TechSpot

Input is not responding as it should

By Latine
Feb 18, 2015
  1. Hello,
    My mouse and keyboard have been acting very odd lately.
    Sometimes when I'm typing in a textbar everything works but after a while the textbox deletes all the text I wrote. This also happens when I click the textbar.
    The same happens with almost all other buttons, I click the start button and it opens for a second and then disappears. I press ALT + TAB to switch windows but sometimes it doesn't change windows.
    I know this isn't my mouse because I've tried using my laptop's touchpad and it's still the same issue, I've also reinstalled my mouse drivers and scanned my laptop with avast and malwarebytes (which I found many viruses) and it just won't get fixed.
    In advance, thanks for the help and pardon my english.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Latine

    Latine TS Rookie Topic Starter Posts: 21

    I'm following the steps but this may take a while. I can't even check Malware Byte's history without the program closing... I couldn't download ddsby subs because the website wouldn't load. Textbars are selecting and deselecting themselves. All pop up buttons (like the window's start button) when clicked don't show anything. When typing, the "text cursor" goes back a few words not letting me type...

    EDIT: Nevermind, it worked.


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/19/2015
    Scan Time: 11:00:46 AM
    Logfile: tpONE.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.19.05
    Rootkit Database: v2015.02.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: n

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 361208
    Time Elapsed: 32 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 6
    PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0}, Quarantined, [dd746fb1b8d2d1658c59ff0730d3e11f],
    PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, Quarantined, [dd746fb1b8d2d1658c59ff0730d3e11f],
    PUP.Optional.DealPly.A, HKU\S-1-5-21-2848668751-3459609102-2438702030-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, Quarantined, [dd746fb1b8d2d1658c59ff0730d3e11f],
    PUP.Optional.DealPly.A, HKU\S-1-5-21-2848668751-3459609102-2438702030-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}, Quarantined, [dd746fb1b8d2d1658c59ff0730d3e11f],
    PUP.Optional.SettingsProtector.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pgafcinpmmpklohkojmllohdhomoefph, Quarantined, [5ff264bc2268fa3c37783c60748f19e7],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-2848668751-3459609102-2438702030-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [5df4a17f4446e155aaf2c3dafc07fc04],

    Registry Values: 1
    PUP.Optional.BrowserManager.A, HKU\S-1-5-21-2848668751-3459609102-2438702030-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{58bd07eb-0ee0-4df0-8121-dc9b693373df}, C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension, Quarantined, [2d2421ff701aaa8c6949a7f08f7449b7]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. Latine

    Latine TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/25/2010 2:47:42 AM
    System Uptime: 2/19/2015 10:45:10 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 144E
    Processor: AMD Turion(tm) II P520 Dual-Core Processor | Socket S1G4 | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 282 GiB total, 107.07 GiB free.
    D: is FIXED (NTFS) - 16 GiB total, 2.246 GiB free.
    E: is FIXED (FAT32) - 0 GiB total, 0.089 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Canon MX860 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MX860 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP545: 1/26/2015 1:33:46 PM - Scheduled Checkpoint
    RP546: 2/4/2015 9:18:34 PM - Scheduled Checkpoint
    RP547: 2/9/2015 10:20:28 AM - Installed MySQL Installer - Community
    RP548: 2/16/2015 1:55:20 PM - Installed MySQL Installer - Community
    RP549: 2/16/2015 2:02:27 PM - Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    RP550: 2/16/2015 2:16:58 PM - Installed MySQL Installer - Community
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Acrobat.com
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 16 ActiveX
    Adobe Flash Player 16 NPAPI
    Adobe Help Manager
    Adobe Reader 9.5.2 MUI
    Adobe Shockwave Player
    Adobe Shockwave Player 11.6
    Age of Empires II - The Conquerors - 1.0e Patch FINAL
    Akamai NetSession Interface
    Alcor Micro USB Card Reader
    ALOT Appbar
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD USB Filter Driver
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASPCA Reminder by We-Care.com v4.1.19.1
    Atheros Driver Installation Program
    aTube Catcher version 3.8
    Audacity 2.0.5
    AutoHotkey 1.0.48.05
    avast! Free Antivirus
    BargainMatch version 1.0.5.0
    Battlelog Web Plugins
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Bonjour
    BrowserProtect
    Build-a-lot 2
    Build and Shoot Launcher 1.2
    Cake Mania
    Canon MX860 series MP Drivers
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CLEAR Connection Manager
    CodeBlocks
    Compatibility Pack for the 2007 Office system
    Control ActiveX de Windows Live Mesh para conexiones remotas
    CoS Arkadia Micro-client Launcher
    CyberLink DVD Suite
    D3DX10
    DAEMON Tools Lite
    DealPly (remove only)
    Dev-C++ 5 beta 9 release (4.9.9.2)
    Diner Dash 2 Restaurant Rescue
    DJ OldGames Package: Star Wars: X-Wing
    Dora's Carnival Adventure
    DVD Menu Pack for HP MediaSmart Video
    Endless War 7 Free Trial
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESN Sonar
    ESU for Microsoft Windows 7
    f.lux
    Facebook Video Calling 3.1.0.521
    Faerie Solitaire
    Fast Search
    FATE
    FormatFactory 3.3.5.0
    Freemake Video Converter version 4.1.4
    Galería fotográfica de Windows Live
    Game Dev Tycoon v1.4.16 build 240714
    Ghost Control 3.0.6
    Ghost Mouse Auto Clicker 3.8.2
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Happy Cloud Client
    Hi-Rez Studios Authenticate and Update Service
    Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    Hotspot Shield 3.42
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Movies and TV
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart SmartMenu
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Power Plan Utility
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Update
    HP User Guides 0182
    HP Wireless Assistant
    Hulu Desktop
    IDT Audio
    InterActual Player
    Jagged Alliance Online - Steam Edition
    Java 7 Update 71
    Java 8 Update 20
    Java 8 Update 25 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 25
    Java SE Development Kit 7 Update 67
    Java SE Development Kit 7 Update 71
    Java SE Development Kit 8 Update 20
    Java SE Development Kit 8 Update 25 (64-bit)
    Java(TM) 6 Update 23
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Lightshot-5.2.0.17
    LogMeIn Hamachi
    LOLReplay
    Malwarebytes Anti-Malware version 2.0.4.1028
    Matemátics
    McAfee Security Scan Plus
    MegaDownloader 0.82
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Age of Empires II
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Business 2010 - English
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 Express - ENU
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
    Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Minecraft1.6.1
    MixPad
    Movie Theme Pack for HP MediaSmart Video
    Mozilla Firefox 35.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Installer - Community
    MySQL Server 5.6
    MySQL Workbench 6.2 CE
    Mystery P.I. - The New York Fortune
    NCSOFT Game Launcher
    Need For Speed™ World
    NetBeans IDE 7.3.1
    NetBeans IDE 8.0
    Nexon Game Manager
    Norton Online Backup
    Norton Security Scan
    OldSchool RuneScape Launcher 1.2.3
    Origin
    paint.net
    Penguins!
    PhotoNow!
    PhotoScape
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    PrivateTunnel
    PunkBuster Services
    Python 2.7 (64-bit)
    Python 2.7 psutil-0.4.1
    Python 2.7 Twisted-12.0.0
    Python 2.7 Twisted-12.3.0
    Python 2.7 zope.interface-3.8.0
    Python 2.7.3 (64-bit)
    Python 3.1.1 (64-bit)
    Python 3.4.2
    Raptr
    Razer Game Booster
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Recovery Manager
    Robocraft
    Roxio CinemaNow 2.0
    RPG MAKER VX Ace
    RuneScape Launcher 1.2.3
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Setup Support for WeCare 1.0
    Skype Click to Call
    Skype™ 6.18
    SpeedFan (remove only)
    SPX Instant Screen Capture 7
    Sql Server Customer Experience Improvement Program
    SqliteBrowser3
    Steam
    Sumotori Dreams
    Sumotori Full Version
    Switch Sound File Converter
    swMSM
    System Requirements Lab
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    TERA
    TextTwist 2
    Tom Clancy's Ghost Recon Phantoms - NA
    Torch
    Triviadore
    Unity
    Unity Web Player
    Unturned
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VibrateGameDeviceDrivers40
    VIO Player version 1.0.1
    Virtual Families
    Virtual Villagers - The Secret City
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.1.3
    VST Bridge 1.1
    WavePad Sound Editor
    Wheel of Fortune 2
    WhiteSmoke
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    WinRAR 5.10 (64-bit)
    Xfire (remove only)
    Xvid 1.2.2 final uninstall
    Yontoo Layers 1.10.01
    Zuma's Revenge
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (ELL)
    Zune Language Pack (FIN)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NOR)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/19/2015 10:53:49 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/17/2015 9:37:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service

    to connect.
    2/17/2015 9:37:35 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not

    respond to the start or control request in a timely fashion.
    2/17/2015 10:21:29 AM, Error: Service Control Manager [7000] - The DealPly Live Service (dealplylive) service failed to start due to the following error: The system

    cannot find the file specified.
    2/14/2015 10:55:56 AM, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  5. Latine

    Latine TS Rookie Topic Starter Posts: 21

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 11.20.2
    Run by n at 11:54:17 on 2015-02-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1782 [GMT -3:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\n\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
    C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\nacl64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uProxyOverride = <local>;*.local
    uURLSearchHooks: {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll
    BHO: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: BargainMatch Extension: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch\bmext.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [AdobeBridge] <no file>
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - C:\Program Files (x86)\BargainMatch\bmext.dll/content|js|bargainmatchoptions.hta
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: NameServer = 200.40.220.245 200.40.30.245
    TCP: Interfaces\{30201A0D-64EB-480B-AAC9-BEEF05205E1A} : DHCPNameServer = 75.94.255.12 64.13.115.12
    TCP: Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422} : DHCPNameServer = 200.40.220.245 200.40.30.245
    TCP: Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422}\2656C6B696E6E2662323E2765756374737 : DHCPNameServer = 192.168.169.1
    TCP: Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422}\662756378602C41455E4442595 : DHCPNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
    TCP: Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
    TCP: Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422}\765627162746F637F647F6 : DHCPNameServer = 192.168.0.1
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= c:\progra~3\browse~1\261040~1.25\{c16c1~1\browse~1.dll ???F?
    SSODL: WebCheck - <orphaned>
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\n\AppData\Roaming\Mozilla\Firefox\Profiles\fg9ufld8.default-1419697647822\
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
    FF - plugin: C:\Users\n\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\n\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-24 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-24 224896]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-12-24 1041168]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-12-24 427360]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-2 283064]
    R1 DVMIO;DeviceVM IO Service;C:\Windows\System32\drivers\dvmio.sys [2010-1-30 20056]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-12-26 44744]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-8-4 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-24 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-24 92008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-4 50344]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-12-1 2530128]
    R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2014-5-16 919040]
    R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2014-5-16 430344]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-11-14 417552]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-2-17 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-2-17 969016]
    R2 MySQL56;MySQL56;C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [2014-11-21 13035008]
    R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-7-4 105448]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-7-20 46136]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-7 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-2-17 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-2-17 63704]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-5-16 42184]
    R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-19 38456]
    S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-17 40448]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 bcm;WiMAX Network Adapter;C:\Windows\System32\drivers\drxvi314_64.sys [2010-7-8 357248]
    S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\System32\drivers\BcmBusCtr_64.sys [2010-7-8 62976]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-26 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" --> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [?]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-11-17 43032]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-19 291328]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-29 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [2010-5-19 89600]
    S4 AlotService;ALOT Update Service;C:\Users\n\AppData\LocalLow\alotservice\alotservice.exe [2012-10-23 255880]
    S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 203264]
    S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
    S4 CACLEARWIRE;Clearwire Con App Svc;C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2010-11-17 124240]
    S4 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
    S4 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]
    S4 CLEARWIRERcAppSvc;Clearwire RcAppSvc;C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2010-11-17 120144]
    S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe --> C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [?]
    S4 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
    S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    S4 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [2012-12-14 24064]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S4 SMSI Device Launch Service;Clearwire Device Launch Service;C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2010-11-17 107856]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    S4 TorchCrashHandler;Torch Crash Handler;C:\Users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe [2014-7-17 1217032]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    ShellExec: switch.exe: open="C:\Program Files (x86)\NCH Software\Switch\switch" "%L"
    .
    =============== Created Last 30 ================
    .
    2015-02-17 19:14:51 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2015-02-17 19:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2015-02-17 19:14:12 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2015-02-17 19:14:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-16 17:17:30 -------- d-----w- C:\Program Files (x86)\MySQL
    2015-02-16 17:05:48 -------- d-----w- C:\Users\n\AppData\Roaming\MySQL
    2015-02-16 17:04:13 -------- d-----w- C:\Program Files\MySQL
    2015-02-13 02:50:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4CF1843A-3FC0-4ABA-B0C2-4A119424B629}\offreg.dll
    2015-02-12 18:31:14 -------- d-----w- C:\Users\n\AppData\Local\Youtube_Tutorial
    2015-02-12 18:30:10 -------- d-----w- C:\Users\n\AppData\Local\Super_Block_Shooter_2D
    2015-02-11 10:01:40 -------- d-----w- C:\Users\n\AppData\Roaming\dk.tangramgames.portraits
    2015-02-09 13:21:06 -------- d-----w- C:\ProgramData\MySQL
    2015-01-29 17:40:18 -------- d-----w- C:\Users\n\.nbprofiler
    .
    ==================== Find3M ====================
    .
    2015-02-05 18:05:09 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-02-05 18:05:09 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-12-04 02:14:27 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-11-24 17:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-11-21 19:05:44 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    .
    ============= FINISH: 11:56:37.69 ===============
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  7. Latine

    Latine TS Rookie Topic Starter Posts: 21

    RogueKiller V10.4.1.0 [Feb 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : n [Administrator]
    Mode : Delete -- Date : 02/20/2015 14:45:50

    ¤¤¤ Processes : 2 ¤¤¤
    [PUP] (SVC) hshld -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe[-] -> Stopped
    [PUP] (SVC) HssWd -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe[7] -> Stopped

    ¤¤¤ Registry : 32 ¤¤¤
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} (C:\Program Files (x86)\WhiteSmoke\osmax64.ocx) -> Not selected
    [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlotService (C:\Users\n\AppData\LocalLow\alotservice\alotservice.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TorchCrashHandler (C:\Users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AlotService (C:\Users\n\AppData\LocalLow\alotservice\alotservice.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TorchCrashHandler (C:\Users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AlotService (C:\Users\n\AppData\LocalLow\alotservice\alotservice.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hshld (C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssTrayService (C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HssWd (C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TorchCrashHandler (C:\Users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 200.40.220.245 200.40.30.245 [URUGUAY (UY)][URUGUAY (UY)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.40.220.245 200.40.30.245 [URUGUAY (UY)][URUGUAY (UY)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30201A0D-64EB-480B-AAC9-BEEF05205E1A} | DhcpNameServer : 75.94.255.12 64.13.115.12 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422} | DhcpNameServer : 200.40.220.245 200.40.30.245 [URUGUAY (UY)][URUGUAY (UY)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{30201A0D-64EB-480B-AAC9-BEEF05205E1A} | DhcpNameServer : 75.94.255.12 64.13.115.12 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422} | DhcpNameServer : 200.40.220.245 200.40.30.245 [URUGUAY (UY)][URUGUAY (UY)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{30201A0D-64EB-480B-AAC9-BEEF05205E1A} | DhcpNameServer : 75.94.255.12 64.13.115.12 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{821F4F11-D3BC-474C-B026-CCF260591422} | DhcpNameServer : 200.40.220.245 200.40.30.245 [URUGUAY (UY)][URUGUAY (UY)] -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] FacebookUpdateTaskUserS-1-5-21-2848668751-3459609102-2438702030-1000Core.job -- C:\Users\n\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Deleted
    [Suspicious.Path] FacebookUpdateTaskUserS-1-5-21-2848668751-3459609102-2438702030-1000UA.job -- C:\Users\n\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> Deleted
    [Suspicious.Path] \\FacebookUpdateTaskUserS-1-5-21-2848668751-3459609102-2438702030-1000Core -- C:\Users\n\AppData\Local\Facebook\Update\FacebookUpdate.exe (/c /nocrashserver) -> Deleted
    [Suspicious.Path] \\FacebookUpdateTaskUserS-1-5-21-2848668751-3459609102-2438702030-1000UA -- C:\Users\n\AppData\Local\Facebook\Update\FacebookUpdate.exe (/ua /installsource scheduler) -> ERROR [0]

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 1 (Driver: Not loaded [0xc000036b]) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (firefox.exe) ntdll.dll - LdrUnloadDll : C:\Program Files\AVAST Software\Avast\snxhk.dll @ 0x743bcef0 (jmp 0x7438caf4)

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] fg9ufld8.default-1419697647822 : Hotspot Shield Extension [afproxy@anchorfree.com] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3256GSY ATA Device +++++
    --- User ---
    [MBR] 7132c98d213bff3f708a625098cd265a
    [BSP] 6a6f40e922264496280043aebbd0037b : Unknown MBR Code
    Partition table:
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_02202015_144426.log
     
  8. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Rootkit BETA

    1.09.1.1004
    www.malwarebytes.org

    Database version:
    main: v2015.02.20.06
    rootkit: v2015.02.20.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17126
    n :: N-PC [administrator]

    2/20/2015 3:20:01 PM
    mbar-log-2015-02-20 (15-20-01).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit |

    Drivers | MBR | Physical Sectors |

    Memory | Startup | Registry | File System

    | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 378575
    Time elapsed: 31 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  9. Latine

    Latine TS Rookie Topic Starter Posts: 21

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17126

    Java version: 1.6.0_23

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4021182464, free: 955535360

    Downloaded database version: v2015.02.20.06
    Downloaded database version: v2015.02.20.01
    Downloaded database version: v2014.12.06.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.09.1.1004

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17126

    Java version: 1.6.0_23

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.294000 GHz
    Memory total: 4021182464, free: 1088794624

    =======================================
    Initializing...
    ------------ Kernel report ------------
    02/20/2015 15:19:43
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\SysWOW64\speedfan.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\system32\DRIVERS\hpdskflt.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\hssdrv6.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\dvmio.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\Accelerometer.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\tapoas.sys
    \SystemRoot\system32\DRIVERS\taphss6.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\amdiox64.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\AtihdW76.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\setupapi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\lpk.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\usp10.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\wininet.dll
    \Windows\System32\user32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!

    Scan started
    Database versions:
    main: v2015.02.20.06
    rootkit: v2015.02.20.01

    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004310260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80042e9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004310260, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004319b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
    DevicePointer: 0xfffffa80042dd060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 3524AC13

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600 Numsec = 591824896

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 592234496 Numsec = 32694272

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 624928768 Numsec = 211632

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Ok, so after an hour without life (internet) :

    ComboFix 15-02-16.01 - n 02/20/2015 23:13:07.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1836 [GMT -3:00]
    Running from: c:\users\n\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\EPLog.txt
    C:\END
    C:\LIN
    c:\lin\common\Operation7.ini
    c:\program files (x86)\alotappbar
    c:\program files (x86)\alotappbar\alotUninst.exe
    c:\program files (x86)\alotappbar\bin\alotappbar.dll
    c:\program files (x86)\alotappbar\bin\alothelper.dll
    c:\program files (x86)\alotappbar\bin\alotsettings.exe
    c:\program files (x86)\alotappbar\bin\alotwidgets.exe
    c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
    c:\windows\msdownld.tmp
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\aswOfferTool.exe . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\avBugReport.exe . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\avbugreport_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\cbmraozz.sys . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\HTMLayout.dll . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\instcont_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\Instup.dll . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\instup.exe . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\instup_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\offertool_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\selfdefense_x64_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\selfdefense_x86_ais-7db.vpx . . . . Failed to delete
    c:\users\n\AppData\Local\Temp\_av_iup.tm~a01132\setgui_ais-7db.vpx . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_AlotService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-01-21 to 2015-02-21 )))))))))))))))))))))))))))))))
    .
    .
    2015-02-21 02:40 . 2015-02-21 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-20 18:19 . 2015-02-20 18:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-02-20 17:31 . 2015-02-20 17:36 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-02-20 17:31 . 2015-02-20 17:31 -------- d-----w- c:\programdata\RogueKiller
    2015-02-19 21:50 . 2015-02-19 21:50 474990 ----a-w- c:\users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\t.exe
    2015-02-19 21:41 . 2015-02-19 21:42 -------- d-----w- c:\program files (x86)\CodeBlocks
    2015-02-19 20:53 . 2015-02-19 20:54 -------- d-----w- C:\Dev-Cpp
    2015-02-17 19:14 . 2015-02-21 02:45 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-02-17 19:14 . 2015-02-20 18:19 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-02-17 19:14 . 2014-11-21 09:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-02-17 19:14 . 2015-02-17 19:14 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-02-16 17:17 . 2015-02-16 17:17 -------- d-----w- c:\program files (x86)\MySQL
    2015-02-16 17:05 . 2015-02-16 17:05 -------- d-----w- c:\users\n\AppData\Roaming\MySQL
    2015-02-16 17:04 . 2015-02-16 17:19 -------- d-----w- c:\program files\MySQL
    2015-02-12 18:31 . 2015-02-12 18:31 -------- d-----w- c:\users\n\AppData\Local\Youtube_Tutorial
    2015-02-12 18:30 . 2015-02-12 18:30 -------- d-----w- c:\users\n\AppData\Local\Super_Block_Shooter_2D
    2015-02-11 10:01 . 2015-02-11 10:05 -------- d-----w- c:\users\n\AppData\Roaming\dk.tangramgames.portraits
    2015-02-09 13:21 . 2015-02-16 17:19 -------- d-----w- c:\programdata\MySQL
    2015-01-29 17:40 . 2015-01-29 17:41 -------- d-----w- c:\users\n\.nbprofiler
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-02-05 18:05 . 2014-01-10 16:10 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-02-05 18:05 . 2012-01-17 00:00 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-11 19:20 . 2014-12-11 19:20 98304 ----a-r- c:\users\n\AppData\Roaming\Microsoft\Installer\{2583CDBA-8A53-4622-BB67-1D163714C1B4}\python_icon.exe
    2014-12-04 02:14 . 2014-12-04 02:15 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-11-24 17:04 . 2010-09-29 03:58 275080 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A1F60E28-5D50-447B-B4D9-3B4AB0D674E7}]
    2012-10-17 21:50 1083392 ----a-w- c:\program files (x86)\BargainMatch\bmext.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "f.lux"="c:\users\n\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-04 4085896]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-01 3835728]
    "Lightshot"="c:\program files (x86)\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
    R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
    R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
    R3 X6va022;X6va022;c:\windows\SysWOW64\Drivers\X6va022;c:\windows\SysWOW64\Drivers\X6va022 [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    R4 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [x]
    R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
    R4 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [x]
    R4 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [x]
    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
    R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    R4 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    R4 TorchCrashHandler;Torch Crash Handler;c:\users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe;c:\users\n\AppData\Local\Torch\Update\TorchCrashHandler.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys;c:\windows\SYSNATIVE\DRIVERS\dvmio.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
    S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
    S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld.exe [x]
    S2 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-20 15:19 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-10 18:05]
    .
    2015-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:00]
    .
    2015-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 18:00]
    .
    2015-02-19 c:\windows\Tasks\HPCeeScheduleForn.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43]
    .
    2015-02-21 c:\windows\Tasks\update-S-1-5-21-2848668751-3459609102-2438702030-1000.job
    - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-30 21:44]
    .
    2015-02-20 c:\windows\Tasks\update-sys.job
    - c:\program files (x86)\Skillbrains\Updater\Updater.exe [2014-08-30 21:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-08-04 15:26 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {{A1F60E28-5D50-447B-B4D9-3B4AB0D674E7} - res://c:\program files (x86)\BargainMatch\bmext.dll/content|js|bargainmatchoptions.hta
    TCP: DhcpNameServer = 200.40.220.245 200.40.30.245
    FF - ProfilePath - c:\users\n\AppData\Roaming\Mozilla\Firefox\Profiles\fg9ufld8.default-1419697647822\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - (no file)
    BHO-{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
    Toolbar-{A531D99C-5A22-449b-83DA-872725C6D0ED} - c:\program files (x86)\alotappbar\bin\ALOTHelper.dll
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} - (no file)
    AddRemove-alotAppbar - c:\program files (x86)\alotappbar\alotUninst.exe
    AddRemove-Audacity_is1 - c:\program files (x86)\Audacity\unins000.exe
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
    AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
    AddRemove-FormatFactory - I:\formatfactory\uninst.exe
    AddRemove-Freemake Video Converter_is1 - c:\program files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe
    AddRemove-LOLReplay - c:\program files (x86)\LOLReplay\uninstall.exe
    AddRemove-nbi-nb-base-7.3.1.0.201306052037 - c:\program files (x86)\NetBeans 7.3.1\uninstall.exe
    AddRemove-NSS - c:\program files (x86)\Norton Security Scan\Engine\4.0.3.27\InstWrap.exe
    AddRemove-Origin - c:\program files (x86)\Origin\OriginUninstall.exe
    AddRemove-PhotoScape - c:\program files (x86)\PhotoScape\uninstall.exe
    AddRemove-PunkBusterSvc - c:\program files (x86)\EA Games\Battlefield Play4Free\pbsvc_p4f.exe
    AddRemove-Raptr - c:\program files (x86)\Raptr\uninstall.exe
    AddRemove-RPGVXAce_E_is1 - c:\program files (x86)\Enterbrain\RPGVXAce\unins000.exe
    AddRemove-StarWarsXWing44 - c:\program files (x86)\Oldgames\Star Wars X-Wing\Uninst.exe
    AddRemove-VST Bridge_is1 - c:\program files (x86)\Audacity\Plug-ins\VST Bridge\unins000.exe
    AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe
    AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
    AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
    AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
    AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
    AddRemove-WildTangentGDF-hp-runescape - c:\program files (x86)\HP Games\Web Link - RuneScape HD\Uninstall.exe
    AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
    AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
    AddRemove-WT082122 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe
    AddRemove-WT082124 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
    AddRemove-WT082133 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe
    AddRemove-WT082141 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
    AddRemove-WT082168 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe
    AddRemove-WT082170 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe
    AddRemove-WT082171 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe
    AddRemove-WT082172 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
    AddRemove-WT082173 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
    AddRemove-WT082188 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
    AddRemove-WT082189 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe
    AddRemove-WT082192 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
    AddRemove-WT082200 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
    AddRemove-WT082241 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
    AddRemove-WT082396 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe
    AddRemove-WT082438 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe
    AddRemove-WT082442 - c:\program files (x86)\HP Games\Faerie Solitaire\Uninstall.exe
    AddRemove-WT082443 - c:\program files (x86)\HP Games\Jewel Quest 3\Uninstall.exe
    AddRemove-WT082456 - c:\program files (x86)\HP Games\Mystery P.I. - The New York Fortune\Uninstall.exe
    AddRemove-WT082463 - c:\program files (x86)\HP Games\Zuma's Revenge\Uninstall.exe
    AddRemove-WT082468 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
    AddRemove-WT083477 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe
    AddRemove-WT083484 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe
    AddRemove-WT083491 - c:\program files (x86)\HP Games\TextTwist 2\Uninstall.exe
    AddRemove-Xfire - c:\program files (x86)\Xfire\uninst.exe
    AddRemove-Xvid_is1 - c:\program files (x86)\Xvid\unins000.exe
    AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
    AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
    AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
    AddRemove-{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1 - c:\program files (x86)\Ghost Mouse Auto Clicker\unins000.exe
    AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe
    AddRemove-HappyCloud - c:\programdata\HappyCloud\Application\uninstaller.exe
    AddRemove-psutil-py2.7 - c:\python27\Removepsutil.exe
    AddRemove-teraenmasse - c:\programdata\HappyCloud\Cache\TERA\hcuninstaller.exe
    AddRemove-Twisted-py2.7 - c:\python27\RemoveTwisted.exe
    AddRemove-UnityWebPlayer - c:\users\n\AppData\Local\Unity\WebPlayer\Uninstall.exe
    AddRemove-zope.interface-py2.7 - c:\python27\Removezope.interface.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va021]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va022]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va022"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\SecuROM\License information*]
    "datasecu"=hex:71,3d,58,99,ed,4d,af,24,6f,9f,c2,e7,51,e2,a0,a2,f1,98,3f,27,7d,
    f6,a5,6c,f0,18,bc,50,e8,04,3b,cb,33,08,05,15,d4,ec,e1,c6,d8,9a,8c,5a,83,b6,\
    "rkeysecu"=hex:0b,5d,43,f2,f7,1e,b4,c3,4e,f7,d1,b5,e0,47,0f,b5
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.16"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    .
    **************************************************************************
    .
    Completion time: 2015-02-20 23:52:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-02-21 02:52
    .
    Pre-Run: 131,472,613,376 bytes free
    Post-Run: 131,284,156,416 bytes free
    .
    - - End Of File - - 3C85F84C768390819F4A8D03A02D1A1F
    FC494F2FFD4B8C1FE60758709680DD7B
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  13. Latine

    Latine TS Rookie Topic Starter Posts: 21

    # AdwCleaner v4.111 - Logfile created 21/02/2015 at 15:28:29
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : n - N-PC
    # Running from : C:\Users\n\Downloads\adwcleaner_4.111.exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : hshld
    [#] Service Deleted : torchcrashhandler

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\BrowserProtect
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\torchcrashhandler
    Folder Deleted : C:\ProgramData\Allmyapps
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Surf Canyon
    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\Users\n\AppData\Local\Conduit
    Folder Deleted : C:\Users\n\AppData\Local\PackageAware
    Folder Deleted : C:\Users\n\AppData\Local\torch
    Folder Deleted : C:\Users\n\AppData\Local\CrashRpt
    Folder Deleted : C:\Users\n\AppData\LocalLow\alotappbar
    Folder Deleted : C:\Users\n\AppData\LocalLow\alotservice
    Folder Deleted : C:\Users\n\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\n\AppData\Roaming\Search Protection
    Folder Deleted : C:\Users\n\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\n\AppData\Roaming\Allmyapps
    Folder Deleted : C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
    Folder Deleted : C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
    Folder Deleted : C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps
    Folder Deleted : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
    File Deleted : C:\alotserviceruntime.log
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\n\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    File Deleted : C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    File Deleted : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
    File Deleted : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
    File Deleted : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
    File Deleted : C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage

    ***** [ Scheduled tasks ] *****

    Task Deleted : BrowserProtect
    Task Deleted : DealPlyUpdate
    Task Deleted : update-sys
    Task Deleted : update-S-1-5-21-2848668751-3459609102-2438702030-1000

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [infoatoms@infoatoms.com]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot]
    Key Deleted : HKCU\Software\5e578ddee73bbe12
    Key Deleted : HKLM\SOFTWARE\5e578ddee73bbe12
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3014000
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449B-83DA-872725C6D0ED}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A531D99C-5A22-449B-83DA-872725C6D0ED}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A4C6FF19-C8D1-49B3-A34C-4DF1D72BA404}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4C6FF19-C8D1-49B3-A34C-4DF1D72BA404}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\alotservice
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\AVG Nation toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Surf Canyon
    Key Deleted : HKCU\Software\torch
    Key Deleted : HKCU\Software\wscontb
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\alotAppbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
    Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\InfoAtoms
    Key Deleted : HKLM\SOFTWARE\torch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    -\\ Google Chrome v40.0.2214.115

    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    -\\ Chromium v

    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.com/s/{searchTerms}
    [C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    *************************

    AdwCleaner[R0].txt - [21400 bytes] - [21/02/2015 15:17:37]
    AdwCleaner[R1].txt - [21460 bytes] - [21/02/2015 15:24:14]
    AdwCleaner[S0].txt - [21396 bytes] - [21/02/2015 15:28:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21456 bytes] ##########
     
  14. Latine

    Latine TS Rookie Topic Starter Posts: 21

    (JRT) WAY too many characters... I could split them each post but it's not easy as it sounds. I made a pastebin for it: http://pastebin.com/6hxJ0N9n
     
    Last edited: Feb 21, 2015
  15. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
    Ran by n (administrator) on N-PC on 21-02-2015 15:55:21
    Running from C:\Users\n\Downloads
    Loaded Profiles: n (Available profiles: n)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
    HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\Run: [f.lux] => C:\Users\n\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM-x32 -> {AFA6B03B-3092-4058-913C-22A1BEEBBF05} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    SearchScopes: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/search?q={searchTerms}&pc=Z007&form=ZGAIDF
    SearchScopes: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> {AFA6B03B-3092-4058-913C-22A1BEEBBF05} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> {CA1B8335-82F5-4250-9B1A-B6C632CCEF89} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 200.40.220.245 200.40.30.245

    FireFox:
    ========
    FF ProfilePath: C:\Users\n\AppData\Roaming\Mozilla\Firefox\Profiles\fg9ufld8.default-1419697647822
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll (Hulu LLC)
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\n\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\n\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
    FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-02-04]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-04]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24]
    FF HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

    Chrome:
    =======
    CHR HomePage: Default ->
    CHR StartupUrls: Default -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\n\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Hide Fedora) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjgabfifnnmmlckmnijdbijgbfpedde [2015-02-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
    CHR Extension: (Battlefield Heroes) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2013-11-05]
    CHR Extension: (AdBlock) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-03]
    CHR Extension: (Avast Online Security) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-24]
    CHR Extension: (Google Wallet) - C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
    S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S4 CACLEARWIRE; C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [124240 2010-11-17] (SmithMicro Inc.)
    S4 clearwireDeviceDiagnosticsService; C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [398848 2010-06-17] () [File not signed]
    S4 CLEARWIRERcAppSvc; C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [120144 2010-11-17] (SmithMicro Inc.)
    S4 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () [File not signed]
    S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
    R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
    S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-02-22] (Hewlett-Packard Company) [File not signed]
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-11-14] (LogMeIn, Inc.)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
    R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13035008 2014-11-21] () [File not signed]
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5232840 2013-11-28] (INCA Internet Co., Ltd.)
    S4 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [24064 2012-12-14] () [File not signed]
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-15] ()
    R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
    S4 SMSI Device Launch Service; C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [107856 2010-11-17] ()
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
    S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-04] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-04] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-04] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-04] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-04] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-04] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-04] ()
    S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [357248 2010-07-08] (Beceem communications pvt ltd.)
    S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-07-08] (Beceem communications pvt ltd.)
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-02] (Disc Soft Ltd)
    R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-30] (DeviceVM, Inc.)
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-11-17] (Smith Micro Inc.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11616 2000-09-19] () [File not signed]
    R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    R3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-20] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
    S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-21 15:55 - 2015-02-21 15:56 - 00023995 _____ () C:\Users\n\Downloads\FRST.txt
    2015-02-21 15:55 - 2015-02-21 15:55 - 00000000 ____D () C:\FRST
    2015-02-21 15:54 - 2015-02-21 15:54 - 02086912 _____ (Farbar) C:\Users\n\Downloads\FRST64.exe
    2015-02-21 15:52 - 2015-02-21 15:52 - 00189969 _____ () C:\Users\n\Desktop\JRT.txt
    2015-02-21 15:36 - 2015-02-21 15:36 - 01388274 _____ (Thisisu) C:\Users\n\Downloads\JRT.exe
    2015-02-21 15:17 - 2015-02-21 15:29 - 00000000 ____D () C:\AdwCleaner
    2015-02-21 15:16 - 2015-02-21 15:16 - 02126848 _____ () C:\Users\n\Downloads\adwcleaner_4.111.exe
    2015-02-20 23:52 - 2015-02-20 23:52 - 00032878 _____ () C:\ComboFix.txt
    2015-02-20 23:08 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-02-20 23:08 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-02-20 23:08 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-02-20 23:08 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-02-20 23:08 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-02-20 23:08 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-02-20 23:08 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-02-20 23:08 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-02-20 23:06 - 2015-02-20 23:53 - 00000000 ____D () C:\Qoobox
    2015-02-20 23:05 - 2015-02-20 23:49 - 00000000 ____D () C:\Windows\erdnt
    2015-02-20 23:02 - 2015-02-20 23:03 - 05611903 ____R (Swearware) C:\Users\n\Downloads\ComboFix.exe
    2015-02-20 15:19 - 2015-02-20 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-02-20 15:00 - 2015-02-20 15:55 - 00000000 ____D () C:\Users\n\Desktop\mbar
    2015-02-20 14:53 - 2015-02-20 14:54 - 16502728 _____ (Malwarebytes Corp.) C:\Users\n\Downloads\mbar-1.09.1.1004.exe
    2015-02-20 14:31 - 2015-02-20 14:36 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-02-20 14:31 - 2015-02-20 14:31 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-02-20 14:30 - 2015-02-20 14:31 - 15533656 _____ () C:\Users\n\Desktop\RogueKiller.exe
    2015-02-19 19:14 - 2015-02-19 19:14 - 01294088 _____ (Mojang) C:\Users\n\Downloads\Minecraft (2).exe
    2015-02-19 18:57 - 2015-02-19 18:58 - 00086398 _____ () C:\Users\n\Desktop\[1-7-2]_Lucky_Block_v5-0-0.jar
    2015-02-19 18:41 - 2015-02-19 18:42 - 00000000 ____D () C:\Program Files (x86)\CodeBlocks
    2015-02-19 18:41 - 2015-02-19 18:41 - 00001055 _____ () C:\Users\n\Desktop\CodeBlocks.lnk
    2015-02-19 18:07 - 2015-02-19 18:23 - 105122348 _____ (The Code::Blocks Team) C:\Users\n\Downloads\codeblocks-13.12mingw-setup-TDM-GCC-481.exe
    2015-02-19 17:59 - 2015-02-19 18:03 - 00474990 _____ () C:\Users\n\Desktop\cpp.exe
    2015-02-19 17:56 - 2015-02-19 18:03 - 00000102 _____ () C:\Users\n\Desktop\cpp.cpp
    2015-02-19 17:53 - 2015-02-19 17:54 - 00000000 ____D () C:\Dev-Cpp
    2015-02-19 17:48 - 2015-02-19 17:53 - 09326468 _____ () C:\Users\n\Downloads\devcpp-4.9.9.2_setup.exe
    2015-02-19 11:58 - 2015-02-19 11:58 - 00016914 _____ () C:\Users\n\Desktop\tpTWO.txt
    2015-02-19 11:57 - 2015-02-19 11:57 - 00016914 _____ () C:\Users\n\Desktop\attach.txt
    2015-02-19 11:57 - 2015-02-19 11:56 - 00023927 _____ () C:\Users\n\Desktop\dds.txt
    2015-02-19 11:50 - 2015-02-19 11:50 - 00688992 ____R (Swearware) C:\Users\n\Downloads\dds.com
    2015-02-19 11:42 - 2015-02-19 11:42 - 00002574 _____ () C:\Users\n\Desktop\tpONE.txt
    2015-02-17 16:45 - 2015-02-17 16:45 - 00001049 _____ () C:\Users\n\Desktop\oijoi.txt
    2015-02-17 16:22 - 2015-02-17 16:22 - 00000666 _____ () C:\Users\n\Desktop\joijio.txt
    2015-02-17 16:14 - 2015-02-21 15:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-02-17 16:14 - 2015-02-20 15:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-02-17 16:14 - 2015-02-17 16:14 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-02-17 16:14 - 2015-02-17 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-02-17 16:14 - 2015-02-17 16:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-02-17 16:14 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-02-17 16:12 - 2015-02-17 16:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\n\Downloads\mbam-setup-2.0.4.1028.exe
    2015-02-17 12:32 - 2015-02-17 12:32 - 00968125 _____ () C:\Users\n\Downloads\T cavewall iso.zip
    2015-02-17 12:32 - 2015-02-17 12:32 - 00570480 _____ () C:\Users\n\Downloads\Tmsw iso.zip
    2015-02-17 12:32 - 2015-02-17 12:32 - 00560254 _____ () C:\Users\n\Downloads\T beautiful town iso.zip
    2015-02-17 12:32 - 2015-02-17 12:32 - 00335915 _____ () C:\Users\n\Downloads\TSdungeon.zip
    2015-02-17 12:32 - 2015-02-17 12:32 - 00068533 _____ () C:\Users\n\Downloads\T woodenfence iso.zip
    2015-02-17 12:31 - 2015-02-17 12:32 - 00626258 _____ () C:\Users\n\Downloads\T rocks iso.zip
    2015-02-17 12:31 - 2015-02-17 12:31 - 00659125 _____ () C:\Users\n\Downloads\T_ripple_earth_dark.zip
    2015-02-16 16:05 - 2015-02-16 16:05 - 00006443 _____ () C:\Users\n\Documents\la.mwb
    2015-02-16 14:17 - 2015-02-16 14:17 - 00000000 ____D () C:\Program Files (x86)\MySQL
    2015-02-16 14:16 - 2015-02-16 14:16 - 01642496 _____ () C:\Users\n\Downloads\mysql-installer-web-community-5.6.23.0 (1).msi
    2015-02-16 14:05 - 2015-02-16 14:05 - 00000000 ____D () C:\Users\n\AppData\Roaming\MySQL
    2015-02-16 14:04 - 2015-02-16 14:19 - 00000000 ____D () C:\Program Files\MySQL
    2015-02-16 14:02 - 2015-02-16 14:02 - 07194312 _____ (Microsoft Corporation) C:\Users\n\Downloads\vcredist_x64.exe
    2015-02-16 13:56 - 2015-02-16 14:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
    2015-02-16 13:50 - 2015-02-16 13:54 - 296165376 _____ () C:\Users\n\Downloads\mysql-installer-community-5.6.23.0.msi
    2015-02-16 11:33 - 2015-02-16 11:34 - 00000469 _____ () C:\Windows\SynInst.log
    2015-02-14 16:28 - 2015-02-14 16:28 - 00000021 _____ () C:\Users\n\Desktop\dojdoidj.txt
    2015-02-12 15:31 - 2015-02-12 15:31 - 00000000 ____D () C:\Users\n\AppData\Local\Youtube_Tutorial
    2015-02-12 15:30 - 2015-02-12 15:30 - 09837056 _____ ( Evoluition Studios ) C:\Users\n\Downloads\Block Invaders.exe
    2015-02-12 15:30 - 2015-02-12 15:30 - 00000000 ____D () C:\Users\n\AppData\Local\Super_Block_Shooter_2D
    2015-02-12 15:28 - 2015-02-12 15:28 - 02483712 _____ (Microsoft Corporation) C:\Users\n\Downloads\Super Block Shooter 2D.exe
    2015-02-12 11:38 - 2015-02-17 12:33 - 00000000 ____D () C:\Users\n\Desktop\Game Development
    2015-02-11 07:14 - 2015-02-11 07:17 - 23753684 _____ () C:\Users\n\Downloads\LD 31 - O-Inari Origami Exe.zip
    2015-02-11 07:01 - 2015-02-11 07:05 - 00000000 ____D () C:\Users\n\AppData\Roaming\dk.tangramgames.portraits
    2015-02-11 07:00 - 2015-02-11 07:00 - 09013390 _____ () C:\Users\n\Downloads\90secondportraits-win32.zip
    2015-02-11 06:54 - 2015-02-11 06:54 - 00000000 ____D () C:\Users\n\Desktop\BlockBrigade_Download
    2015-02-11 06:53 - 2015-02-11 06:53 - 00179530 _____ () C:\Users\n\Downloads\BlockBrigade_Download.zip
    2015-02-09 21:11 - 2015-02-09 21:11 - 00000051 _____ () C:\Users\n\Desktop\Python.py
    2015-02-09 21:04 - 2015-02-09 21:04 - 00000024 _____ () C:\Users\n\Desktop\sa.py
    2015-02-09 10:21 - 2015-02-16 14:19 - 00000000 ____D () C:\ProgramData\MySQL
    2015-02-09 10:21 - 2015-02-09 10:21 - 00000000 ____D () C:\Windows\System32\Tasks\MySQL
    2015-02-09 10:20 - 2015-02-09 10:20 - 01642496 _____ () C:\Users\n\Downloads\mysql-installer-web-community-5.6.23.0.msi
    2015-02-04 16:19 - 2015-02-17 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox
    2015-02-02 22:28 - 2013-03-28 16:05 - 00000000 ____D () C:\Users\n\Desktop\A Slower Speed of Light
    2015-02-02 22:27 - 2015-02-02 22:28 - 107052850 _____ () C:\Users\n\Downloads\A_Slower_Speed_of_Light.zip
    2015-01-31 14:00 - 2015-01-31 14:00 - 00019546 _____ () C:\Users\n\Desktop\OS_Kit (2).jar
    2015-01-30 16:14 - 2015-01-30 16:14 - 00000192 _____ () C:\Users\n\Desktop\dks.txt
    2015-01-29 15:26 - 2015-01-29 15:26 - 00012600 _____ () C:\Users\n\Downloads\1398697500_com-adi-dev-java-netbeans-plugins-laf-changer.nbm
    2015-01-29 15:26 - 2015-01-29 15:26 - 00012600 _____ () C:\Users\n\Desktop\1398697500_com-adi-dev-java-netbeans-plugins-laf-changer.nbm
    2015-01-29 14:40 - 2015-01-29 14:41 - 00000000 ____D () C:\Users\n\.nbprofiler
    2015-01-23 16:38 - 2015-01-23 16:37 - 00011495 _____ () C:\Users\n\Desktop\OS_Kit.jar

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-21 15:54 - 2010-10-17 04:22 - 00003894 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5AD50F4E-8EA9-48BC-B0F5-6DCE662BE8E4}
    2015-02-21 15:39 - 2009-07-14 01:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-21 15:39 - 2009-07-14 01:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-21 15:36 - 2009-07-14 02:13 - 00006872 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-21 15:35 - 2010-05-19 22:17 - 01876903 _____ () C:\Windows\WindowsUpdate.log
    2015-02-21 15:34 - 2013-08-04 14:21 - 00000000 ____D () C:\Users\n\AppData\Local\LogMeIn Hamachi
    2015-02-21 15:33 - 2011-02-06 22:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-21 15:31 - 2014-11-24 18:31 - 00030936 _____ () C:\Windows\setupact.log
    2015-02-21 15:31 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-21 15:18 - 2011-02-06 22:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-21 15:05 - 2014-12-06 15:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-21 14:22 - 2014-06-20 13:53 - 00000216 _____ () C:\Users\n\BullseyeCoverageError.txt
    2015-02-21 10:28 - 2013-12-24 11:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-02-21 00:53 - 2014-09-17 07:10 - 00000000 ____D () C:\Users\n\AppData\Local\Apps\2.0
    2015-02-20 23:53 - 2009-07-14 00:20 - 00000000 __RHD () C:\Users\Default
    2015-02-20 23:44 - 2009-07-13 23:34 - 00000215 _____ () C:\Windows\system.ini
    2015-02-20 23:42 - 2014-12-26 14:48 - 00083366 _____ () C:\Windows\PFRO.log
    2015-02-20 23:41 - 2009-07-13 23:34 - 99876864 _____ () C:\Windows\system32\config\software.bak
    2015-02-20 23:41 - 2009-07-13 23:34 - 24379392 _____ () C:\Windows\system32\config\system.bak
    2015-02-20 23:41 - 2009-07-13 23:34 - 01835008 _____ () C:\Windows\system32\config\default.bak
    2015-02-20 23:41 - 2009-07-13 23:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
    2015-02-20 23:41 - 2009-07-13 23:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
    2015-02-20 23:40 - 2011-02-06 22:39 - 00000000 ____D () C:\Users\n\AppData\Roaming\Skype
    2015-02-20 22:22 - 2014-12-03 23:19 - 00000000 ____D () C:\Users\n\AppData\Local\Eclipse
    2015-02-20 22:21 - 2014-12-08 11:58 - 00000000 ____D () C:\Users\n\Desktop\Eclipse
    2015-02-19 19:14 - 2015-01-03 19:09 - 00000000 ____D () C:\Users\n\Downloads\game
    2015-02-19 19:06 - 2012-11-02 19:29 - 00000000 ____D () C:\Users\n\AppData\Roaming\.minecraft
    2015-02-19 18:55 - 2014-01-03 09:12 - 00000000 ____D () C:\Users\n\AppData\Roaming\CodeBlocks
    2015-02-19 18:50 - 2014-01-03 09:12 - 00000000 ____D () C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
    2015-02-19 17:54 - 2013-12-28 15:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
    2015-02-19 15:11 - 2015-01-08 19:45 - 00000000 ____D () C:\Users\n\Desktop\getgudscrub
    2015-02-19 12:49 - 2013-07-15 19:53 - 00003162 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForn
    2015-02-19 12:49 - 2013-07-15 19:53 - 00000316 _____ () C:\Windows\Tasks\HPCeeScheduleForn.job
    2015-02-19 12:10 - 2013-11-05 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World
    2015-02-19 12:10 - 2013-07-14 17:46 - 00000000 ____D () C:\Users\n\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
    2015-02-19 12:10 - 2009-07-14 02:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-02-17 16:14 - 2014-02-07 19:35 - 00000000 ____D () C:\Users\n\AppData\Roaming\Malwarebytes
    2015-02-17 16:14 - 2014-02-07 19:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-02-17 14:53 - 2013-12-19 10:32 - 00000092 _____ () C:\Users\n\AppData\Roaming\WB.CFG
    2015-02-16 14:02 - 2014-06-18 23:12 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-02-16 11:34 - 2010-09-25 03:02 - 00000000 ____D () C:\Users\n\AppData\Local\VirtualStore
    2015-02-07 17:15 - 2014-09-06 00:58 - 00000024 _____ () C:\Users\n\jagexappletviewer.preferences
    2015-02-07 17:15 - 2014-08-30 11:53 - 00000040 _____ () C:\Users\n\jagex_cl_oldschool_LIVE.dat
    2015-02-06 09:01 - 2014-01-10 00:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-02-05 15:05 - 2014-12-06 15:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-05 15:05 - 2014-01-10 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 15:05 - 2012-01-16 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-04 02:13 - 2011-02-06 22:41 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-02-04 02:13 - 2011-02-06 22:41 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-01-29 21:18 - 2013-07-22 20:29 - 00000040 _____ () C:\Users\n\jagex_cl_runescape_LIVE.dat
    2015-01-29 14:40 - 2010-09-25 02:47 - 00000000 ____D () C:\Users\n
    2015-01-29 14:28 - 2015-01-15 12:43 - 00000168 _____ () C:\Users\n\Documents\AutoHotkey.ahk
    2015-01-22 23:13 - 2014-08-30 14:06 - 00000000 ____D () C:\Users\n\Documents\NetBeansProjects

    ==================== Files in the root of some directories =======

    2014-07-28 21:16 - 2014-08-16 13:11 - 0000132 _____ () C:\Users\n\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2011-03-12 10:30 - 2011-06-02 01:11 - 0001854 _____ () C:\Users\n\AppData\Roaming\GhostObjGAFix.xml
    2013-12-19 10:32 - 2015-02-17 14:53 - 0000092 _____ () C:\Users\n\AppData\Roaming\WB.CFG
    2014-07-10 23:02 - 2014-07-15 18:40 - 0001456 _____ () C:\Users\n\AppData\Local\Adobe Save for Web 13.0 Prefs
    2011-06-21 07:44 - 2011-06-21 07:44 - 0000000 ____H () C:\Users\n\AppData\Local\BITD1E4.tmp
    2011-06-04 10:28 - 2011-06-04 10:28 - 0000000 ____H () C:\Users\n\AppData\Local\BITE98A.tmp
    2014-03-27 22:00 - 2014-05-28 18:22 - 0005632 _____ () C:\Users\n\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-02-11 13:45 - 2014-02-11 13:45 - 0001257 _____ () C:\Users\n\AppData\Local\recently-used.xbel
    2014-08-30 11:16 - 2014-08-30 11:16 - 0000003 _____ () C:\Users\n\AppData\Local\updater.log
    2014-08-30 11:16 - 2014-12-18 15:01 - 0000425 _____ () C:\Users\n\AppData\Local\UserProducts.xml
    2012-05-20 21:28 - 2012-05-20 21:28 - 0017408 _____ () C:\Users\n\AppData\Local\WebpageIcons.db
    2011-06-27 08:00 - 2011-06-27 08:00 - 0000000 _____ () C:\Users\n\AppData\Local\{1B084964-17C9-4F1E-BDC7-70FA1894DB32}
    2011-06-21 07:44 - 2011-06-21 07:44 - 0000000 _____ () C:\Users\n\AppData\Local\{286C200E-6F47-4E5C-88C9-88CFC7E048DF}
    2014-09-29 01:59 - 2014-09-29 01:59 - 0000000 _____ () C:\Users\n\AppData\Local\{396C1483-6159-4BDE-AC57-785AD1B13FA5}
    2011-06-04 10:27 - 2011-06-04 10:28 - 0000000 _____ () C:\Users\n\AppData\Local\{64CCE38C-B457-405D-800F-C1CBB4FC4A4B}
    2014-05-04 23:31 - 2014-05-04 23:32 - 0000000 _____ () C:\Users\n\AppData\Local\{92F8BBD1-1129-4264-8937-7E6BD09BC54D}
    2014-05-04 23:35 - 2014-05-04 23:35 - 0000000 _____ () C:\Users\n\AppData\Local\{E5E99D2D-1CFB-44D2-A74E-06818F5B3C28}
    2011-04-30 14:44 - 2011-04-30 14:44 - 0000000 _____ () C:\Users\n\AppData\Local\{F7EB5963-6C19-495B-A82E-8DDBA5C42EC1}
    2011-02-06 22:47 - 2011-02-06 22:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-05-19 22:40 - 2010-05-19 22:40 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-04-07 17:53 - 2010-04-07 17:53 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-05-19 22:40 - 2010-05-19 22:40 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-04-07 17:46 - 2010-04-07 17:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-05-19 22:39 - 2010-05-19 22:39 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-05-19 22:40 - 2010-05-19 22:40 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-04-07 17:46 - 2010-04-07 17:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-04-07 17:47 - 2010-04-07 17:53 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-05-19 22:40 - 2010-05-19 22:40 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Files to move or delete:
    ====================
    C:\Users\n\alotic_preferences.dat
    C:\Users\n\alotic_preferences2.dat
    C:\Users\n\jagex_cl_oldschool_LIVE.dat
    C:\Users\n\jagex_cl_runescape_LIVE.dat
    C:\Users\n\jagex_cl_runescape_LIVE1.dat
    C:\Users\n\keystore.dat
    C:\Users\n\matrixii_cl_matrix_LIVE.dat
    C:\Users\n\random.dat
    C:\Users\n\uid.dat


    Some content of TEMP:
    ====================
    C:\Users\n\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
    C:\Users\n\AppData\Local\Temp\Quarantine.exe
    C:\Users\n\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-15 14:38

    ==================== End Of Log ============================
     
  16. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
    Ran by n at 2015-02-21 15:56:50
    Running from C:\Users\n\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\uTorrent) (Version: 3.4.1.30888 - BitTorrent Inc.)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Reader 9.5.2 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
    Akamai NetSession Interface (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F96E3A91-FFE9-4486-B3B0-E5B77E712286}) (Version: 1.1.517.35203 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.1.517.35203 - Alcor Micro Corp.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASPCA Reminder by We-Care.com v4.1.19.1 (HKLM-x32\...\{F5575DD6-8112-45A6-8FFA-C7249C3D8E1F}) (Version: 4.1.19.1 - We-Care.com)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
    aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
    Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
    AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    BargainMatch version 1.0.5.0 (HKLM-x32\...\{D195A6AC-DCDD-4800-B27A-68E530307129}_is1) (Version: 1.0.5.0 - Inuvo)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Build and Shoot Launcher 1.2 (HKLM-x32\...\Build and Shoot Launcher) (Version: 1.2 - Buld Then Snip, LLC)
    Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Canon MX860 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
    Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
    CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CLEAR Connection Manager (HKLM\...\{B84290E4-2B69-476C-BD9A-401F9F0197EB}) (Version: 2.00.0094.0 - Clearwire)
    CodeBlocks (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    CoS Arkadia Micro-client Launcher (HKLM-x32\...\{9C108657-4DCC-4A57-B782-C09B7447D732}) (Version: 2.0.0.0 - MECHANIST.co)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
    DJ OldGames Package: Star Wars: X-Wing (HKLM-x32\...\StarWarsXWing44) (Version: 1.0.4.0 - DJ)
    Dora's Carnival Adventure (x32 Version: 2.2.0.82 - WildTangent) Hidden
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
    Endless War 7 Free Trial (HKLM-x32\...\Endless War 7 Free Trial_is1) (Version: - Vitaly Zaborov)
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    f.lux (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\Flux) (Version: - )
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.82 - WildTangent) Hidden
    FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
    Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Game Dev Tycoon v1.4.16 build 240714 (HKLM-x32\...\Game Dev Tycoon v1.4.16 build 2407141.4.16) (Version: 1.4.16 - Friends in War)
    Ghost Control 3.0.6 (HKLM-x32\...\Ghost Control_is1) (Version: - N.R.S.)
    Ghost Mouse Auto Clicker 3.8.2 (HKLM-x32\...\{62D023F4-CFDF-4E49-9DAA-52DFF37E6C73}_is1) (Version: - AMAC Ltd.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
    HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
    HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.80 - WildTangent)
    HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3822 - Hewlett-Packard)
    HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
    HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3903 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3911 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3911 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
    HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2261 - HP Photo Creations Powered by RocketLife)
    HP Power Plan Utility (HKLM-x32\...\{F6B6A150-08FA-46D5-808A-EB638269551D}) (Version: 1.0.6 - Hewlett-Packard)
    HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}) (Version: 4.0.112.1 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
    HP User Guides 0182 (HKLM-x32\...\{FAA82788-113E-41E8-BE5D-B95D765173DD}) (Version: 1.01.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM\...\{E6BC696E-5E96-4C1B-9371-379AF3A46B6B}) (Version: 4.0.4.2 - Hewlett-Packard)
    Hulu Desktop (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\HuluDesktop) (Version: 0.9.11 - Hulu LLC)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6269.0 - IDT)
    InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
    Jagged Alliance Online - Steam Edition (HKLM-x32\...\Steam App 218450) (Version: - Cliffhanger Productions)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)
    Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java SE Development Kit 7 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
    Java SE Development Kit 7 Update 67 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
    Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
    Java SE Development Kit 8 Update 20 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
    Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
    Java(TM) 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.230 - Sun Microsystems, Inc.)
    Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.2515 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}) (Version: 1.18.12.1 - LightScribe)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.279 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.279 - LogMeIn, Inc.) Hidden
    LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.5.2 - www.leaguereplays.com)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Matemátics (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\36b07f91f5cc2132) (Version: 1.0.0.0 - Matemátics)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    MegaDownloader 0.82 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 0.82 - Andres_age)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
    Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.5123.5005 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0C0A-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
    Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Minecraft1.6.1 (HKLM-x32\...\Minecraft1.6.1) (Version: - )
    MixPad (HKLM-x32\...\MixPad) (Version: 3.51 - NCH Software)
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MySQL Installer - Community (HKLM-x32\...\{882D8FD0-AAE7-4CA0-A355-8EFC8C7B369D}) (Version: 1.4.3.0 - Oracle Corporation)
    MySQL Server 5.6 (HKLM\...\{37BB8A81-DAF8-4DC4-84E9-2668FE8C6959}) (Version: 5.6.22 - Oracle Corporation)
    MySQL Workbench 6.2 CE (HKLM\...\{B632465A-857D-4FC2-A76E-B1F3693527D8}) (Version: 6.2.4 - Oracle Corporation)
    Mystery P.I. - The New York Fortune (x32 Version: 2.2.0.82 - WildTangent) Hidden
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
    Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
    NetBeans IDE 7.3.1 (HKLM-x32\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org)
    NetBeans IDE 8.0 (HKLM-x32\...\nbi-nb-base-8.0.0.0.201403101706) (Version: 8.0 - NetBeans.org)
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
    Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.34 - Symantec)
    Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
    OldSchool RuneScape Launcher 1.2.3 (HKLM-x32\...\{CCCEAAD4-3D2F-42C1-9AAA-08D458DB3509}) (Version: 1.2.3 - Jagex Ltd)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
    paint.net (HKLM\...\{141BA46D-2D1F-4DA6-9448-B847334585C0}) (Version: 4.0.4 - dotPDN LLC)
    Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Poker Superstars III (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.3715 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) Hidden
    PrivateTunnel (HKLM-x32\...\{1880714F-98B5-4DD1-9A33-98863B4E009B}) (Version: 2.0.0.0 - OpenVPN Technologies)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
    Python 2.7 (64-bit) (HKLM\...\{20C31435-2A0A-4580-BE8B-AC06FC243CA5}) (Version: 2.7.150 - Python Software Foundation)
    Python 2.7 Twisted-12.0.0 (HKLM-x32\...\{2E9D4ECD-62E1-4575-82A0-0002D6AB096A}) (Version: 12.0.0 - Twisted Matrix Laboratories)
    Python 2.7.3 (64-bit) (HKLM\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}) (Version: 2.7.3150 - Python Software Foundation)
    Python 3.1.1 (64-bit) (HKLM\...\{7ff90460-89b7-435b-b583-b37b2815ccc8}) (Version: 3.1.1150 - Python Software Foundation)
    Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
    Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
    Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden
    Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
    RPG MAKER VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
    RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
    Setup Support for WeCare 1.0 (HKLM-x32\...\Setup Support for WeCare) (Version: 1.0 - Sono Control Inc.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    SPX Instant Screen Capture 7 (HKLM-x32\...\SPX Instant Screen Capture_is1) (Version: 7 - Tanida Software)
    Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
    SqliteBrowser3 (HKLM-x32\...\SqliteBrowser3) (Version: 3.2.0 - oldsch00l)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    Sumotori Dreams (HKLM-x32\...\Sumotori Dreams) (Version: - )
    Sumotori Full Version (HKLM-x32\...\Sumotori Full Version) (Version: - )
    Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.52 - NCH Software)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab (HKLM-x32\...\{FAB9454C-6A8D-4031-9652-8B1B1D561456}) (Version: 6.0.7.0 - Husdawg, LLC)
    System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    TeamSpeak 3 Client (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
    TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.41 - En Masse Entertainment)
    TextTwist 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version: - Ubisoft Singapore)
    Triviadore (HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\...\5c5036aef8e0a04e) (Version: 1.0.0.0 - Hewlett-Packard)
    Unity (HKLM-x32\...\Unity) (Version: - Unity Technologies ApS)
    Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VibrateGameDeviceDrivers40 (HKLM\...\{DBB7F606-0C13-4182-AD7F-427A4773580E}) (Version: 4.0.09.1130 - VibrateGameDeviceDriver)
    VIO Player version 1.0.1 (HKLM-x32\...\{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1) (Version: 1.0.1 - VIO)
    Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    VST Bridge 1.1 (HKLM-x32\...\VST Bridge_is1) (Version: - )
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
    Wheel of Fortune 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden
    WhiteSmoke (HKLM-x32\...\WhiteSmoke) (Version: 1.00.6033.11714 - WhiteSmoke)
    WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
    WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
    Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
    Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
    Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> No File Path

    ==================== Restore Points =========================

    04-02-2015 21:18:34 Scheduled Checkpoint
    09-02-2015 10:20:28 Installed MySQL Installer - Community
    16-02-2015 13:55:20 Installed MySQL Installer - Community
    16-02-2015 14:02:27 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
    16-02-2015 14:16:58 Installed MySQL Installer - Community
    20-02-2015 14:52:16 Techspot scanning date

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 23:34 - 2015-02-20 23:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {3088B11D-F594-4690-88C1-0402EB584CBC} - System32\Tasks\HPCeeScheduleForn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {3E3D2746-F772-4685-BB50-2DB582BEF0D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {506CE739-B4ED-4D64-846A-DD5BB931E9B8} - System32\Tasks\{E16CF0AB-3894-470B-9357-F3186C26F75E} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/es/go/help.faq.installer?LastError=1603
    Task: {5CC5B356-8AC0-4943-8598-665D4BFBBCE7} - System32\Tasks\{BF0245ED-18A1-4802-94A4-3D19C984367F} => pcalua.exe -a "C:\Users\n\Desktop\Adobe Photoshop CS3 Lite\Adobe Photoshop CS3 Lite.exe" -d "C:\Users\n\Desktop\Adobe Photoshop CS3 Lite"
    Task: {6D803667-511E-491B-8C32-0442214812B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
    Task: {7BB9F538-F414-4780-B6F4-F2D635C90916} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
    Task: {809771B0-224A-451A-8ADF-040E92347B1D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {93A6B743-8943-4939-86A0-241E5173E168} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
    Task: {98BFAE7B-CD8D-4C9C-A804-6F4BD89DC186} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {9D214C9F-CE58-480C-A8C3-00CA37B04F12} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    Task: {A4CA9B2B-CB34-45E8-BE02-03BEB94FD80A} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
    Task: {AA4099DD-4150-4AE1-823F-F2ED465DD689} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()
    Task: {B1864D13-93C8-4E69-A211-C5C1D4D3336C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {B7417D40-A7BC-49A1-A33A-A3C956648110} - System32\Tasks\{B16CC412-34A3-4BA0-B4BA-E7FCC477C33F} => pcalua.exe -a "C:\Program Files (x86)\Microsoft Games\Age of Empires II\UNINSTALX.EXE" -c /runtemp /addremove
    Task: {CEEA70C0-5FA7-4F27-8F9A-9BF987D205A9} - System32\Tasks\{8FEB1961-FF63-4F72-BD07-508A2AB861FC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
    Task: {F32642D9-347A-4DDB-B2EF-452198CCA401} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2014-10-31] (Oracle Corporation)
    Task: {FEC97DEC-F3A1-42FE-B2F6-4A15C2DA6C09} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Loaded Modules (whitelisted) ==============

    2014-05-16 19:34 - 2014-05-16 19:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2014-11-21 07:31 - 2014-11-21 07:31 - 13035008 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
    2013-11-05 19:58 - 2014-07-15 23:04 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
    2014-08-04 12:26 - 2014-08-04 12:26 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2015-02-21 10:29 - 2015-02-21 10:29 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15022100\algo.dll
    2014-05-16 21:11 - 2014-05-16 21:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
    2014-08-04 12:26 - 2014-08-04 12:26 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-02-20 12:22 - 2015-02-17 19:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-02-20 12:22 - 2015-02-17 19:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-02-20 12:22 - 2015-02-17 19:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
    2015-02-20 12:22 - 2015-02-17 19:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
    AlternateDataStreams: C:\Users\n\Downloads\No Subject (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\No Subject (2).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\No Subject.eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\SOL. DE BAJA (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\SOL. DE BAJA.eml:OECustomProperty

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\n\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 200.40.220.245 - 200.40.30.245

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AESTFilters => 2
    MSCONFIG\Services: AlotService => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Apple Mobile Device => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BstHdAndroidSvc => 2
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: CACLEARWIRE => 3
    MSCONFIG\Services: CinemaNow Service => 2
    MSCONFIG\Services: clearwireDeviceDiagnosticsService => 2
    MSCONFIG\Services: CLEARWIRERcAppSvc => 3
    MSCONFIG\Services: DvmMDES => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: gusvc => 3
    MSCONFIG\Services: Hamachi2Svc => 2
    MSCONFIG\Services: HiPatchService => 2
    MSCONFIG\Services: HP Support Assistant Service => 2
    MSCONFIG\Services: HP Wireless Assistant Service => 2
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: hpsrv => 2
    MSCONFIG\Services: HPWMISVC => 2
    MSCONFIG\Services: hshld => 2
    MSCONFIG\Services: HssTrayService => 3
    MSCONFIG\Services: HssWd => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LightScribeService => 2
    MSCONFIG\Services: LMIGuardianSvc => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: OpenVPNAccessClient => 2
    MSCONFIG\Services: PCToolsSSDMonitorSvc => 2
    MSCONFIG\Services: RzKLService => 2
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: SMSI Device Launch Service => 2
    MSCONFIG\Services: STacSV => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: TorchCrashHandler => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PrivateTunnel.lnk => C:\Windows\pss\PrivateTunnel.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^n^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\n\AppData\Local\Akamai\netsession_win.exe"
    MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    MSCONFIG\startupreg: AmIcoSinglun64 => "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
    MSCONFIG\startupreg: AVG-Secure-Search-Update_0913b => C:\Users\n\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 13b92707acb447d3a9f0660ef5e2c4ca-335d01fd79d94c92372e56a0149e48ecac37dc4e --CMPID 0913b
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Clearwire Connection Manager => "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
    MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    MSCONFIG\startupreg: Desktop Software => "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    MSCONFIG\startupreg: Facebook Update => "C:\Users\n\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Ghost Control => "C:\Program Files (x86)\Ghost Control\ghost.exe" -startup
    MSCONFIG\startupreg: HP Quick Launch => "C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
    MSCONFIG\startupreg: HP Software Update => "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
    MSCONFIG\startupreg: HPAdvisorDock => "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
    MSCONFIG\startupreg: HPWirelessAssistant => "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LightScribe Control Panel => "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    MSCONFIG\startupreg: LightShot => C:\Users\n\AppData\Local\Skillbrains\lightshot\Lightshot.exe
    MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: SearchProtection => "C:\Users\n\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SmartMenu => "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
    MSCONFIG\startupreg: SPX => C:\Program Files (x86)\SPX Instant Screen Capture\spx.exe
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: SysTrayApp => "C:\Program Files\IDT\WDM\sttray64.exe"
    MSCONFIG\startupreg: uTorrent => "C:\Users\n\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"

    ==================== Accounts: =============================

    Administrator (S-1-5-21-2848668751-3459609102-2438702030-500 - Administrator - Disabled)
    Guest (S-1-5-21-2848668751-3459609102-2438702030-501 - Limited - Disabled)
    n (S-1-5-21-2848668751-3459609102-2438702030-1000 - Administrator - Enabled) => C:\Users\n

    ==================== Faulty Device Manager Devices =============

    Name: Canon MX860 ser Network
    Description: Canon MX860 ser Network
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Canon
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-02-20 23:38:25.443
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-02-20 23:38:24.320
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: AMD Turion(tm) II P520 Dual-Core Processor
    Percentage of memory in use: 55%
    Total physical RAM: 3834.9 MB
    Available physical RAM: 1707.93 MB
    Total Pagefile: 7667.98 MB
    Available Pagefile: 4618.27 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.83 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:282.2 GB) (Free:122.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:15.59 GB) (Free:2.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 3524AC13)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=282.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End Of Log ============================
     
  17. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Will cleaning my computer increase the performance? My computer use to be much faster than it is now... I always get 30-40 fps in games but after a few minutes it drops to 10, why could this be happening?

    The "input" has been improving but only thing is that when I'm typing the "text cursor" goes back a few words.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Game performance may be a subject to a different forum when we finish here.

    As for the "input" issue...
    ...does it happen in all programs?
    ...did you try different keyboard?

    [​IMG] Uninstall McAfee Security Scan, typical foistware.

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-02-2015
    Ran by n at 2015-02-21 21:23:15 Run:1
    Running from C:\Users\n\Downloads
    Loaded Profiles: n (Available profiles: n)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
    FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
    FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF Plugin HKU\S-1-5-21-2848668751-3459609102-2438702030-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
    S2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [X]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
    S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
    S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
    C:\Users\n\alotic_preferences.dat
    C:\Users\n\alotic_preferences2.dat
    C:\Users\n\jagex_cl_oldschool_LIVE.dat
    C:\Users\n\jagex_cl_runescape_LIVE.dat
    C:\Users\n\jagex_cl_runescape_LIVE1.dat
    C:\Users\n\keystore.dat
    C:\Users\n\matrixii_cl_matrix_LIVE.dat
    C:\Users\n\random.dat
    C:\Users\n\uid.dat
    C:\Users\n\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
    C:\Users\n\AppData\Local\Temp\Quarantine.exe
    C:\Users\n\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> No File Path
    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
    AlternateDataStreams: C:\Users\n\Downloads\No Subject (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\No Subject (2).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\No Subject.eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\SOL. DE BAJA (1).eml:OECustomProperty
    AlternateDataStreams: C:\Users\n\Downloads\SOL. DE BAJA.eml:OECustomProperty

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\MozillaPlugins\BearSharePlugin" => Key deleted successfully.
    C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin" => Key deleted successfully.
    C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll not found.
    ADExchange => Service deleted successfully.
    GamesAppService => Service deleted successfully.
    HiPatchService => Service deleted successfully.
    catchme => Service deleted successfully.
    EagleX64 => Service deleted successfully.
    X6va015 => Service deleted successfully.
    X6va021 => Service deleted successfully.
    X6va022 => Service deleted successfully.
    C:\Users\n\alotic_preferences.dat => Moved successfully.
    C:\Users\n\alotic_preferences2.dat => Moved successfully.
    C:\Users\n\jagex_cl_oldschool_LIVE.dat => Moved successfully.
    C:\Users\n\jagex_cl_runescape_LIVE.dat => Moved successfully.
    C:\Users\n\jagex_cl_runescape_LIVE1.dat => Moved successfully.
    C:\Users\n\keystore.dat => Moved successfully.
    C:\Users\n\matrixii_cl_matrix_LIVE.dat => Moved successfully.
    C:\Users\n\random.dat => Moved successfully.
    C:\Users\n\uid.dat => Moved successfully.
    C:\Users\n\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => Moved successfully.
    C:\Users\n\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\n\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => Key deleted successfully.
    "HKU\S-1-5-21-2848668751-3459609102-2438702030-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}" => Key deleted successfully.
    C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
    C:\Users\n\Downloads\No Subject (1).eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\n\Downloads\No Subject (2).eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\n\Downloads\No Subject.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\n\Downloads\SOL. DE BAJA (1).eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\n\Downloads\SOL. DE BAJA.eml => ":OECustomProperty" ADS removed successfully.

    ==== End of Fixlog 21:23:16 ====
     
  20. Latine

    Latine TS Rookie Topic Starter Posts: 21

    It's not just game performance... overall the computer has been slower than before. Maybe all computers are fast when bought and end up slower, I don't know.

    The "input" issue happens on pretty much all text bars or text areas. I haven't tried on a different keyboard, thanks for the suggestion :)
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

     
  22. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Edited
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let me know about different keyboard.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  24. Latine

    Latine TS Rookie Topic Starter Posts: 21

    2015-02-22 01:20:43.967 Sophos Virus Removal Tool version 2.5.4
    2015-02-22 01:20:43.967 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-02-22 01:20:43.967 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-02-22 01:20:43.967 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
    2015-02-22 01:20:43.968 Checking for updates...
    2015-02-22 01:20:58.615 Update progress: proxy server not available
    2015-02-22 01:21:12.252 Option all = no
    2015-02-22 01:21:12.252 Option recurse = yes
    2015-02-22 01:21:12.252 Option archive = no
    2015-02-22 01:21:12.252 Option service = yes
    2015-02-22 01:21:12.252 Option confirm = yes
    2015-02-22 01:21:12.252 Option sxl = yes
    2015-02-22 01:21:12.258 Option max-data-age = 35
    2015-02-22 01:21:12.258 Option EnableSafeClean = yes
    2015-02-22 01:21:14.271 Option vdl-logging = yes
    2015-02-22 01:21:14.321 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-22 01:21:14.321 Machine ID: c31a837c082c4aefb92953a67b84ce3c
    2015-02-22 01:21:14.325 Component SVRTcli.exe version 2.5.4
    2015-02-22 01:21:14.325 Component control.dll version 2.5.4
    2015-02-22 01:21:14.326 Component SVRTservice.exe version 2.5.4
    2015-02-22 01:21:14.327 Component engine\osdp.dll version 1.44.1.2183
    2015-02-22 01:21:14.327 Component engine\veex.dll version 3.58.3.2183
    2015-02-22 01:21:14.328 Component engine\savi.dll version 8.1.5.2183
    2015-02-22 01:21:14.330 Component rkdisk.dll version 1.5.30.0
    2015-02-22 01:21:14.330 Version info: Product version 2.5.4
    2015-02-22 01:21:14.332 Version info: Detection engine 3.58.3
    2015-02-22 01:21:14.332 Version info: Detection data 5.11
    2015-02-22 01:21:14.332 Version info: Build date 2/3/2015
    2015-02-22 01:21:14.332 Version info: Data files added 275
    2015-02-22 01:21:14.332 Version info: Last successful update (not yet updated)
    2015-02-22 01:21:41.649 Downloading updates...
    2015-02-22 01:21:41.653 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-02-22 01:21:41.653 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-02-22 01:21:41.654 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-02-22 01:21:41.654 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-02-22 01:21:41.654 Update progress: [I49502] Found supplement IDE514 LATEST
    2015-02-22 01:21:41.654 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-02-22 01:21:41.654 Update progress: [I19463] Syncing product SAVIW32 51
    2015-02-22 01:21:54.397 Update progress: [I19463] Syncing product IDE512 166
    2015-02-22 01:21:54.830 Installing updates...
    2015-02-22 01:21:56.043 Error level 1
    2015-02-22 01:21:56.284 Update progress: [I19463] Syncing product IDE513 112
    2015-02-22 01:21:56.284 Update progress: [I19463] Syncing product IDE514 1
    2015-02-22 01:22:29.688 Update successful
    2015-02-22 01:22:44.788 Option all = no
    2015-02-22 01:22:44.788 Option recurse = yes
    2015-02-22 01:22:44.788 Option archive = no
    2015-02-22 01:22:44.788 Option service = yes
    2015-02-22 01:22:44.788 Option confirm = yes
    2015-02-22 01:22:44.788 Option sxl = yes
    2015-02-22 01:22:44.790 Option max-data-age = 35
    2015-02-22 01:22:44.790 Option EnableSafeClean = yes
    2015-02-22 01:22:44.877 Option vdl-logging = yes
    2015-02-22 01:22:44.882 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-02-22 01:22:44.882 Machine ID: c31a837c082c4aefb92953a67b84ce3c
    2015-02-22 01:22:44.884 Component SVRTcli.exe version 2.5.4
    2015-02-22 01:22:44.884 Component control.dll version 2.5.4
    2015-02-22 01:22:44.884 Component SVRTservice.exe version 2.5.4
    2015-02-22 01:22:44.884 Component engine\osdp.dll version 1.44.1.2183
    2015-02-22 01:22:44.885 Component engine\veex.dll version 3.58.3.2183
    2015-02-22 01:22:44.885 Component engine\savi.dll version 8.1.5.2183
    2015-02-22 01:22:44.885 Component rkdisk.dll version 1.5.30.0
    2015-02-22 01:22:44.885 Version info: Product version 2.5.4
    2015-02-22 01:22:44.886 Version info: Detection engine 3.58.3
    2015-02-22 01:22:44.886 Version info: Detection data 5.11G
    2015-02-22 01:22:44.886 Version info: Build date 2/3/2015
    2015-02-22 01:22:44.886 Version info: Data files added 274
    2015-02-22 01:22:44.886 Version info: Last successful update 2/21/2015 10:22:29 PM

    2015-02-22 01:25:24.043 Warning: rootkit scan failed to open volume "\\?\Volume{9bab6691-e9c3-11df-8844-fb9f5b6a6020}" (5)
    2015-02-22 02:01:15.622 >>> Virus 'Mal/Behav-053' found in file C:\Angel Process\AngelProcessor.exe
    2015-02-22 02:01:15.623 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:01:15.623 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:01:15.624 >>> Virus 'Mal/Behav-053' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 02:01:56.312 Could not open C:\hiberfil.sys
    2015-02-22 02:02:07.687 Could not open C:\pagefile.sys
    2015-02-22 03:10:32.669 Could not open C:\System Volume Information\{0a53aa51-b5e9-11e4-97a8-e9453bdfa03d}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.669 Could not open C:\System Volume Information\{0a53aa56-b5e9-11e4-97a8-e9453bdfa03d}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.669 Could not open C:\System Volume Information\{0a53aa63-b5e9-11e4-97a8-e9453bdfa03d}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.669 Could not open C:\System Volume Information\{25d686c2-ac81-11e4-b020-dddde45cec39}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.670 Could not open C:\System Volume Information\{2d8d1c67-ba2b-11e4-a808-d42c6c98143d}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.670 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.671 Could not open C:\System Volume Information\{a4cc2c4d-b911-11e4-af91-bbdb0509ac3b}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:10:32.671 Could not open C:\System Volume Information\{fb061c3a-b049-11e4-983e-98ef0f907c3e}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-02-22 03:12:30.444 Could not open C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-02-22 03:12:30.475 Could not open C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-02-22 03:12:30.664 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-02-22 03:12:30.691 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-02-22 03:12:39.470 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
    2015-02-22 03:12:39.817 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
    2015-02-22 03:12:42.722 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acjgabfifnnmmlckmnijdbijgbfpedde\LOCK (virus scan failed)
    2015-02-22 03:12:42.829 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-02-22 03:13:04.729 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-02-22 03:13:05.184 Could not check C:\Users\n\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\acjgabfifnnmmlckmnijdbijgbfpedde\LOCK (virus scan failed)
    2015-02-22 03:27:11.767 >>> Virus 'Troj/Agent-WFN' found in file C:\Users\n\Documents\Sony Vegas Pro\SonyVegas12\PARCHE VEGAS PRO 12 BY TUTOSWEB88\vegas.pro.12.-patch.exe
    2015-02-22 03:27:11.767 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:27:11.768 >>> Virus 'Troj/Agent-WFN' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:27:11.768 >>> Virus 'Troj/Agent-WFN' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:27:54.191 >>> Virus 'Mal/Generic-S' found in file C:\Users\n\Downloads\adwcleaner_4.111.exe
    2015-02-22 03:27:54.192 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:27:54.192 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:27:54.193 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:30:13.289 >>> Virus 'Java/Rat-C' found in file C:\Users\n\Visionary_Storage\gamepack.jar
    2015-02-22 03:30:13.291 >>> Virus 'Java/Rat-C' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:30:13.291 >>> Virus 'Java/Rat-C' found in file HKU\S-1-5-21-2848668751-3459609102-2438702030-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:30:13.292 >>> Virus 'Java/Rat-C' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-02-22 03:43:25.164 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-02-22 03:43:25.166 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-02-22 03:43:33.509 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-02-22 03:43:33.512 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-02-22 03:43:33.523 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-02-22 03:43:33.531 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-02-22 03:43:33.549 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-02-22 04:18:37.101 Could not open LOGICAL:0010:00000000
    2015-02-22 04:18:37.101 Could not open Q:\
    2015-02-22 04:18:38.272 The following items will be cleaned up:
    2015-02-22 04:18:38.272 Mal/Behav-053
    2015-02-22 04:18:38.272 Troj/Agent-WFN
    2015-02-22 04:18:38.272 Mal/Generic-S
    2015-02-22 04:18:38.272 Java/Rat-C
     
  25. Latine

    Latine TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 17-01-2015
    Ran by n (administrator) on 21-02-2015 at 22:01:47
    Running from "C:\Users\n\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...