 bit
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.0725
    NVIDIA ShadowPlay 10.10.5
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 10.10.5
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.12
    Oracle VM VirtualBox 4.3.4
    Origin
    PDF Settings CS6
    Perforce Visual Components
    PowerDirector
    PowerISO
    PreEmptive Analytics Visual Studio Components
    Prerequisites for SSDT
    Pro Evolution Soccer 2013
    Pro Evolution Soccer 2014
    PunkBuster Services
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Recuva
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
    Serif WebPlus X6
    Setup - Need for Speed Rivals (c) Electronic Arts ...
    SHIELD Streaming
    Skype™ 6.10
    Steam
    Super-Charger
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    TeamViewer 9
    TechPowerUp GPU-Z
    Texas Hold'em Poker 3D - Deluxe Edition 1.0
    The Sims™ 3 Ambitions
    The Sims™ 3 Generations
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Seasons
    The Sims™ 3 World Adventures
    Tunngle beta
    UE3Redist
    Unreal Development Kit: 2013-07
    Update for (KB2504637)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio 2012 (KB2781514)
    Urban Trial Freestyle version 1.0
    Visual Studio 2010 x64 Redistributables
    Visual Studio 2012 Prerequisites
    Visual Studio 2012 Prerequisites - ENU Language Pack
    Visual Studio 2012 Update 3 (KB2707250)
    Visual Studio 2012 x64 Redistributables
    Visual Studio 2012 x86 Redistributables
    Visual Studio Extensions for Windows Library for JavaScript
    Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
    VNC Mirror Driver 1.8.0
    VNC Printer Driver 1.8.0
    VNC Server 5.0.6
    VNC Viewer 5.0.6
    WCF Data Services 5.0 (for OData v3) Primary Components
    WCF Data Services Tools for Microsoft Visual Studio 2012
    WCF RIA Services V1.0 SP2
    Windows 7 Codec Pack 4.0.8
    Windows App Certification Kit Native Components
    Windows App Certification Kit x64
    Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
    Windows Runtime Intellisense Content - en-us
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    Windows XP Targeting with C++
    WinRAR 5.00 (64-bit)
    World of Warcraft
    Xfire 2.0
    Xfire Codec (remove only)
    YTD Video Downloader 4.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13.12.2013. 19:24:54, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    13.12.2013. 19:24:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.
    13.12.2013. 19:24:31, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13.12.2013. 19:22:08, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
    .
    ==== End Of File ===========================
  3. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    The only treats found are:
    1. The svchost.exe in the Windows/Temp folder at startup(first detection was by AVG)
    - The rest was detected by malwarebytes
    2. C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner)
    3. C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner)
    4. C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner)
    5. C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner)
    6. C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner)
  4. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  5. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Boldimore [Admin rights]
    Mode : Scan -- Date : 12/18/2013 20:51:03
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] Origin : C:\Users\Boldimore\AppData\Roaming\Origin\update.vbe [-] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AAKX-001CA0 SATA Disk Device +++++
    --- User ---
    [MBR] d508b1f90857bddf956286ec36320324
    [BSP] 18550a5d6effcdddbd6037e2edf607b3 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_12182013_205103.txt >>
    ---------------------------------------------------------------------------------------------------------------------
    RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Boldimore [Admin rights]
    Mode : Remove -- Date : 12/18/2013 20:51:18
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] Origin : C:\Users\Boldimore\AppData\Roaming\Origin\update.vbe [-] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AAKX-001CA0 SATA Disk Device +++++
    --- User ---
    [MBR] d508b1f90857bddf956286ec36320324
    [BSP] 18550a5d6effcdddbd6037e2edf607b3 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_12182013_205118.txt >>
    RKreport[0]_S_12182013_205103.txt
    ---------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2013.12.18.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Boldimore :: BOLDIMORE-PC [administrator]

    18.12.2013. 20:56:55
    mbar-log-2013-12-18 (20-56-55).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 270713
    Time elapsed: 9 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ---------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1008
    www.malwarebytes.org

    Database version: v2013.12.18.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Boldimore :: BOLDIMORE-PC [administrator]

    18.12.2013. 21:16:10
    mbar-log-2013-12-18 (21-16-10).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 270732
    Time elapsed: 9 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ---------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Rootkit (MBAR) did not detect any treat.
    Is it okay for me to restart my PC now? I hope for a reply as I am going to shutdown my PC anyway in a few hours...
  6. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Go ahead...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  7. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    ComboFix 13-12-18.01 - Boldimore 9.12.2013. 1:11.1.6 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.6143.3712 [GMT 1:00]
    Running from: c:\users\Boldimore\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-19 00:18 . 2013-12-19 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-18 20:16 . 2013-12-18 20:16 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2013-12-18 19:56 . 2013-12-18 20:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-12-18 19:54 . 2013-12-18 20:15 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2013-12-18 19:51 . 2013-12-18 20:15 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
    2013-12-18 19:51 . 2013-12-18 20:15 21504 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
    2013-12-18 19:51 . 2013-12-18 20:15 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
    2013-12-18 19:51 . 2013-12-18 20:15 16464 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
    2013-12-18 19:51 . 2013-12-18 20:15 14336 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
    2013-12-18 19:49 . 2013-12-18 20:13 12800 ----a-w- c:\windows\system32\drivers\acpipmi.sys.bak
    2013-12-18 19:49 . 2013-12-18 20:13 68096 ----a-w- c:\windows\system32\drivers\1394bus.sys.bak
    2013-12-18 19:49 . 2013-12-18 20:13 334208 ----a-w- c:\windows\system32\drivers\acpi.sys.bak
    2013-12-18 19:49 . 2013-12-18 20:13 229888 ----a-w- c:\windows\system32\drivers\1394ohci.sys.bak
    2013-12-18 18:17 . 2013-12-18 18:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\offreg.dll
    2013-12-18 12:45 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2013-12-18 12:45 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\users\Boldimore\AppData\Roaming\Malwarebytes
    2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\programdata\Malwarebytes
    2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-12-18 12:02 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-18 11:27 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\mpengine.dll
    2013-12-16 17:50 . 2013-12-16 17:50 -------- d-----w- c:\program files (x86)\TeamViewer
    2013-12-15 20:41 . 2013-12-15 20:41 -------- d-----w- c:\users\Boldimore\AppData\Local\Apple
    2013-12-14 10:43 . 2013-12-14 10:43 -------- d-----w- c:\windows\Migration
    2013-12-12 23:32 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2013-12-12 23:32 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2013-12-12 23:32 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2013-12-12 23:32 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2013-12-12 23:32 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2013-12-12 23:30 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll
    2013-12-12 23:30 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-12-12 23:30 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
    2013-12-12 23:30 . 2013-12-12 23:30 -------- d-----w- c:\windows\PCHEALTH
    2013-12-10 23:00 . 2013-12-10 23:00 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-12-09 13:42 . 2013-12-09 13:42 -------- d-----w- c:\programdata\Stardock
    2013-12-09 13:42 . 2013-12-09 13:42 -------- d-----w- c:\programdata\Ironclad Games
    2013-12-08 09:36 . 2013-12-08 10:28 -------- d-----w- c:\users\Boldimore\VirtualBox VMs
    2013-12-08 09:31 . 2013-12-08 16:58 -------- d-----w- c:\users\Boldimore\.VirtualBox
    2013-12-08 09:31 . 2013-11-29 16:44 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2013-12-08 09:31 . 2013-11-29 16:43 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2013-12-02 12:44 . 2013-12-02 12:44 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2013-11-28 19:23 . 2013-11-28 19:23 -------- d-----w- c:\programdata\McAfee
    2013-11-23 11:18 . 2013-11-23 11:18 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2013-11-20 19:43 . 2013-11-20 19:43 312744 ----a-w- c:\windows\system32\javaws.exe
    2013-11-20 19:43 . 2013-11-20 19:43 189352 ----a-w- c:\windows\system32\javaw.exe
    2013-11-20 19:43 . 2013-11-20 19:43 189352 ----a-w- c:\windows\system32\java.exe
    2013-11-20 19:43 . 2013-11-20 19:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-11-20 19:43 . 2013-11-20 19:43 -------- d-----w- c:\programdata\Oracle
    2013-11-20 19:43 . 2013-11-20 19:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-11-20 10:45 . 2013-11-14 11:55 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
    2013-11-20 10:44 . 2013-11-14 11:55 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-19 00:00 . 2013-07-20 00:00 83530 ----a-w- c:\users\Boldimore\Network_Meter_Data.js
    2013-12-18 20:43 . 2013-07-20 20:33 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2013-12-18 20:43 . 2013-07-20 19:46 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2013-12-18 16:23 . 2013-07-20 19:46 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2013-12-14 10:39 . 2013-07-19 19:45 90708896 ----a-w- c:\windows\system32\MRT.exe
    2013-12-10 23:00 . 2013-07-20 08:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-10 23:00 . 2013-07-20 08:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-10 02:13 . 2013-10-29 13:43 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2013-12-10 02:13 . 2013-10-29 13:43 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
    2013-12-05 08:42 . 2013-07-31 17:16 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2013-11-23 19:26 . 2013-10-21 22:19 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2013-11-23 19:26 . 2013-09-28 11:13 9663656 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2013-11-23 19:26 . 2013-09-18 13:57 18293096 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2013-11-23 19:26 . 2013-08-22 12:08 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
    2013-11-23 19:26 . 2013-07-23 14:04 3069608 ----a-w- c:\windows\system32\nvapi64.dll
    2013-11-23 19:26 . 2013-07-23 14:04 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
    2013-11-23 17:42 . 2013-07-23 14:05 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
    2013-11-23 17:42 . 2013-07-23 14:05 6674208 ----a-w- c:\windows\system32\nvcpl.dll
    2013-11-23 17:42 . 2013-07-23 14:05 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2013-11-23 17:42 . 2013-07-23 14:05 63776 ----a-w- c:\windows\system32\nvshext.dll
    2013-11-23 17:42 . 2013-07-23 14:05 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2013-11-22 16:28 . 2013-09-18 13:59 3498475 ----a-w- c:\windows\system32\nvcoproc.bin
    2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
    2013-11-12 16:59 . 2013-11-12 16:59 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-12 16:59 . 2013-11-12 16:59 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-12 16:59 . 2013-11-12 16:59 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-12 16:59 . 2013-11-12 16:59 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2013-11-12 16:59 . 2013-11-12 16:59 235008 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-12 16:59 . 2013-11-12 16:59 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-12 16:59 . 2013-11-12 16:59 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-12 16:59 . 2013-11-12 16:59 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-12 16:59 . 2013-11-12 16:59 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-12 16:59 . 2013-11-12 16:59 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2013-11-12 16:59 . 2013-11-12 16:59 337408 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-12 16:59 . 2013-11-12 16:59 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-12 16:59 . 2013-11-12 16:59 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-12 16:59 . 2013-11-12 16:59 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-12 16:59 . 2013-11-12 16:59 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-12 16:59 . 2013-11-12 16:59 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2013-11-12 16:59 . 2013-11-12 16:59 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-12 16:59 . 2013-11-12 16:59 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-12 16:59 . 2013-11-12 16:59 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-12 16:59 . 2013-11-12 16:59 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-12 16:59 . 2013-11-12 16:59 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2013-11-12 16:59 . 2013-11-12 16:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-12 16:59 . 2013-11-12 16:59 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2013-11-12 16:59 . 2013-11-12 16:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-12 16:59 . 2013-11-12 16:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-12 16:59 . 2013-11-12 16:59 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-12 16:59 . 2013-11-12 16:59 247808 ----a-w- c:\windows\system32\msls31.dll
    2013-11-12 16:59 . 2013-11-12 16:59 195584 ----a-w- c:\windows\system32\msrating.dll
    2013-11-12 16:59 . 2013-11-12 16:59 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-12 16:59 . 2013-11-12 16:59 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-12 16:59 . 2013-11-12 16:59 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-12 16:59 . 2013-11-12 16:59 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-12 16:59 . 2013-11-12 16:59 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-12 16:59 . 2013-11-12 16:59 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-12 16:59 . 2013-11-12 16:59 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-12 16:59 . 2013-11-12 16:59 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-12 16:59 . 2013-11-12 16:59 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-12 16:59 . 2013-11-12 16:59 626176 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-12 16:59 . 2013-11-12 16:59 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-12 16:59 . 2013-11-12 16:59 548352 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-12 16:59 . 2013-11-12 16:59 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-12 16:59 . 2013-11-12 16:59 413696 ----a-w- c:\windows\system32\html.iec
    2013-11-12 16:59 . 2013-11-12 16:59 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2013-11-12 16:59 . 2013-11-12 16:59 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-12 16:59 . 2013-11-12 16:59 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-12 16:59 . 2013-11-12 16:59 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-12 16:59 . 2013-11-12 16:59 243200 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-12 16:59 . 2013-11-12 16:59 235520 ----a-w- c:\windows\system32\url.dll
    2013-11-12 16:59 . 2013-11-12 16:59 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-12 16:59 . 2013-11-12 16:59 143872 ----a-w- c:\windows\system32\wextract.exe
    2013-11-12 16:59 . 2013-11-12 16:59 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-12 16:59 . 2013-11-12 16:59 101376 ----a-w- c:\windows\system32\inseng.dll
    2013-11-12 16:59 . 2013-11-12 16:59 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2013-11-12 16:59 . 2013-11-12 16:59 774144 ----a-w- c:\windows\system32\jscript.dll
    2013-11-12 16:59 . 2013-11-12 16:59 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-12 16:59 . 2013-11-12 16:59 48128 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-12 16:59 . 2013-11-12 16:59 147968 ----a-w- c:\windows\system32\occache.dll
    2013-11-12 16:59 . 2013-11-12 16:59 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-12 16:59 . 2013-11-12 16:59 135680 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-05 20:55 . 2013-11-05 20:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
    2013-11-04 20:52 . 2013-11-04 20:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2013-10-31 22:00 . 2013-10-31 22:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2013-10-31 21:49 . 2013-10-31 21:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2013-10-24 21:25 . 2013-10-24 21:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2013-10-23 14:11 . 2013-07-23 16:54 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
    2013-10-23 10:30 . 2013-10-28 13:17 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
    2013-10-23 10:30 . 2013-10-28 13:17 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
    2013-10-16 11:55 . 2013-10-16 11:55 96 ----a-w- c:\users\Boldimore\IP_Log_Data.js
    2013-10-16 00:48 . 2013-10-21 22:19 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
    2013-10-16 00:48 . 2013-10-21 22:19 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
    2013-10-14 17:00 . 2013-11-12 17:01 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2013-10-12 02:30 . 2013-11-14 12:16 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-14 12:16 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-14 12:16 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-14 12:16 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-14 12:16 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25 . 2013-11-14 12:17 1474048 ----a-w- c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "DAEMON Tools Lite"="c:\boldimore program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "AVG_UI"="c:\boldimore program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "QuickTime Task"="c:\boldimore program files\QuickTime\QTTask.exe" [2013-05-01 421888]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\boldimore program files\AVG\AVG2014\avgidsagent.exe;c:\boldimore program files\AVG\AVG2014\avgidsagent.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\boldimore program files\Live Update 5\NTIOLib_X64.sys;c:\boldimore program files\Live Update 5\NTIOLib_X64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTCore64;RTCore64;c:\boldimore program files\EVGA Precision X\RTCore64.sys;c:\boldimore program files\EVGA Precision X\RTCore64.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 TunngleService;TunngleService;c:\boldimore program files\Tunngle\TnglCtrl.exe;c:\boldimore program files\Tunngle\TnglCtrl.exe [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 vncserver;VNC Server;c:\boldimore program files\RealVNC\VNC Server\vncserver.exe;c:\boldimore program files\RealVNC\VNC Server\vncserver.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
    R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
    S2 avgwd;AVG WatchDog;c:\boldimore program files\AVG\AVG2014\avgwdsvc.exe;c:\boldimore program files\AVG\AVG2014\avgwdsvc.exe [x]
    S2 MSI_SuperCharger;MSI_SuperCharger;c:\boldimore program files\Super Charger\ChargeService.exe;c:\boldimore program files\Super Charger\ChargeService.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S3 ALSysIO;ALSysIO;c:\users\BOLDIM~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\BOLDIM~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\boldimore program files\Super Charger\NTIOLib_X64.sys;c:\boldimore program files\Super Charger\NTIOLib_X64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NTIOLIB_1_0_3
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-06 12:57 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 23:00]
    .
    2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 18:40]
    .
    2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 18:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
    @="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
    [HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
    2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
    @="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
    [HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
    2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
    @="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
    2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-{B4D09F4E-3E20-8F76-60C1-2D7478F0AC2E} - c:\progra~3\INSTAL~3\{46FFE~1\Setup.exe
    AddRemove-Crossfire 1.9 - c:\boldimore program files\Freelancer Mod Manager\uninstall.exe
    AddRemove-InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239} - c:\users\Boldimore\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-12-19 01:21:09
    ComboFix-quarantined-files.txt 2013-12-19 00:21
    .
    Pre-Run: 266.202.906.624 bytes free
    Post-Run: 266.200.567.808 bytes free
    .
    - - End Of File - - 2F2308B1A21D5A19650AE78631C91B93
    A36C5E4F47E84449FF07ED3517B43A31
  8. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  9. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    # AdwCleaner v3.015 - Report created 19/12/2013 at 10:57:40
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Boldimore - BOLDIMORE-PC
    # Running from : C:\Users\Boldimore\Desktop\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Program Files (x86)\GreenTree Applications
    File Deleted : C:\Windows\System32\roboot64.exe

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\AVG Nation toolbar
    Key Deleted : HKCU\Software\BI
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\AVG Nation toolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\InstallIQ
    Key Deleted : HKLM\Software\systweak

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v

    [ File : C:\Users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\prefs.js ]


    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1577 octets] - [19/12/2013 10:56:10]
    AdwCleaner[S0].txt - [1396 octets] - [19/12/2013 10:57:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1456 octets] ##########
  10. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Boldimore on źet 19.12.2013. at 11:04:24,83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on źet 19.12.2013. at 11:10:42,58
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    OTL logfile created on: 19.12.2013. 11:13:36 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boldimore\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

    6,00 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 72,59% Memory free
    12,00 Gb Paging File | 10,20 Gb Available in Paging File | 85,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 247,82 Gb Free Space | 53,22% Space Free | Partition Type: NTFS

    Computer Name: BOLDIMORE-PC | User Name: Boldimore | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013.12.19 11:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
    PRC - [2013.12.13 13:22:09 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    PRC - [2013.12.13 13:22:08 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    PRC - [2013.12.13 13:01:28 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    PRC - [2013.12.10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    PRC - [2013.11.23 12:18:34 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013.11.14 12:55:37 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    PRC - [2013.11.12 19:53:03 | 004,341,904 | ---- | M] (H.D.S. Hungary) -- C:\Boldimore Program Files\Hard Disk Sentinel\HDSentinel.exe
    PRC - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe
    PRC - [2013.11.07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgui.exe
    PRC - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013.08.20 22:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgcfgex.exe
    PRC - [2013.07.20 20:46:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013.02.20 10:47:14 | 000,161,264 | ---- | M] (MSI) -- C:\Boldimore Program Files\Super Charger\ChargeService.exe
    PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013.08.05 07:15:10 | 000,066,104 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013.12.10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
    SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013.12.13 13:22:09 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
    SRV - [2013.12.11 00:00:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
    SRV - [2013.11.23 12:18:34 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013.10.03 11:50:48 | 004,787,008 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Boldimore Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
    SRV - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013.09.06 21:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013.09.03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Boldimore Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
    SRV - [2013.07.20 20:46:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2013.07.19 11:55:24 | 000,118,696 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2013.02.20 10:47:14 | 000,161,264 | ---- | M] (MSI) [Auto | Running] -- C:\Boldimore Program Files\Super Charger\ChargeService.exe -- (MSI_SuperCharger)
    SRV - [2012.07.25 17:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
    SRV - [2012.07.25 17:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
    SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013.12.05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
    DRV:64bit: - [2013.12.02 13:44:33 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2013.11.29 17:43:00 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2013.11.05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
    DRV:64bit: - [2013.11.04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013.10.31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013.10.31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013.10.24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013.10.23 15:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2013.10.03 11:34:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
    DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013.10.01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013.09.10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013.08.01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013.06.16 13:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2013.03.31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2013.03.31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2012.12.27 00:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012.10.11 19:13:21 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012.10.11 18:49:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012.10.11 18:49:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010.11.29 03:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
    DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
    DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010.07.01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
    DRV:64bit: - [2010.06.16 22:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2009.11.02 09:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
    DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
    DRV - [2013.07.18 01:28:12 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Boldimore Program Files\EVGA Precision X\RTCore64.sys -- (RTCore64)
    DRV - [2013.03.14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
    DRV - [2012.10.25 18:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Boldimore Program Files\Super Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
    DRV - [2012.07.13 15:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
    DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0a2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Boldimore Program Files\Java 64-bit\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Boldimore Program Files\Java 64-bit\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Boldimore Program Files\Java 32-bit\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Boldimore Program Files\Java 32-bit\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_CURRENT_USER\software\mozilla\Aurora 27.0a2\extensions\\Components: C:\Boldimore Program Files\Firefox Aurora\components
    FF - HKEY_CURRENT_USER\software\mozilla\Aurora 27.0a2\extensions\\Plugins: C:\Boldimore Program Files\Firefox Aurora\plugins

    [2013.07.19 22:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boldimore\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms},
    CHR - homepage: https://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
    CHR - Extension: Google Docs = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Adblock Plus = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
    CHR - Extension: Adblock Plus = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
    CHR - Extension: Google Search = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Stylish = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
    CHR - Extension: Fiery Music = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon\1_0\
    CHR - Extension: Google Wallet = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Google Wallet = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
    CHR - Extension: Click&Clean App = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
    CHR - Extension: Gmail = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013.08.06 18:47:38 | 000,001,881 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
    O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
    O1 - Hosts: 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
    O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 64-bit\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 64-bit\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 32-bit\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 32-bit\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Boldimore Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000..\Run: [DAEMON Tools Lite] C:\Boldimore Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0D3C39-705F-4E7E-9505-8476A2C9F8AC}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E112D929-BF71-4EEB-BFE5-B4EFF94397DD}: DhcpNameServer = 7.254.254.254
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013.12.19 11:11:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
    [2013.12.19 11:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013.12.19 11:03:05 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Boldimore\Desktop\JRT.exe
    [2013.12.19 10:56:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013.12.19 10:54:36 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Desktop\already done
    [2013.12.19 01:21:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013.12.19 01:21:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013.12.19 01:09:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013.12.19 01:09:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013.12.19 01:09:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013.12.19 01:09:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013.12.19 01:09:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013.12.18 21:14:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys.bak
    [2013.12.18 20:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013.12.18 20:54:43 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013.12.18 20:50:56 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys.bak
    [2013.12.18 20:50:47 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
    [2013.12.18 20:50:42 | 000,038,992 | ---- | C] (Screaming Bee LLC) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys.bak
    [2013.12.18 20:50:41 | 000,805,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
    [2013.12.18 20:50:41 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
    [2013.12.18 20:50:32 | 000,181,760 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
    [2013.12.18 20:50:32 | 000,082,432 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
    [2013.12.18 20:50:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
    [2013.12.18 20:50:23 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
    [2013.12.18 20:50:17 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
    [2013.12.18 20:50:12 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
    [2013.12.18 20:50:05 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
    [2013.12.18 20:50:05 | 000,251,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
    [2013.12.18 20:50:05 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
    [2013.12.18 20:50:05 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
    [2013.12.18 20:50:05 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
    [2013.12.18 20:50:04 | 000,240,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
    [2013.12.18 20:50:04 | 000,194,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
    [2013.12.18 20:50:04 | 000,150,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys.bak
    [2013.12.18 20:50:02 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
    [2013.12.18 20:50:02 | 000,033,736 | ---- | C] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys.bak
    [2013.12.18 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Roaming\Malwarebytes
    [2013.12.18 13:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013.12.18 13:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013.12.18 13:02:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013.12.18 13:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013.12.16 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2013.12.15 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Local\Apple
    [2013.12.14 11:43:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2013.12.13 00:30:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
    [2013.12.09 14:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
    [2013.12.09 14:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ironclad Games
    [2013.12.08 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\VirtualBox VMs
    [2013.12.08 10:31:58 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\.VirtualBox
    [2013.12.08 10:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    [2013.12.06 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Documents\Ghost Games
    [2013.12.02 13:44:33 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2013.12.01 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Documents\Tunngle
    [2013.11.28 20:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2013.11.26 16:07:20 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
    [2013.11.26 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
    [2013.11.26 13:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013.11.22 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013.11.20 20:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  12. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    ========== Files - Modified Within 30 Days ==========

    [2013.12.19 11:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
    [2013.12.19 11:07:37 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013.12.19 11:07:37 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013.12.19 11:03:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Boldimore\Desktop\JRT.exe
    [2013.12.19 11:00:54 | 000,083,599 | ---- | M] () -- C:\Users\Boldimore\Network_Meter_Data.js
    [2013.12.19 11:00:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013.12.19 11:00:05 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013.12.19 10:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013.12.19 10:59:53 | 536,207,359 | -HS- | M] () -- C:\hiberfil.sys
    [2013.12.19 10:55:16 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013.12.19 10:55:14 | 001,226,750 | ---- | M] () -- C:\Users\Boldimore\Desktop\adwcleaner.exe
    [2013.12.19 01:48:55 | 000,000,028 | ---- | M] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Usage.ini
    [2013.12.18 21:43:55 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2013.12.18 21:43:55 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013.12.18 21:15:54 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013.12.18 21:15:02 | 000,004,608 | ---- | M] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys.bak
    [2013.12.18 21:14:50 | 000,031,232 | ---- | M] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
    [2013.12.18 21:14:44 | 000,129,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
    [2013.12.18 21:14:44 | 000,038,992 | ---- | M] (Screaming Bee LLC) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys.bak
    [2013.12.18 21:14:43 | 000,805,088 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
    [2013.12.18 21:14:33 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
    [2013.12.18 21:14:32 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
    [2013.12.18 21:14:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys.bak
    [2013.12.18 21:14:22 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
    [2013.12.18 21:14:21 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
    [2013.12.18 21:14:13 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
    [2013.12.18 21:14:07 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
    [2013.12.18 21:14:00 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
    [2013.12.18 21:13:59 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
    [2013.12.18 21:13:59 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
    [2013.12.18 21:13:59 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
    [2013.12.18 21:13:59 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
    [2013.12.18 21:13:58 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
    [2013.12.18 21:13:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
    [2013.12.18 21:13:58 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys.bak
    [2013.12.18 21:13:56 | 000,033,736 | ---- | M] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys.bak
    [2013.12.18 21:13:55 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
    [2013.12.18 19:10:02 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013.12.18 19:10:02 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013.12.18 19:10:02 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013.12.18 17:23:46 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2013.12.18 13:02:25 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.12.17 12:58:45 | 005,131,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013.12.15 13:57:51 | 000,211,957 | ---- | M] () -- C:\Users\Boldimore\Desktop\Boldimore Configs.rar
    [2013.12.14 16:58:42 | 000,001,208 | ---- | M] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Settings.ini
    [2013.12.14 11:44:52 | 000,765,656 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013.12.02 13:44:33 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
    [2013.11.23 20:26:48 | 000,357,152 | ---- | M] () -- C:\Windows\SysNative\NvIFROpenGL.dll
    [2013.11.23 20:26:48 | 000,314,656 | ---- | M] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
    [2013.11.23 20:26:48 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2013.11.22 17:28:31 | 003,498,475 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013.12.19 10:55:11 | 001,226,750 | ---- | C] () -- C:\Users\Boldimore\Desktop\adwcleaner.exe
    [2013.12.19 01:09:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013.12.19 01:09:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013.12.19 01:09:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013.12.19 01:09:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013.12.19 01:09:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013.12.18 13:02:25 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013.12.16 18:50:20 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    [2013.12.15 13:58:10 | 000,211,957 | ---- | C] () -- C:\Users\Boldimore\Desktop\Boldimore Configs.rar
    [2013.12.02 13:45:55 | 000,000,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities in Motion 2.lnk
    [2013.11.28 20:35:08 | 000,357,152 | ---- | C] () -- C:\Windows\SysNative\NvIFROpenGL.dll
    [2013.11.28 20:35:08 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
    [2013.11.07 23:50:09 | 000,003,584 | ---- | C] () -- C:\Users\Boldimore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013.10.16 12:55:48 | 000,000,096 | ---- | C] () -- C:\Users\Boldimore\IP_Log_Data.js
    [2013.08.30 00:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2013.08.29 20:36:04 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
    [2013.08.08 21:57:34 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
    [2013.08.07 00:41:19 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
    [2013.08.07 00:40:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
    [2013.08.07 00:40:52 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
    [2013.08.05 07:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2013.08.05 07:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
    [2013.07.26 14:24:22 | 006,275,760 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
    [2013.07.26 14:24:22 | 001,239,216 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
    [2013.07.26 14:24:22 | 000,394,416 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
    [2013.07.26 14:24:22 | 000,288,944 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
    [2013.07.26 14:24:22 | 000,235,184 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
    [2013.07.26 14:24:22 | 000,190,640 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
    [2013.07.26 14:24:22 | 000,150,192 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
    [2013.07.20 20:46:09 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2013.07.20 20:46:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2013.07.20 01:00:00 | 000,083,599 | ---- | C] () -- C:\Users\Boldimore\Network_Meter_Data.js
    [2013.07.20 00:30:45 | 000,000,028 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Usage.ini
    [2013.07.20 00:05:59 | 000,000,842 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Drives Meter_Settings.ini
    [2013.07.20 00:05:30 | 000,001,208 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Settings.ini
    [2013.07.20 00:04:43 | 000,000,284 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\GPU MeterV2_Settings.ini
    [2013.07.20 00:04:15 | 000,000,626 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\All CPU MeterV3_Settings.ini
    [2013.07.19 19:13:24 | 000,765,656 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013.07.19 18:54:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC46Euro.ini
    [2013.07.10 10:00:00 | 000,007,302 | ---- | C] () -- C:\Windows\cadx2.ini
    [2013.06.08 12:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
    [2013.06.08 12:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2013.06.08 12:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2013.06.08 12:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2013.06.08 12:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2013.06.08 12:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2013.06.08 12:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2013.06.08 12:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2013.06.08 12:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2013.06.08 12:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2012.12.28 22:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2012.09.29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
    [2012.05.04 14:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

    ========== ZeroAccess Check ==========

    [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013.12.17 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\.minecraft
    [2013.08.19 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Acoustica
    [2013.10.14 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\AVG2014
    [2013.07.20 14:12:53 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\BANDISOFT
    [2013.07.22 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\caphyon
    [2013.12.09 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\DAEMON Tools Lite
    [2013.08.30 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\GSplit
    [2013.11.12 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Hard Disk Sentinel
    [2013.12.17 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Notepad++
    [2013.07.20 01:32:45 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\NuGet
    [2013.12.06 15:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Boldimore\AppData\Roaming\Origin
    [2013.07.19 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Screaming Bee
    [2013.11.10 16:01:13 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Serif
    [2013.09.20 20:35:42 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\TeamViewer
    [2013.11.26 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\TS3Client
    [2013.12.18 03:28:14 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Tunngle
    [2013.12.16 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\uTorrent
    [2013.07.31 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2013.07.31 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    < End of report >
  13. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    OTL Extras logfile created on: 19.12.2013. 11:13:36 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boldimore\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

    6,00 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 72,59% Memory free
    12,00 Gb Paging File | 10,20 Gb Available in Paging File | 85,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465,66 Gb Total Space | 247,82 Gb Free Space | 53,22% Space Free | Partition Type: NTFS

    Computer Name: BOLDIMORE-PC | User Name: Boldimore | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Boldimore Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Boldimore Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{063AF90C-0C0D-4219-B073-F67E43FC7A03}" = lport=6919 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{0A97CA47-CB63-4BB1-99B3-3B40A68F48EF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{0CC52240-F459-4DB7-8C1D-D35F979E5F9A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{15FBE139-EF7E-4926-A78D-49E6C2CAD442}" = lport=6920 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{19AFFEE9-A3C1-459F-B96D-2E60E369170E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1B86B118-DF5F-476E-B6B8-69ACFD002194}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{1D316897-C508-4824-BBBE-5E8B9DCBA757}" = lport=6916 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{221F928D-89B9-49C5-B04C-CA053377C421}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{26563B32-B031-4A52-BE92-CBAD627C3C92}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{26575DF5-D9E1-43AD-B63E-5090D59FBFD7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{2C736238-AAA5-45C0-9308-8A32B10DF955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3103FD05-3583-4F93-BF26-73D921CAC7E8}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{325FA1D7-CE09-4231-8B3A-AA12EC261573}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{32A338C5-4014-41B7-8EB8-F4D9B1112AFA}" = lport=6919 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{36D9BF4A-1926-460D-A9B2-DFC41E6E0C4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{37A4EA95-25BA-43E7-909C-68A4E3C74709}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{39E74DF0-01E0-4C90-BFA2-3066AF02D4DF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{39E98AC9-DB3F-4E19-9135-6006A7E1C81D}" = lport=6920 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{3E504935-AA08-4A33-B455-D45409E8F71B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{43C7E482-65BE-414A-9871-C612CFC24442}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{475F2B24-C55D-4635-A8E5-C09131DC005F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{4D628375-B36B-4AAB-A2F6-BE2F77DA2F10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E854549-4924-4051-90CE-3EF462F65FE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{545943D5-6FD4-4DD1-84AD-5F508DDDABAE}" = lport=6918 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{546BA77E-212D-4202-B4EF-9A6CCF7B979A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{57C7D3D9-F488-4938-A81C-4680E5AD213E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{59354FDF-A2BA-4948-9C3C-E031311163F3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{5C306014-F149-4EE2-8B65-368A1CE9446B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{5E766A85-0030-4D66-8F94-58696D6A241E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{6588A81F-2459-459C-B943-2E3C6E566F59}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{6656CD7F-D564-4874-9B3B-182FAB0ED710}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{6E48FDBA-3D64-4347-B896-54FB40A554A3}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{7259EEDF-7DF1-4669-9371-747E0906A856}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7B65C8AC-5E40-4AEB-96F0-EE4BD534C8C9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7F9C9836-97A2-46D4-B054-EAFA652E864C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{80BCFDF4-B095-46FB-AECF-530405B36B4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{83623B5E-CF48-4E40-BA11-CC2221E852D7}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8551BFF9-5688-4A65-B76B-C7AE35A9B397}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{89E8D435-798B-4562-86FE-5780D955AFCF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{8C5455D2-CBCF-49A9-98F8-051875CBEC81}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{8E10844A-BAD8-405C-8481-370B07D5E9D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8FF086A6-9F83-4BE4-BBBD-850D964317E0}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{92B807CC-4BCF-42E1-8435-0AD886C64DE6}" = lport=6917 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{966C70AA-3077-4AFA-9219-96E0A3809820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{96DA707E-905F-4F08-A5F9-8982F776F8F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9A5E1823-B88E-42C4-B7C3-0D461B8E97B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9B5C107B-7465-430E-8148-B671ABD650DD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{A33D654E-8739-483E-AD54-67427966AEE6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A3C4E501-BC7D-4FE8-806C-11A0D0ED08CC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A6AFC69C-1CFB-4F4A-A85C-6A0453522542}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AA7DECAF-BE39-4C49-A6EF-301121F7109F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF0B6F5F-E33E-46D8-ACF7-8876989A39A0}" = lport=3702 | protocol=17 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{AFA9C9AB-D10A-4EC7-B519-9EDA89FF70B6}" = lport=139 | protocol=6 | dir=in | app=system |
    "{AFBE2CD3-72F8-43B8-A4CF-FA04600D4EBA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B3173297-3236-4AC8-8BF8-C2FF4B49B843}" = lport=6915 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{B3DCD49D-9089-41BB-95E7-D32B6BA496F6}" = lport=6916 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{B64964BC-2284-44E2-9FD2-385718B7ECED}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{B6B0C72F-691C-44E5-9F13-FE8CBE804988}" = lport=6918 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{BC7E9BB8-2546-4D29-8CAF-9B369FA8B65C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{BF442A2E-58F8-4694-9608-99DD1A84C551}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{C0DD8ED2-9D68-40BA-9EAE-018860A302E0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{C36295BA-C4AA-4E23-9CCF-4431BED01E9C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{C9096B95-8801-451D-9963-8FC5B7FCA132}" = lport=6917 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{CC05E723-D214-4745-B0EE-09A100303833}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CE835105-D44E-48F1-A3C0-1DBB93D11655}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CF42C392-A620-41D8-87AB-C2D464563437}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{CF51E667-299D-40C6-951F-778B1FC50BAE}" = lport=6915 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
    "{D039A456-CBFC-4954-8ED5-8BF3905B6004}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{D09DCCC2-28D0-45DA-9384-33DE3BDE3DE2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{D76A6F2B-4C45-4C3B-AA0E-A51DF43855D8}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DE3E4C6E-B770-4FA7-99BB-5B81BFBAC4B6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{E596A2EA-3419-41FE-AB9D-EB6B92B6C9D1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{E7897E77-26B2-4835-B6D6-9EC5780B2600}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{EAB61FA0-B64D-4302-BE47-8B924A7D74A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F448ED1C-F9D1-47D5-B8EF-870A659F8A59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F4D40C24-1198-4D0E-9776-99DABD6D474C}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02ADA38F-27DF-4F5E-B76F-2A1C46E4DF20}" = protocol=6 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer.exe |
    "{04B6D940-2E43-4FFF-812A-F16F354C7C81}" = protocol=17 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer.exe |
    "{07194B55-442C-4D81-9497-67BF26DD655A}" = protocol=17 | dir=in | app=c:\users\boldimore\appdata\roaming\utorrent\utorrent.exe |
    "{098F0467-5461-489A-AAE2-0CF25547E587}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgdiagex.exe |
    "{1383C1F5-FA1B-461E-8659-3DC1B7FD549A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{13D35B45-F11A-4373-8F65-C99146F8F800}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{14C6B93A-4D0C-4376-A1B2-6A0F23A8EC35}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgnsa.exe |
    "{16B63E8C-F0B7-441A-9C03-E284D534E089}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
    "{1F927B0B-F769-45B2-A992-3F406A237E25}" = protocol=6 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer_service.exe |
    "{29FC2094-CCC5-4493-964C-FAD7DF037451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{325756C7-D3A1-432E-B627-7B7AC9DDFCB9}" = protocol=17 | dir=in | app=c:\boldimore program files\teamspeak 3 server\ts3server_win64.exe |
    "{32BA1738-248D-41E1-8A2F-E6E30401EED6}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgdiagex.exe |
    "{337AEDB5-1929-455D-B480-9B52529E160F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{35D80504-2188-4538-8018-2E5C85371D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{36172913-98FE-46DA-BAE6-1FD71A841EAF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{36F28B69-E5EE-4F4A-98AD-40BC9AD8B4F2}" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
    "{3A8B7FBE-5B97-4E65-B8D8-3CB9F79C83AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3C051E6C-1BDD-4E05-B880-5AAB15DF4806}" = protocol=6 | dir=in | app=c:\boldimore program files\teamspeak 3 server\ts3server_win64.exe |
    "{3CD523C2-B9E6-4BF1-8D18-574167C40BE2}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgemca.exe |
    "{3F449680-674A-45BB-B682-5412E2641417}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
    "{3FD06298-E36D-45C5-93AB-B322272A99BA}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
    "{4731913D-8428-4F46-94B7-B6EB2040443B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{484B559F-1248-492E-A3C8-45BB01350A6B}" = dir=out | app=%systemdrive%\boldimore program files\acoustica mixcraft 6\mixcraft6.exe |
    "{4C9B6A35-9191-406F-8A0B-1FD8B29F4E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4CDD3882-D5CB-4E60-BC1F-3C3BEFB743DD}" = protocol=17 | dir=in | app=c:\boldimore program files\tunngle\tnglctrl.exe |
    "{4EC465BD-2F00-4504-8F98-A2A5A0EE390E}" = protocol=17 | dir=in | app=c:\boldimore program files\tunngle\tunngle.exe |
    "{50597774-C859-4C06-B5EE-CD1C205458C1}" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
    "{5593DA2B-45CE-48B2-96AF-FD290527F81A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5753135C-972E-43E7-B1E1-52AAB0396AE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{58CE5A28-D586-4F64-8A39-C2DFC67DCD09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5D9604C1-C47B-43DD-BF84-4D666A310C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
    "{643015A4-B6E0-498E-A0BB-A546C2E93F52}" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
    "{6ECD4650-A61C-49FE-A5B8-F4F6FC9AF417}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
    "{6FBB652F-83A8-4B24-AF37-D533A9AA22AE}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{92C8BA71-986C-4C52-AC8C-94E7B83EA327}" = protocol=6 | dir=in | app=c:\boldimore program files\tunngle\tunngle.exe |
    "{934C2F11-BF38-4018-9EEA-47010F8376E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{936E8D1D-4B93-40AF-926E-0420E27075A7}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{9611A5B4-50BB-47A2-B86F-03A617798016}" = protocol=17 | dir=in | app=c:\boldimore program files\steam\steam.exe |
    "{B06F3F70-B570-448D-87BF-8FBE111DC839}" = protocol=6 | dir=in | app=c:\boldimore program files\realvnc\vnc server\vncserver.exe |
    "{B0A80354-5A17-4A62-A384-2FDFA9E15687}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{B75D401B-948F-4041-84CF-A12E878D343F}" = protocol=6 | dir=out | app=system |
    "{B81565E8-2DF7-46D7-BA87-0C61E488757C}" = protocol=6 | dir=in | app=c:\boldimore program files\tunngle\tnglctrl.exe |
    "{B82A4709-4487-4C25-BB4F-B9898EC1E939}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BCB0141C-9763-475E-B729-D6E07D61986E}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{BD9A1DA8-C5A0-4EDE-8B7F-B94611D3711F}" = dir=out | app=%systemdrive%\boldimore program files\ccleaner\ccleaner.exe |
    "{C2F120D4-926A-4C9C-865D-B3C698ADA266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C52EE505-403B-4ECE-97F3-3BD6973C959D}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{C5C9BB62-773A-439A-83AD-6B9CE7905442}" = dir=out | app=%systemdrive%\boldimore program files\ccleaner\ccleaner64.exe |
    "{C8B01A46-19B6-483A-AC62-BB743E30AB39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
    "{CF800CCA-8FC4-49B9-BA38-EDC5EACAAF7F}" = protocol=6 | dir=in | app=c:\boldimore program files\steam\steam.exe |
    "{D3586705-8BB1-4439-888A-6EBD2FEA59D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D38C926D-3D9B-4336-853D-EA174F74C908}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D8BDCF4D-9725-4A09-BF38-981922130ACB}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgmfapx.exe |
    "{D941C729-0012-4B19-B5BE-60BA12C5A1A2}" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
    "{E03C698A-5ADA-4CAE-AB88-67451FCBBE46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E0BB85D9-7198-46FD-BABA-E87154ECD0CE}" = protocol=6 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
    "{E8AF4446-237A-4D33-8186-D3D9974F331B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{EA54AD22-7AD9-4998-8FE0-F070D3FDD6FA}" = protocol=6 | dir=in | app=c:\users\boldimore\appdata\roaming\utorrent\utorrent.exe |
    "{EB1B322F-BF34-4EAF-945C-44CDCEA4ADFD}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
    "{EC433233-B466-417D-8782-F29881BD1101}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
    "{F03B6E48-6504-4F66-87C1-595957FA83F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F094DF41-0AA5-4940-A027-A6636D9E7A90}" = protocol=17 | dir=in | app=c:\boldimore program files\realvnc\vnc server\vncserver.exe |
    "{F09F927F-1FAD-42C3-86BC-96C5B2FA262C}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgemca.exe |
    "{F2B64B8C-484D-4AD8-A87B-47D061F36EFD}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgmfapx.exe |
    "{F310A700-9BC8-4CAA-B921-F4A03F14DFDB}" = dir=out | app=%systemdrive%\boldimore program files\bandicam\bdcam.exe |
    "{F3E8F599-4F59-4F24-95AC-2C9E2DD19DEB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F658611B-5026-4FC2-8C46-09DEA086AB63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F7B57A36-85BC-46E5-93D8-F51D275CB9F7}" = protocol=17 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer_service.exe |
    "{F844EA71-6A79-4F8F-8A36-F7DC2AF8EFE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FCE3C5F9-AD30-4114-A33B-DCFACC844478}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgnsa.exe |
    "{FD3D9215-4F7E-40F3-A42A-00830D5F07BF}" = protocol=17 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
    "{FEB022C5-0288-4BBD-B7FD-F3C69B0B7369}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{07C07F96-F29C-4A53-9860-5A13084B2ABC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
    "TCP Query User{4537F914-FCAC-4D9B-A8B1-0FC40937877F}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
    "TCP Query User{5A746339-2AAB-4F69-BE3B-28B8E9A2C443}C:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
    "TCP Query User{692AB713-EAAC-468E-96E2-CB61285C301B}C:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe |
    "TCP Query User{A9A6F920-60D6-4D43-9279-D931CAADB57A}C:\boldimore program files\realvnc\vnc viewer\vncviewer.exe" = protocol=6 | dir=in | app=c:\boldimore program files\realvnc\vnc viewer\vncviewer.exe |
    "TCP Query User{C3B10872-81B9-447A-9ADF-2DE3EF8CF0F2}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
    "TCP Query User{C53B8974-1043-4BC0-9F9A-067051F226AB}C:\boldimore game folder\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\pro evolution soccer 2013\pes2013.exe |
    "TCP Query User{D8B28C2E-087A-4325-AA5D-2331C9DD7839}C:\boldimore program files\java 64-bit\bin\javaw.exe" = protocol=6 | dir=in | app=c:\boldimore program files\java 64-bit\bin\javaw.exe |
    "TCP Query User{DA779770-56E8-4F8A-B2B8-E7B99699AADE}C:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe |
    "UDP Query User{25EFE0FD-59B5-4D57-B3E8-81FEE3E2F252}C:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
    "UDP Query User{56457275-E2D2-4A4A-AA22-CB4CFDDA166D}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
    "UDP Query User{80BDCBD4-D858-41D7-A90B-B283B749E12B}C:\boldimore program files\java 64-bit\bin\javaw.exe" = protocol=17 | dir=in | app=c:\boldimore program files\java 64-bit\bin\javaw.exe |
    "UDP Query User{8F7CA6B8-238D-4089-8DF8-CBF87C4DA3E7}C:\boldimore game folder\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\pro evolution soccer 2013\pes2013.exe |
    "UDP Query User{9A6543CA-5B25-4DAD-882E-380214DE61B8}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
    "UDP Query User{AD6E6F22-5569-4D40-BFB8-2A3A1494BA79}C:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe |
    "UDP Query User{B03B476C-9DF0-4D25-A649-701E9F2B0AB5}C:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe |
    "UDP Query User{C1D4B491-B753-4EB4-8CB1-F83AF8D5049F}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
    "UDP Query User{CCE8E1E9-7F0F-4E0D-8755-15E3CA9F6EEE}C:\boldimore program files\realvnc\vnc viewer\vncviewer.exe" = protocol=17 | dir=in | app=c:\boldimore program files\realvnc\vnc viewer\vncviewer.exe |
  14. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{078B9199-C2A4-4468-BD5F-C060C51EC895}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
    "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
    "{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
    "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
    "{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    "{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
    "{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    "{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
    "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
    "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
    "{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
    "{5FB568DF-207C-4B21-AC57-FC0CC2A0B113}" = Oracle VM VirtualBox 4.3.4
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
    "{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
    "{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
    "{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    "{7B72F338-EBCC-32A6-A44C-DEF9B436AEF2}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
    "{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
    "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
    "{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
    "{AAFF73AD-3432-3575-ABD1-14E48EF2F4CB}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.93
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.93
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.93
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.93
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
    "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9C04584-E48A-41D9-A069-85E4C309DA9B}" = Perforce Visual Components
    "{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    "{DD562794-C098-A1E5-66ED-10E8BD1C84C5}" = AMD Catalyst Install Manager
    "{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
    "{E7DD9E2F-25BB-3488-AA6A-6C5A9A27DA76}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
    "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
    "{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
    "{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    "AVG" = AVG 2014
    "CCleaner" = CCleaner
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "RealVNC_is1" = VNC Server 5.0.6
    "RealVNCViewer_is1" = VNC Viewer 5.0.6
    "Recuva" = Recuva
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "UDK-6ee09d76-09de-4496-a75f-3c199c3d8f39" = Unreal Development Kit: 2013-07
    "VNCMirror_is1" = VNC Mirror Driver 1.8.0
    "VNCPrinter_is1" = VNC Printer Driver 1.8.0
    "WinRAR archiver" = WinRAR 5.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
    "{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05E1731A-5DD6-314E-889F-265C006C8EF9}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
    "{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
    "{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
    "{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
    "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
    "{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
    "{18D606E9-9650-48DF-8D6E-5AC61C5AD1A9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
    "{18F675EA-CB03-462D-A04B-3832DBAB5318}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
    "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.6
    "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
    "{242148A9-7822-461C-93CB-8BB09ABB067B}" = Click Speed Tester
    "{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
    "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
    "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
    "{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    "{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
    "{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
    "{36155860-97D8-43CF-828A-7ADEA94F7CAA}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
    "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
    "{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
    "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
    "{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
    "{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    "{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
    "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    "{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
    "{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
    "{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
    "{49c53021-7c66-4b0b-b842-9b878d2f0e0f}" = Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
    "{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.9
    "{552A96E5-4CFE-4E64-9F35-EE0E97A3C077}_is1" = Urban Trial Freestyle version 1.0
    "{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
    "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
    "{5EFD3544-2371-4900-8ACA-F157BA80FB0C}" = Pro Evolution Soccer 2014
    "{5FF5933C-61A3-4E7C-8029-DC9661DF5DEE}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
    "{605FFCBB-EC5A-485C-B27E-189F1C8A96E5}" = Microsoft Visual C++ 2012 x86-x64 Compilers
    "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6C44519A-497D-382C-8596-E972C77057C2}" = Microsoft Portable Library Multi-Targeting Pack
    "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
    "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    "{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    "{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
    "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
    "{77E2D875-FD9E-3DEE-9A84-C34FDECB4ECA}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    "{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
    "{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
    "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
    "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    "{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84997BD0-B37F-4047-8E83-0E1467DE5415}" = MorphVOX Pro
    "{8762B098-374D-4900-B68E-34BF2840E694}" = Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
    "{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{9600393b-6ede-469b-a522-689fce1461d1}" = Microsoft Visual Studio Ultimate 2012
    "{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9B57CBD3-B5CE-452A-A173-9C1BEB30A6D4}" = Advanced Installer 10.3
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
    "{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
    "{A7E87388-3512-4D9C-9BBA-284C3577CBE9}" = Microsoft Visual C++ 2012 Compilers
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
    "{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
    "{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
    "{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
    "{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    "{BD9DC17D-C48D-3B1B-944A-D0DE74FC74BC}" = Microsoft Visual C++ 2012 Extended Libraries
    "{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
    "{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
    "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
    "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
    "{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
    "{C5C9E20C-CBD6-4FCE-B9FD-46E94BEC9169}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
    "{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
    "{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
    "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
    "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3A828A9-FD4A-4463-9CB0-9673C682A0C7}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    "{D5FEB7A1-5D0F-4CDC-8290-F52DFB53AF23}" = Visual Studio Extensions for Windows Library for JavaScript
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
    "{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
    "{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
    "{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
    "{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    "{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2A344E7-9578-4767-928B-B49DF597AEA8}" = Hangman
    "{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
    "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
    "{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
    "Acoustica Mixcraft 6" = Acoustica Mixcraft 6
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "APB Reloaded" = APB Reloaded
    "Aurora 24.0a2 (x86 en-US)" = Aurora 24.0a2 (x86 en-US)
    "Bandicam" = Bandicam
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
    "Cheat Engine 6.3_is1" = Cheat Engine 6.3
    "Click Speed Tester 2.5.1" = Click Speed Tester v2.5.1
    "com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Deadpool_is1" = Deadpool
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Foul Play_is1" = Foul Play
    "Google Chrome" = Google Chrome
    "GSplit3Set" = GSplit 3
    "Hangman 1.0.0" = Hangman v1.0.0
    "Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Origin" = Origin
    "PowerISO" = PowerISO
    "PrecisionX" = EVGA Precision X 4.2.1
    "PunkBusterSvc" = PunkBuster Services
    "Q2l0aWVzIGluIE1vdGlvbiAyIChjKSBQYXJhZG94IEludGVyYWN0aXZl_is1" = Cities in Motion 2 (c) Paradox Interactive version 1
    "R1JJRDI=_is1" = GRID 2 (c) Codemasters version 1
    "Setup - Need for Speed Rivals (c) Electronic Arts ..." = Setup - Need for Speed Rivals (c) Electronic Arts ...
    "TeamViewer 9" = TeamViewer 9
    "TechPowerUp GPU-Z" = TechPowerUp GPU-Z
    "Tunngle beta_is1" = Tunngle beta
    "Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.8
    "World of Warcraft" = World of Warcraft
    "XfireCodec" = Xfire Codec (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Aurora 27.0a2 (x86 en-US)" = Aurora 27.0a2 (x86 en-US)
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "uTorrent" = µTorrent

    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    
    :Services
    
    :Reg
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    checkup.txt

    Results of screen317's Security Check version 0.99.77
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2014
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 45
    Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
    JavaScript Tooling
    Visual Studio Extensions for Windows Library for JavaScript
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.9.900.170
    Adobe Reader XI
    Google Chrome 31.0.1650.57
    Google Chrome 31.0.1650.63
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 4%
    ````````````````````End of Log``````````````````````
  17. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    FFS.txt

    Farbar Service Scanner Version: 05-12-2013
    Ran by Boldimore (administrator) on 19-12-2013 at 18:18:53
    Running from "C:\Users\Boldimore\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  18. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    I did not include the ESET scan result as the found treats are not dangerous at all(6 treats were found - you can trust me in this one:))
    The scan was being done in 2h:30m~

    I suppose it's safe now to remove all the scanners and malware/virus removal software?
  19. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    OTL fix log?
  20. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    Sorry, forgot about that one!

    12192013_180308.txt

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\FRST not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Boldimore
    ->Temp folder emptied: 2826203 bytes
    ->Temporary Internet Files folder emptied: 2685406 bytes
    ->Java cache emptied: 30947635 bytes
    ->FireFox cache emptied: 17641875 bytes
    ->Google Chrome cache emptied: 355834428 bytes
    ->Flash cache emptied: 722 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 155648 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1104 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 391,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Boldimore
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Boldimore
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12192013_180308

    Files\Folders moved on Reboot...
    C:\Users\Boldimore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Boldimore\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  21. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

    Turn system restore off.
    Restart computer.
    Turn system restore back on.

    If you don't know how to do it...
    Windows XP: http://support.microsoft.com/kb/310405
    Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
    Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

    2. Make sure Windows Updates are current.

    3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.
  22. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    I can't seem to be able to delete "Qoobox" folder in "C:\".
    Though I want to remove MBAM and TFC, there are no "Uninstallers" to do so, can I delete them as well and run CCleaner afterwards?
  23. Boldimore

    Boldimore TechSpot Member Topic Starter Posts: 17

    Nervermind "Qoobox", removed it after PC restart.
  24. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Way to go!! [​IMG]
    Good luck and stay safe :)
    Boldimore likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.