Solved I have a backdoor malware! "Windows/temp/svchost.exe"

[Boldimore]

Today I started up my PC and as soon as it gotten to the desktop, AVG detected "General detection behavior" from a svchost.exe locaed in the Windows/temp folder. I searched on the net and found out that I cant remove it without your help. Please instruct me on how to remove this treat. Thanks in advance!

 

[Boldimore]

I followed the instructions from this link:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
---------------------------------------------------------------------------------------------------------
I have 2 logs, the second is after a computer restart(I wasn't prompted to do a restart)

• First Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Boldimore :: BOLDIMORE-PC [administrator]

Protection: Enabled

18.12.2013. 13:07:31
mbam-log-2013-12-18 (13-07-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215652
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

(end)
---------------------------------------------------------------------------------------------------------

• Second Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Boldimore :: BOLDIMORE-PC [administrator]

Protection: Enabled

18.12.2013. 13:19:51
mbam-log-2013-12-18 (13-19-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215550
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.
C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

(end)
---------------------------------------------------------------------------------------------------------

• DDS logs: DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Boldimore at 13:33:20 on 2013-12-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.6143.4560 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Boldimore Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Boldimore Program Files\Core Temp\Core Temp.exe
C:\Windows\System32\schtasks.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Boldimore Program Files\Super Charger\ChargeService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Boldimore Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\mmc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 32-bit\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 32-bit\bin\jp2ssv.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Boldimore Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AVG_UI] "C:\Boldimore Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Boldimore Program Files\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F0D3C39-705F-4E7E-9505-8476A2C9F8AC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E112D929-BF71-4EEB-BFE5-B4EFF94397DD} : DHCPNameServer = 7.254.254.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 64-bit\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 64-bit\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\
FF - plugin: C:\Boldimore Program Files\Java 32-bit\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Boldimore Program Files\Java 32-bit\bin\plugin2\npjp2.dll
FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\Boldimore Program Files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-2 283064]
R2 avgwd;AVG WatchDog;C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Boldimore Program Files\Super Charger\ChargeService.exe [2013-7-19 161264]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-13 1370912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-31 15128352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-23 414496]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-16 5341536]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Boldimore Program Files\Super Charger\NTIOLib_X64.sys [2013-7-19 13368]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-13 39200]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\System32\drivers\tap0901t.sys [2013-8-30 31232]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-7-20 44672]
S2 AVGIDSAgent;AVGIDSAgent;C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-18 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-18 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-18 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-19 19456]
S3 RTCore64;RTCore64;C:\Boldimore Program Files\EVGA Precision X\RTCore64.sys [2013-7-18 15176]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-19 805088]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-7-19 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-7-19 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 TunngleService;TunngleService;C:\Boldimore Program Files\Tunngle\TnglCtrl.exe [2013-8-30 759192]
S3 vncserver;VNC Server;C:\Boldimore Program Files\RealVNC\VNC Server\vncserver.exe [2013-10-22 4787008]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-11 1255736]
S3 XFDriver64;XFDriver64;C:\Program Files (x86)\Xfire2\XFDriver64.sys [2013-7-29 17160]
.
=============== Created Last 30 ================
.
2013-12-18 12:02:36 -------- d-----w- C:\Users\Boldimore\AppData\Roaming\Malwarebytes
2013-12-18 12:02:25 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-18 12:02:24 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-18 12:02:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 11:27:50 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-18 11:27:47 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\mpengine.dll
2013-12-16 17:50:13 -------- d-----w- C:\Program Files (x86)\TeamViewer
2013-12-15 20:41:02 -------- d-----w- C:\Users\Boldimore\AppData\Local\Apple
2013-12-14 10:43:29 -------- d-----w- C:\Windows\Migration
2013-12-13 11:53:02 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-13 11:53:02 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-12 23:32:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 23:32:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 23:32:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 23:32:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 23:30:58 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-12-12 23:30:57 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-12-12 23:30:40 -------- d-----w- C:\Windows\PCHEALTH
2013-12-10 23:00:30 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-09 13:42:01 -------- d-----w- C:\ProgramData\Stardock
2013-12-09 13:42:01 -------- d-----w- C:\ProgramData\Ironclad Games
2013-12-08 09:36:15 -------- d-----w- C:\Users\Boldimore\VirtualBox VMs
2013-12-08 09:31:58 -------- d-----w- C:\Users\Boldimore\.VirtualBox
2013-12-08 09:31:39 252688 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-12-08 09:31:33 126736 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-12-02 12:44:33 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-11-29 16:43:00 154896 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-11-29 16:43:00 140560 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-11-29 16:40:46 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-11-23 11:18:38 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-11-20 19:43:52 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-11-20 19:43:11 -------- d-----w- C:\ProgramData\Oracle
2013-11-20 19:43:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-20 10:45:16 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
2013-11-20 10:44:59 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
.
==================== Find3M ====================
.
2013-12-17 21:44:24 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-12-17 21:44:24 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-12-16 19:14:32 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-10 23:00:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:00:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-29 16:56:58 1096480 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-11-29 16:56:57 979744 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-23 17:42:12 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-23 17:42:12 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-23 17:42:10 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-23 17:42:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-23 17:42:10 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-22 16:28:31 3498475 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-05 20:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2013-11-04 20:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-10-31 22:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-10-31 21:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-10-30 17:02:58 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-24 21:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-10-23 14:11:22 129944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 10:34:12 4608 ----a-w- C:\Windows\System32\drivers\vncmirror.sys
2013-10-03 10:34:12 37704 ----a-w- C:\Windows\System32\VNCpm.dll
2013-10-03 10:34:12 26112 ----a-w- C:\Windows\System32\vncmirror.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-02 02:22:20 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2013-10-02 02:11:13 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08:53 12800 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48:59 56832 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll
2013-10-02 01:48:08 18944 ----a-w- C:\Windows\System32\wksprtPS.dll
2013-10-02 01:29:05 62976 ----a-w- C:\Windows\System32\tsgqec.dll
2013-10-02 01:10:56 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-10-02 00:15:45 1057280 ----a-w- C:\Windows\System32\rdvidcrl.dll
2013-10-02 00:14:58 50176 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14:20 17920 ----a-w- C:\Windows\SysWow64\wksprtPS.dll
2013-10-02 00:08:30 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2013-10-02 00:01:16 420864 ----a-w- C:\Windows\System32\wksprt.exe
2013-10-01 23:58:48 53248 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-10-01 23:31:09 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2013-10-01 23:08:10 855552 ----a-w- C:\Windows\SysWow64\rdvidcrl.dll
2013-10-01 22:34:12 1068544 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-10-01 20:57:46 6578176 ----a-w- C:\Windows\System32\mstscax.dll
2013-10-01 20:55:10 5698048 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-09-30 23:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 08:57:55 1884448 ----a-w- C:\Windows\System32\nvdispco6433140.dll
2013-09-27 08:57:55 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433140.dll
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:41 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
.
============= FINISH: 13:33:46,25 ===============
---------------------------------------------------------------------------------------------------------

• DDS logs: Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 19.7.2013. 19:15:52
System Uptime: 18.12.2013. 13:17:07 (0 hours ago)
.
Motherboard: MSI | | 870A-G54 (FX)
Processor: AMD FX(tm)-6100 Six-Core Processor | CPU1 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 250,116 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75991462&REV_03\4&28B85F88&0&00A9
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_75991462&REV_03\4&28B85F88&0&00A9
Service: RTL8167
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Tools for .Net 3.5
7-Zip 9.20 (x64 edition)
Acoustica Mixcraft 6
Adobe After Effects CS6
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Photoshop CS6
Adobe Reader XI (11.0.05)
Adobe Story
Advanced Installer 10.3
AMD APP SDK Runtime
AMD Catalyst Install Manager
APB Reloaded
Apple Application Support
Apple Software Update
µTorrent
Aurora 24.0a2 (x86 en-US)
Aurora 27.0a2 (x86 en-US)
AVG 2014
Bandicam
Bandisoft MPEG-1 Decoder
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Blend for Visual Studio Add-in for Adobe FXG Import
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Catalyst Control Center InstallProxy
CCleaner
Cheat Engine 6.3
Cities in Motion 2 (c) Paradox Interactive version 1
Click Speed Tester
Click Speed Tester v2.5.1
Command & Conquer™ Red Alert™ 3
Core Temp version 0.99.7
CPUID CPU-Z 1.67.1
Crossfire 1.9
DAEMON Tools Lite
Deadpool
Die Sims™ 3
Dotfuscator and Analytics Community Edition
Entity Framework Designer for Visual Studio 2012 - enu
EVGA Precision X 4.2.1
EXPERTool v8.9
Foul Play
GamersFirst LIVE!
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
GRID 2 (c) Codemasters version 1
GSplit 3
Hangman
Hangman v1.0.0
Hard Disk Sentinel PRO
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Java 7 Update 45
Java 7 Update 45 (64-bit)
Java Auto Updater
JavaScript Tooling
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft .NET Framework 4.5.1
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MorphVOX Pro
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA 3D Vision Controller Driver 331.93
NVIDIA 3D Vision Driver 331.93
NVIDIA Control Panel 331.93
NVIDIA GeForce Experience 1.8
NVIDIA Graphics Driver 331.93
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.10.5
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.10.5
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.12
Oracle VM VirtualBox 4.3.4
Origin
PDF Settings CS6
Perforce Visual Components
PowerDirector
PowerISO
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Pro Evolution Soccer 2013
Pro Evolution Soccer 2014
PunkBuster Services
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Serif WebPlus X6
Setup - Need for Speed Rivals (c) Electronic Arts ...
SHIELD Streaming
Skype™ 6.10
Steam
Super-Charger
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 9
TechPowerUp GPU-Z
Texas Hold'em Poker 3D - Deluxe Edition 1.0
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Seasons
The Sims™ 3 World Adventures
Tunngle beta
UE3Redist
Unreal Development Kit: 2013-07
Update for (KB2504637)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Visual Studio 2012 (KB2781514)
Urban Trial Freestyle version 1.0
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio 2012 Update 3 (KB2707250)
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Visual Studio Extensions for Windows Library for JavaScript
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.6
VNC Viewer 5.0.6
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows 7 Codec Pack 4.0.8
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinRAR 5.00 (64-bit)
World of Warcraft
Xfire 2.0
Xfire Codec (remove only)
YTD Video Downloader 4.6
.
==== Event Viewer Messages From Past Week ========
.
13.12.2013. 19:24:54, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
13.12.2013. 19:24:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 8 service to connect.
13.12.2013. 19:24:31, Error: Service Control Manager [7000] - The TeamViewer 8 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13.12.2013. 19:22:08, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

 

[Boldimore]

The only treats found are:
1. The svchost.exe in the Windows/Temp folder at startup(first detection was by AVG)
- The rest was detected by malwarebytes
2. C:\Windows\Temp\phatk121016.cl (Trojan.BitcoinMiner)
3. C:\Windows\Temp\scrypt130511.cl (Trojan.BitcoinMiner)
4. C:\Windows\Temp\diablo130302.cl (Trojan.BitcoinMiner)
5. C:\Windows\Temp\poclbm130302.cl (Trojan.BitcoinMiner)
6. C:\Windows\Temp\diakgcn121016.cl (Trojan.BitcoinMiner)

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Boldimore]

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Boldimore [Admin rights]
Mode : Scan -- Date : 12/18/2013 20:51:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Boldimore\AppData\Roaming\Origin\update.vbe [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AAKX-001CA0 SATA Disk Device +++++
--- User ---
[MBR] d508b1f90857bddf956286ec36320324
[BSP] 18550a5d6effcdddbd6037e2edf607b3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12182013_205103.txt >>
---------------------------------------------------------------------------------------------------------------------
RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Boldimore [Admin rights]
Mode : Remove -- Date : 12/18/2013 20:51:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Origin : C:\Users\Boldimore\AppData\Roaming\Origin\update.vbe [-] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AAKX-001CA0 SATA Disk Device +++++
--- User ---
[MBR] d508b1f90857bddf956286ec36320324
[BSP] 18550a5d6effcdddbd6037e2edf607b3 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12182013_205118.txt >>
RKreport[0]_S_12182013_205103.txt
---------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Boldimore :: BOLDIMORE-PC [administrator]

18.12.2013. 20:56:55
mbar-log-2013-12-18 (20-56-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270713
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Boldimore :: BOLDIMORE-PC [administrator]

18.12.2013. 21:16:10
mbar-log-2013-12-18 (21-16-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 270732
Time elapsed: 9 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Rootkit (MBAR) did not detect any treat.
Is it okay for me to restart my PC now? I hope for a reply as I am going to shutdown my PC anyway in a few hours...

 

[Broni]

Go ahead...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Boldimore]

ComboFix 13-12-18.01 - Boldimore 9.12.2013. 1:11.1.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.6143.3712 [GMT 1:00]
Running from: c:\users\Boldimore\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-19 to 2013-12-19 )))))))))))))))))))))))))))))))
.
.
2013-12-19 00:18 . 2013-12-19 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-18 20:16 . 2013-12-18 20:16 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-18 19:56 . 2013-12-18 20:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-18 19:54 . 2013-12-18 20:15 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 19:51 . 2013-12-18 20:15 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2013-12-18 19:51 . 2013-12-18 20:15 21504 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-18 19:51 . 2013-12-18 20:15 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2013-12-18 19:51 . 2013-12-18 20:15 16464 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2013-12-18 19:51 . 2013-12-18 20:15 14336 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2013-12-18 19:49 . 2013-12-18 20:13 12800 ----a-w- c:\windows\system32\drivers\acpipmi.sys.bak
2013-12-18 19:49 . 2013-12-18 20:13 68096 ----a-w- c:\windows\system32\drivers\1394bus.sys.bak
2013-12-18 19:49 . 2013-12-18 20:13 334208 ----a-w- c:\windows\system32\drivers\acpi.sys.bak
2013-12-18 19:49 . 2013-12-18 20:13 229888 ----a-w- c:\windows\system32\drivers\1394ohci.sys.bak
2013-12-18 18:17 . 2013-12-18 18:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\offreg.dll
2013-12-18 12:45 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-12-18 12:45 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\users\Boldimore\AppData\Roaming\Malwarebytes
2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\programdata\Malwarebytes
2013-12-18 12:02 . 2013-12-18 12:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-18 12:02 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-18 11:27 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EF7A89F-F131-4E9A-9DA4-460EE825D976}\mpengine.dll
2013-12-16 17:50 . 2013-12-16 17:50 -------- d-----w- c:\program files (x86)\TeamViewer
2013-12-15 20:41 . 2013-12-15 20:41 -------- d-----w- c:\users\Boldimore\AppData\Local\Apple
2013-12-14 10:43 . 2013-12-14 10:43 -------- d-----w- c:\windows\Migration
2013-12-12 23:32 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 23:32 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 23:32 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 23:32 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 23:32 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 23:30 . 2013-11-26 07:48 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-12-12 23:30 . 2013-11-26 08:16 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-12-12 23:30 . 2013-11-26 08:35 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-12-12 23:30 . 2013-12-12 23:30 -------- d-----w- c:\windows\PCHEALTH
2013-12-10 23:00 . 2013-12-10 23:00 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-09 13:42 . 2013-12-09 13:42 -------- d-----w- c:\programdata\Stardock
2013-12-09 13:42 . 2013-12-09 13:42 -------- d-----w- c:\programdata\Ironclad Games
2013-12-08 09:36 . 2013-12-08 10:28 -------- d-----w- c:\users\Boldimore\VirtualBox VMs
2013-12-08 09:31 . 2013-12-08 16:58 -------- d-----w- c:\users\Boldimore\.VirtualBox
2013-12-08 09:31 . 2013-11-29 16:44 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-12-08 09:31 . 2013-11-29 16:43 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-12-02 12:44 . 2013-12-02 12:44 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-11-28 19:23 . 2013-11-28 19:23 -------- d-----w- c:\programdata\McAfee
2013-11-23 11:18 . 2013-11-23 11:18 590112 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-11-20 19:43 . 2013-11-20 19:43 312744 ----a-w- c:\windows\system32\javaws.exe
2013-11-20 19:43 . 2013-11-20 19:43 189352 ----a-w- c:\windows\system32\javaw.exe
2013-11-20 19:43 . 2013-11-20 19:43 189352 ----a-w- c:\windows\system32\java.exe
2013-11-20 19:43 . 2013-11-20 19:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-20 19:43 . 2013-11-20 19:43 -------- d-----w- c:\programdata\Oracle
2013-11-20 19:43 . 2013-11-20 19:43 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-20 10:45 . 2013-11-14 11:55 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-20 10:44 . 2013-11-14 11:55 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-19 00:00 . 2013-07-20 00:00 83530 ----a-w- c:\users\Boldimore\Network_Meter_Data.js
2013-12-18 20:43 . 2013-07-20 20:33 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-12-18 20:43 . 2013-07-20 19:46 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-12-18 16:23 . 2013-07-20 19:46 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-12-14 10:39 . 2013-07-19 19:45 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 23:00 . 2013-07-20 08:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 23:00 . 2013-07-20 08:20 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13 . 2013-10-29 13:43 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-12-10 02:13 . 2013-10-29 13:43 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
2013-12-05 08:42 . 2013-07-31 17:16 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-11-23 19:26 . 2013-10-21 22:19 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-23 19:26 . 2013-09-28 11:13 9663656 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-11-23 19:26 . 2013-09-18 13:57 18293096 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-23 19:26 . 2013-08-22 12:08 1436528 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-11-23 19:26 . 2013-07-23 14:04 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-23 19:26 . 2013-07-23 14:04 2697248 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-11-23 17:42 . 2013-07-23 14:05 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-23 17:42 . 2013-07-23 14:05 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-23 17:42 . 2013-07-23 14:05 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-23 17:42 . 2013-07-23 14:05 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-23 17:42 . 2013-07-23 14:05 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-22 16:28 . 2013-09-18 13:59 3498475 ----a-w- c:\windows\system32\nvcoproc.bin
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 16:59 . 2013-11-12 16:59 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 16:59 . 2013-11-12 16:59 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-12 16:59 . 2013-11-12 16:59 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 16:59 . 2013-11-12 16:59 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-12 16:59 . 2013-11-12 16:59 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-12 16:59 . 2013-11-12 16:59 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-12 16:59 . 2013-11-12 16:59 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-12 16:59 . 2013-11-12 16:59 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-12 16:59 . 2013-11-12 16:59 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-12 16:59 . 2013-11-12 16:59 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 16:59 . 2013-11-12 16:59 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-12 16:59 . 2013-11-12 16:59 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-12 16:59 . 2013-11-12 16:59 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-12 16:59 . 2013-11-12 16:59 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-12 16:59 . 2013-11-12 16:59 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 16:59 . 2013-11-12 16:59 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-12 16:59 . 2013-11-12 16:59 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 16:59 . 2013-11-12 16:59 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-12 16:59 . 2013-11-12 16:59 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 16:59 . 2013-11-12 16:59 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 16:59 . 2013-11-12 16:59 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 16:59 . 2013-11-12 16:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-12 16:59 . 2013-11-12 16:59 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 16:59 . 2013-11-12 16:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-12 16:59 . 2013-11-12 16:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-12 16:59 . 2013-11-12 16:59 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-12 16:59 . 2013-11-12 16:59 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-12 16:59 . 2013-11-12 16:59 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-12 16:59 . 2013-11-12 16:59 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-12 16:59 . 2013-11-12 16:59 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-12 16:59 . 2013-11-12 16:59 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-12 16:59 . 2013-11-12 16:59 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-12 16:59 . 2013-11-12 16:59 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 16:59 . 2013-11-12 16:59 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-12 16:59 . 2013-11-12 16:59 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-12 16:59 . 2013-11-12 16:59 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-12 16:59 . 2013-11-12 16:59 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-12 16:59 . 2013-11-12 16:59 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-12 16:59 . 2013-11-12 16:59 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-12 16:59 . 2013-11-12 16:59 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-12 16:59 . 2013-11-12 16:59 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-12 16:59 . 2013-11-12 16:59 413696 ----a-w- c:\windows\system32\html.iec
2013-11-12 16:59 . 2013-11-12 16:59 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 16:59 . 2013-11-12 16:59 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-12 16:59 . 2013-11-12 16:59 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-12 16:59 . 2013-11-12 16:59 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-12 16:59 . 2013-11-12 16:59 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-12 16:59 . 2013-11-12 16:59 235520 ----a-w- c:\windows\system32\url.dll
2013-11-12 16:59 . 2013-11-12 16:59 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-12 16:59 . 2013-11-12 16:59 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-12 16:59 . 2013-11-12 16:59 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-12 16:59 . 2013-11-12 16:59 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-12 16:59 . 2013-11-12 16:59 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-12 16:59 . 2013-11-12 16:59 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-12 16:59 . 2013-11-12 16:59 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-12 16:59 . 2013-11-12 16:59 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-12 16:59 . 2013-11-12 16:59 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-12 16:59 . 2013-11-12 16:59 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-12 16:59 . 2013-11-12 16:59 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-05 20:55 . 2013-11-05 20:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-04 20:52 . 2013-11-04 20:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-10-31 22:00 . 2013-10-31 22:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-10-31 21:49 . 2013-10-31 21:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-24 21:25 . 2013-10-24 21:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-23 14:11 . 2013-07-23 16:54 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2013-10-23 10:30 . 2013-10-28 13:17 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-10-23 10:30 . 2013-10-28 13:17 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-10-16 11:55 . 2013-10-16 11:55 96 ----a-w- c:\users\Boldimore\IP_Log_Data.js
2013-10-16 00:48 . 2013-10-21 22:19 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-21 22:19 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-14 17:00 . 2013-11-12 17:01 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-14 12:16 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 12:16 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 12:16 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 12:16 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 12:16 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-14 12:17 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2012-09-24 12:48 1954440 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\boldimore program files\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AVG_UI"="c:\boldimore program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\boldimore program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-6-8 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\boldimore program files\AVG\AVG2014\avgidsagent.exe;c:\boldimore program files\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\boldimore program files\Live Update 5\NTIOLib_X64.sys;c:\boldimore program files\Live Update 5\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;c:\boldimore program files\EVGA Precision X\RTCore64.sys;c:\boldimore program files\EVGA Precision X\RTCore64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\boldimore program files\Tunngle\TnglCtrl.exe;c:\boldimore program files\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vncserver;VNC Server;c:\boldimore program files\RealVNC\VNC Server\vncserver.exe;c:\boldimore program files\RealVNC\VNC Server\vncserver.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 XFDriver64;XFDriver64;c:\program files (x86)\Xfire2\XFDriver64.sys;c:\program files (x86)\Xfire2\XFDriver64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 avgwd;AVG WatchDog;c:\boldimore program files\AVG\AVG2014\avgwdsvc.exe;c:\boldimore program files\AVG\AVG2014\avgwdsvc.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\boldimore program files\Super Charger\ChargeService.exe;c:\boldimore program files\Super Charger\ChargeService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S3 ALSysIO;ALSysIO;c:\users\BOLDIM~1\AppData\Local\Temp\ALSysIO64.sys;c:\users\BOLDIM~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\boldimore program files\Super Charger\NTIOLib_X64.sys;c:\boldimore program files\Super Charger\NTIOLib_X64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_3
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 12:57 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20 23:00]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 18:40]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-19 18:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2012-09-24 12:49 2394760 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{B4D09F4E-3E20-8F76-60C1-2D7478F0AC2E} - c:\progra~3\INSTAL~3\{46FFE~1\Setup.exe
AddRemove-Crossfire 1.9 - c:\boldimore program files\Freelancer Mod Manager\uninstall.exe
AddRemove-InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239} - c:\users\Boldimore\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-19 01:21:09
ComboFix-quarantined-files.txt 2013-12-19 00:21
.
Pre-Run: 266.202.906.624 bytes free
Post-Run: 266.200.567.808 bytes free
.
- - End Of File - - 2F2308B1A21D5A19650AE78631C91B93
A36C5E4F47E84449FF07ED3517B43A31

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Boldimore]

# AdwCleaner v3.015 - Report created 19/12/2013 at 10:57:40
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Boldimore - BOLDIMORE-PC
# Running from : C:\Users\Boldimore\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Boldimore\AppData\Roaming\Mozilla\Firefox\Profiles\40p3xel0.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1577 octets] - [19/12/2013 10:56:10]
AdwCleaner[S0].txt - [1396 octets] - [19/12/2013 10:57:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1456 octets] ##########

 

[Boldimore]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Boldimore on źet 19.12.2013. at 11:04:24,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źet 19.12.2013. at 11:10:42,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Boldimore]

OTL logfile created on: 19.12.2013. 11:13:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boldimore\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

6,00 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 72,59% Memory free
12,00 Gb Paging File | 10,20 Gb Available in Paging File | 85,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 247,82 Gb Free Space | 53,22% Space Free | Partition Type: NTFS

Computer Name: BOLDIMORE-PC | User Name: Boldimore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.19 11:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
PRC - [2013.12.13 13:22:09 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.12.13 13:22:08 | 013,543,264 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013.12.13 13:01:28 | 000,199,520 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013.12.10 03:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013.11.23 12:18:34 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.11.14 12:55:37 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.11.12 19:53:03 | 004,341,904 | ---- | M] (H.D.S. Hungary) -- C:\Boldimore Program Files\Hard Disk Sentinel\HDSentinel.exe
PRC - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013.11.07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgui.exe
PRC - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013.08.20 22:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Boldimore Program Files\AVG\AVG2014\avgcfgex.exe
PRC - [2013.07.20 20:46:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.20 10:47:14 | 000,161,264 | ---- | M] (MSI) -- C:\Boldimore Program Files\Super Charger\ChargeService.exe
PRC - [2010.11.17 08:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013.08.05 07:15:10 | 000,066,104 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm


========== Services (SafeList) ==========

SRV:64bit: - [2013.12.10 03:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.12.13 13:22:09 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.12.11 00:00:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.12.10 03:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013.11.23 12:18:34 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.11.11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Boldimore Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.10.03 11:50:48 | 004,787,008 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Boldimore Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
SRV - [2013.09.24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Boldimore Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.06 21:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.03 01:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Boldimore Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2013.07.20 20:46:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.07.19 11:55:24 | 000,118,696 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.20 10:47:14 | 000,161,264 | ---- | M] (MSI) [Auto | Running] -- C:\Boldimore Program Files\Super Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2012.07.25 17:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012.07.25 17:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.05 09:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.12.02 13:44:33 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.11.29 17:43:00 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.11.05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013.11.04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.10.31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.10.31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.10.24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.10.23 15:11:22 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013.10.03 11:34:12 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2013.10.02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.10.01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.09.10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013.08.01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.06.16 13:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013.03.31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012.12.27 00:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.10.11 19:13:21 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.10.11 18:49:22 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.10.11 18:49:22 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2011.02.10 13:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 13:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.29 03:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.16 22:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009.11.02 09:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013.07.18 01:28:12 | 000,015,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Boldimore Program Files\EVGA Precision X\RTCore64.sys -- (RTCore64)
DRV - [2013.03.14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2012.10.25 18:45:52 | 000,013,368 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Boldimore Program Files\Super Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2012.07.13 15:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0a2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Boldimore Program Files\Java 64-bit\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Boldimore Program Files\Java 64-bit\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Boldimore Program Files\Java 32-bit\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Boldimore Program Files\Java 32-bit\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Aurora 27.0a2\extensions\\Components: C:\Boldimore Program Files\Firefox Aurora\components
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 27.0a2\extensions\\Plugins: C:\Boldimore Program Files\Firefox Aurora\plugins

[2013.07.19 22:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boldimore\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\6.7.0_0\
CHR - Extension: Google Docs = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Adblock Plus = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7_0\
CHR - Extension: Google Search = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Stylish = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2_0\
CHR - Extension: Fiery Music = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmfeiddljnkcdgcfcfhpenipgmaocon\1_0\
CHR - Extension: Google Wallet = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Click&Clean App = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Gmail = C:\Users\Boldimore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.08.06 18:47:38 | 000,001,881 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com lmlicenses.wip4.adobe.com na2m-pr.licenses.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 64-bit\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 64-bit\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Boldimore Program Files\Java 32-bit\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Boldimore Program Files\Microsoft Visual Studio 2012 Ultimate\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Boldimore Program Files\Java 32-bit\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Boldimore Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000..\Run: [DAEMON Tools Lite] C:\Boldimore Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F0D3C39-705F-4E7E-9505-8476A2C9F8AC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E112D929-BF71-4EEB-BFE5-B4EFF94397DD}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.19 11:11:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
[2013.12.19 11:04:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.12.19 11:03:05 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Boldimore\Desktop\JRT.exe
[2013.12.19 10:56:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.19 10:54:36 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Desktop\already done
[2013.12.19 01:21:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.12.19 01:21:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.12.19 01:09:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.12.19 01:09:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.12.19 01:09:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.12.19 01:09:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.12.19 01:09:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.12.18 21:14:22 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys.bak
[2013.12.18 20:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.12.18 20:54:43 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.18 20:50:56 | 000,004,608 | ---- | C] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys.bak
[2013.12.18 20:50:47 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
[2013.12.18 20:50:42 | 000,038,992 | ---- | C] (Screaming Bee LLC) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys.bak
[2013.12.18 20:50:41 | 000,805,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2013.12.18 20:50:41 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
[2013.12.18 20:50:32 | 000,181,760 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
[2013.12.18 20:50:32 | 000,082,432 | ---- | C] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
[2013.12.18 20:50:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2013.12.18 20:50:23 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2013.12.18 20:50:17 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2013.12.18 20:50:12 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
[2013.12.18 20:50:05 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
[2013.12.18 20:50:05 | 000,251,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
[2013.12.18 20:50:05 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
[2013.12.18 20:50:05 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
[2013.12.18 20:50:05 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
[2013.12.18 20:50:04 | 000,240,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
[2013.12.18 20:50:04 | 000,194,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
[2013.12.18 20:50:04 | 000,150,808 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys.bak
[2013.12.18 20:50:02 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2013.12.18 20:50:02 | 000,033,736 | ---- | C] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys.bak
[2013.12.18 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Roaming\Malwarebytes
[2013.12.18 13:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.18 13:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.18 13:02:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.12.18 13:02:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.12.16 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013.12.15 21:41:02 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Local\Apple
[2013.12.14 11:43:29 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013.12.13 00:30:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.12.09 14:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013.12.09 14:42:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ironclad Games
[2013.12.08 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\VirtualBox VMs
[2013.12.08 10:31:58 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\.VirtualBox
[2013.12.08 10:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.12.06 15:46:01 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Documents\Ghost Games
[2013.12.02 13:44:33 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.12.01 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\Documents\Tunngle
[2013.11.28 20:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013.11.26 16:07:20 | 000,000,000 | ---D | C] -- C:\Users\Boldimore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2013.11.26 16:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossfire 1.9
[2013.11.26 13:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.11.22 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.11.20 20:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[Boldimore]

========== Files - Modified Within 30 Days ==========

[2013.12.19 11:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boldimore\Desktop\OTL.exe
[2013.12.19 11:07:37 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.19 11:07:37 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.19 11:03:07 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Boldimore\Desktop\JRT.exe
[2013.12.19 11:00:54 | 000,083,599 | ---- | M] () -- C:\Users\Boldimore\Network_Meter_Data.js
[2013.12.19 11:00:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.19 11:00:05 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.19 10:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.19 10:59:53 | 536,207,359 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.19 10:55:16 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.19 10:55:14 | 001,226,750 | ---- | M] () -- C:\Users\Boldimore\Desktop\adwcleaner.exe
[2013.12.19 01:48:55 | 000,000,028 | ---- | M] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Usage.ini
[2013.12.18 21:43:55 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.12.18 21:43:55 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.12.18 21:15:54 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.18 21:15:02 | 000,004,608 | ---- | M] (RealVNC Ltd.) -- C:\Windows\SysNative\drivers\vncmirror.sys.bak
[2013.12.18 21:14:50 | 000,031,232 | ---- | M] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys.bak
[2013.12.18 21:14:44 | 000,129,944 | ---- | M] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys.bak
[2013.12.18 21:14:44 | 000,038,992 | ---- | M] (Screaming Bee LLC) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys.bak
[2013.12.18 21:14:43 | 000,805,088 | ---- | M] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys.bak
[2013.12.18 21:14:33 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3xhc.sys.bak
[2013.12.18 21:14:32 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) -- C:\Windows\SysNative\drivers\nusb3hub.sys.bak
[2013.12.18 21:14:22 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys.bak
[2013.12.18 21:14:22 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak
[2013.12.18 21:14:21 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2013.12.18 21:14:13 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2013.12.18 21:14:07 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys.bak
[2013.12.18 21:14:00 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak
[2013.12.18 21:13:59 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak
[2013.12.18 21:13:59 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak
[2013.12.18 21:13:59 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak
[2013.12.18 21:13:59 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak
[2013.12.18 21:13:58 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak
[2013.12.18 21:13:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak
[2013.12.18 21:13:58 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys.bak
[2013.12.18 21:13:56 | 000,033,736 | ---- | M] (HTC, Corporation) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys.bak
[2013.12.18 21:13:55 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2013.12.18 19:10:02 | 000,781,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.18 19:10:02 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.18 19:10:02 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.18 17:23:46 | 000,290,776 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.12.18 13:02:25 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.12.17 12:58:45 | 005,131,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.15 13:57:51 | 000,211,957 | ---- | M] () -- C:\Users\Boldimore\Desktop\Boldimore Configs.rar
[2013.12.14 16:58:42 | 000,001,208 | ---- | M] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Settings.ini
[2013.12.14 11:44:52 | 000,765,656 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.02 13:44:33 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.11.23 20:26:48 | 000,357,152 | ---- | M] () -- C:\Windows\SysNative\NvIFROpenGL.dll
[2013.11.23 20:26:48 | 000,314,656 | ---- | M] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013.11.23 20:26:48 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.11.22 17:28:31 | 003,498,475 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.12.19 10:55:11 | 001,226,750 | ---- | C] () -- C:\Users\Boldimore\Desktop\adwcleaner.exe
[2013.12.19 01:09:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.12.19 01:09:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.12.19 01:09:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.12.19 01:09:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.12.19 01:09:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.12.18 13:02:25 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.12.16 18:50:20 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013.12.15 13:58:10 | 000,211,957 | ---- | C] () -- C:\Users\Boldimore\Desktop\Boldimore Configs.rar
[2013.12.02 13:45:55 | 000,000,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cities in Motion 2.lnk
[2013.11.28 20:35:08 | 000,357,152 | ---- | C] () -- C:\Windows\SysNative\NvIFROpenGL.dll
[2013.11.28 20:35:08 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013.11.07 23:50:09 | 000,003,584 | ---- | C] () -- C:\Users\Boldimore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.10.16 12:55:48 | 000,000,096 | ---- | C] () -- C:\Users\Boldimore\IP_Log_Data.js
[2013.08.30 00:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.08.29 20:36:04 | 000,039,896 | ---- | C] () -- C:\Windows\SysWow64\DiscHandler.exe
[2013.08.08 21:57:34 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2013.08.07 00:41:19 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2013.08.07 00:40:52 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll
[2013.08.07 00:40:52 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2013.08.05 07:15:08 | 000,066,104 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2013.08.05 07:15:06 | 000,023,080 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2013.07.26 14:24:22 | 006,275,760 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-55.dll
[2013.07.26 14:24:22 | 001,239,216 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-55.dll
[2013.07.26 14:24:22 | 000,394,416 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2013.07.26 14:24:22 | 000,288,944 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-52.dll
[2013.07.26 14:24:22 | 000,235,184 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2013.07.26 14:24:22 | 000,190,640 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2013.07.26 14:24:22 | 000,150,192 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-1.dll
[2013.07.20 20:46:09 | 000,290,776 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.07.20 20:46:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.07.20 01:00:00 | 000,083,599 | ---- | C] () -- C:\Users\Boldimore\Network_Meter_Data.js
[2013.07.20 00:30:45 | 000,000,028 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Usage.ini
[2013.07.20 00:05:59 | 000,000,842 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Drives Meter_Settings.ini
[2013.07.20 00:05:30 | 000,001,208 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\Network Meter_Settings.ini
[2013.07.20 00:04:43 | 000,000,284 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\GPU MeterV2_Settings.ini
[2013.07.20 00:04:15 | 000,000,626 | ---- | C] () -- C:\Users\Boldimore\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.07.19 19:13:24 | 000,765,656 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.07.19 18:54:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC46Euro.ini
[2013.07.10 10:00:00 | 000,007,302 | ---- | C] () -- C:\Windows\cadx2.ini
[2013.06.08 12:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2013.06.08 12:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.06.08 12:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2013.06.08 12:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2013.06.08 12:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2013.06.08 12:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2013.06.08 12:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2013.06.08 12:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2013.06.08 12:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2013.06.08 12:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2012.12.28 22:04:22 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.09.29 23:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\SysWow64\Formats.ini
[2012.05.04 14:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.17 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\.minecraft
[2013.08.19 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Acoustica
[2013.10.14 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\AVG2014
[2013.07.20 14:12:53 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\BANDISOFT
[2013.07.22 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\caphyon
[2013.12.09 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\DAEMON Tools Lite
[2013.08.30 14:02:42 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\GSplit
[2013.11.12 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Hard Disk Sentinel
[2013.12.17 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Notepad++
[2013.07.20 01:32:45 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\NuGet
[2013.12.06 15:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Boldimore\AppData\Roaming\Origin
[2013.07.19 22:09:46 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Screaming Bee
[2013.11.10 16:01:13 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Serif
[2013.09.20 20:35:42 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\TeamViewer
[2013.11.26 18:14:31 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\TS3Client
[2013.12.18 03:28:14 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\Tunngle
[2013.12.16 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Boldimore\AppData\Roaming\uTorrent
[2013.07.31 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.07.31 11:44:18 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

 

[Boldimore]

OTL Extras logfile created on: 19.12.2013. 11:13:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boldimore\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

6,00 Gb Total Physical Memory | 4,35 Gb Available Physical Memory | 72,59% Memory free
12,00 Gb Paging File | 10,20 Gb Available in Paging File | 85,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 247,82 Gb Free Space | 53,22% Space Free | Partition Type: NTFS

Computer Name: BOLDIMORE-PC | User Name: Boldimore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Boldimore Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Boldimore Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063AF90C-0C0D-4219-B073-F67E43FC7A03}" = lport=6919 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{0A97CA47-CB63-4BB1-99B3-3B40A68F48EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0CC52240-F459-4DB7-8C1D-D35F979E5F9A}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{15FBE139-EF7E-4926-A78D-49E6C2CAD442}" = lport=6920 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{19AFFEE9-A3C1-459F-B96D-2E60E369170E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B86B118-DF5F-476E-B6B8-69ACFD002194}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1D316897-C508-4824-BBBE-5E8B9DCBA757}" = lport=6916 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{221F928D-89B9-49C5-B04C-CA053377C421}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26563B32-B031-4A52-BE92-CBAD627C3C92}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26575DF5-D9E1-43AD-B63E-5090D59FBFD7}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2C736238-AAA5-45C0-9308-8A32B10DF955}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3103FD05-3583-4F93-BF26-73D921CAC7E8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{325FA1D7-CE09-4231-8B3A-AA12EC261573}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32A338C5-4014-41B7-8EB8-F4D9B1112AFA}" = lport=6919 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{36D9BF4A-1926-460D-A9B2-DFC41E6E0C4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37A4EA95-25BA-43E7-909C-68A4E3C74709}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{39E74DF0-01E0-4C90-BFA2-3066AF02D4DF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{39E98AC9-DB3F-4E19-9135-6006A7E1C81D}" = lport=6920 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{3E504935-AA08-4A33-B455-D45409E8F71B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43C7E482-65BE-414A-9871-C612CFC24442}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{475F2B24-C55D-4635-A8E5-C09131DC005F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{4D628375-B36B-4AAB-A2F6-BE2F77DA2F10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E854549-4924-4051-90CE-3EF462F65FE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{545943D5-6FD4-4DD1-84AD-5F508DDDABAE}" = lport=6918 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{546BA77E-212D-4202-B4EF-9A6CCF7B979A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57C7D3D9-F488-4938-A81C-4680E5AD213E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{59354FDF-A2BA-4948-9C3C-E031311163F3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5C306014-F149-4EE2-8B65-368A1CE9446B}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E766A85-0030-4D66-8F94-58696D6A241E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6588A81F-2459-459C-B943-2E3C6E566F59}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6656CD7F-D564-4874-9B3B-182FAB0ED710}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6E48FDBA-3D64-4347-B896-54FB40A554A3}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7259EEDF-7DF1-4669-9371-747E0906A856}" = rport=137 | protocol=17 | dir=out | app=system |
"{7B65C8AC-5E40-4AEB-96F0-EE4BD534C8C9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7F9C9836-97A2-46D4-B054-EAFA652E864C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{80BCFDF4-B095-46FB-AECF-530405B36B4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{83623B5E-CF48-4E40-BA11-CC2221E852D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{8551BFF9-5688-4A65-B76B-C7AE35A9B397}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{89E8D435-798B-4562-86FE-5780D955AFCF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8C5455D2-CBCF-49A9-98F8-051875CBEC81}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{8E10844A-BAD8-405C-8481-370B07D5E9D9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8FF086A6-9F83-4BE4-BBBD-850D964317E0}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{92B807CC-4BCF-42E1-8435-0AD886C64DE6}" = lport=6917 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{966C70AA-3077-4AFA-9219-96E0A3809820}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96DA707E-905F-4F08-A5F9-8982F776F8F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A5E1823-B88E-42C4-B7C3-0D461B8E97B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B5C107B-7465-430E-8148-B671ABD650DD}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A33D654E-8739-483E-AD54-67427966AEE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3C4E501-BC7D-4FE8-806C-11A0D0ED08CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{A6AFC69C-1CFB-4F4A-A85C-6A0453522542}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AA7DECAF-BE39-4C49-A6EF-301121F7109F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF0B6F5F-E33E-46D8-ACF7-8876989A39A0}" = lport=3702 | protocol=17 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{AFA9C9AB-D10A-4EC7-B519-9EDA89FF70B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFBE2CD3-72F8-43B8-A4CF-FA04600D4EBA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B3173297-3236-4AC8-8BF8-C2FF4B49B843}" = lport=6915 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{B3DCD49D-9089-41BB-95E7-D32B6BA496F6}" = lport=6916 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{B64964BC-2284-44E2-9FD2-385718B7ECED}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B6B0C72F-691C-44E5-9F13-FE8CBE804988}" = lport=6918 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{BC7E9BB8-2546-4D29-8CAF-9B369FA8B65C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{BF442A2E-58F8-4694-9608-99DD1A84C551}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C0DD8ED2-9D68-40BA-9EAE-018860A302E0}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C36295BA-C4AA-4E23-9CCF-4431BED01E9C}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C9096B95-8801-451D-9963-8FC5B7FCA132}" = lport=6917 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{CC05E723-D214-4745-B0EE-09A100303833}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CE835105-D44E-48F1-A3C0-1DBB93D11655}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF42C392-A620-41D8-87AB-C2D464563437}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF51E667-299D-40C6-951F-778B1FC50BAE}" = lport=6915 | protocol=6 | dir=in | app=c:\boldimore program files\microsoft visual studio 2012 ultimate\common7\ide\devenv.exe |
"{D039A456-CBFC-4954-8ED5-8BF3905B6004}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{D09DCCC2-28D0-45DA-9384-33DE3BDE3DE2}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D76A6F2B-4C45-4C3B-AA0E-A51DF43855D8}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE3E4C6E-B770-4FA7-99BB-5B81BFBAC4B6}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E596A2EA-3419-41FE-AB9D-EB6B92B6C9D1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E7897E77-26B2-4835-B6D6-9EC5780B2600}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{EAB61FA0-B64D-4302-BE47-8B924A7D74A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F448ED1C-F9D1-47D5-B8EF-870A659F8A59}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4D40C24-1198-4D0E-9776-99DABD6D474C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ADA38F-27DF-4F5E-B76F-2A1C46E4DF20}" = protocol=6 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer.exe |
"{04B6D940-2E43-4FFF-812A-F16F354C7C81}" = protocol=17 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer.exe |
"{07194B55-442C-4D81-9497-67BF26DD655A}" = protocol=17 | dir=in | app=c:\users\boldimore\appdata\roaming\utorrent\utorrent.exe |
"{098F0467-5461-489A-AAE2-0CF25547E587}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgdiagex.exe |
"{1383C1F5-FA1B-461E-8659-3DC1B7FD549A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13D35B45-F11A-4373-8F65-C99146F8F800}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{14C6B93A-4D0C-4376-A1B2-6A0F23A8EC35}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgnsa.exe |
"{16B63E8C-F0B7-441A-9C03-E284D534E089}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{1F927B0B-F769-45B2-A992-3F406A237E25}" = protocol=6 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer_service.exe |
"{29FC2094-CCC5-4493-964C-FAD7DF037451}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{325756C7-D3A1-432E-B627-7B7AC9DDFCB9}" = protocol=17 | dir=in | app=c:\boldimore program files\teamspeak 3 server\ts3server_win64.exe |
"{32BA1738-248D-41E1-8A2F-E6E30401EED6}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgdiagex.exe |
"{337AEDB5-1929-455D-B480-9B52529E160F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{35D80504-2188-4538-8018-2E5C85371D9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36172913-98FE-46DA-BAE6-1FD71A841EAF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{36F28B69-E5EE-4F4A-98AD-40BC9AD8B4F2}" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
"{3A8B7FBE-5B97-4E65-B8D8-3CB9F79C83AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C051E6C-1BDD-4E05-B880-5AAB15DF4806}" = protocol=6 | dir=in | app=c:\boldimore program files\teamspeak 3 server\ts3server_win64.exe |
"{3CD523C2-B9E6-4BF1-8D18-574167C40BE2}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgemca.exe |
"{3F449680-674A-45BB-B682-5412E2641417}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
"{3FD06298-E36D-45C5-93AB-B322272A99BA}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
"{4731913D-8428-4F46-94B7-B6EB2040443B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{484B559F-1248-492E-A3C8-45BB01350A6B}" = dir=out | app=%systemdrive%\boldimore program files\acoustica mixcraft 6\mixcraft6.exe |
"{4C9B6A35-9191-406F-8A0B-1FD8B29F4E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CDD3882-D5CB-4E60-BC1F-3C3BEFB743DD}" = protocol=17 | dir=in | app=c:\boldimore program files\tunngle\tnglctrl.exe |
"{4EC465BD-2F00-4504-8F98-A2A5A0EE390E}" = protocol=17 | dir=in | app=c:\boldimore program files\tunngle\tunngle.exe |
"{50597774-C859-4C06-B5EE-CD1C205458C1}" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"{5593DA2B-45CE-48B2-96AF-FD290527F81A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5753135C-972E-43E7-B1E1-52AAB0396AE2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{58CE5A28-D586-4F64-8A39-C2DFC67DCD09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5D9604C1-C47B-43DD-BF84-4D666A310C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{643015A4-B6E0-498E-A0BB-A546C2E93F52}" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win32\udk.exe |
"{6ECD4650-A61C-49FE-A5B8-F4F6FC9AF417}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
"{6FBB652F-83A8-4B24-AF37-D533A9AA22AE}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
"{92C8BA71-986C-4C52-AC8C-94E7B83EA327}" = protocol=6 | dir=in | app=c:\boldimore program files\tunngle\tunngle.exe |
"{934C2F11-BF38-4018-9EEA-47010F8376E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{936E8D1D-4B93-40AF-926E-0420E27075A7}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
"{9611A5B4-50BB-47A2-B86F-03A617798016}" = protocol=17 | dir=in | app=c:\boldimore program files\steam\steam.exe |
"{B06F3F70-B570-448D-87BF-8FBE111DC839}" = protocol=6 | dir=in | app=c:\boldimore program files\realvnc\vnc server\vncserver.exe |
"{B0A80354-5A17-4A62-A384-2FDFA9E15687}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{B75D401B-948F-4041-84CF-A12E878D343F}" = protocol=6 | dir=out | app=system |
"{B81565E8-2DF7-46D7-BA87-0C61E488757C}" = protocol=6 | dir=in | app=c:\boldimore program files\tunngle\tnglctrl.exe |
"{B82A4709-4487-4C25-BB4F-B9898EC1E939}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCB0141C-9763-475E-B729-D6E07D61986E}" = protocol=6 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
"{BD9A1DA8-C5A0-4EDE-8B7F-B94611D3711F}" = dir=out | app=%systemdrive%\boldimore program files\ccleaner\ccleaner.exe |
"{C2F120D4-926A-4C9C-865D-B3C698ADA266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C52EE505-403B-4ECE-97F3-3BD6973C959D}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\vivoxvoiceservice.exe |
"{C5C9BB62-773A-439A-83AD-6B9CE7905442}" = dir=out | app=%systemdrive%\boldimore program files\ccleaner\ccleaner64.exe |
"{C8B01A46-19B6-483A-AC62-BB743E30AB39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{CF800CCA-8FC4-49B9-BA38-EDC5EACAAF7F}" = protocol=6 | dir=in | app=c:\boldimore program files\steam\steam.exe |
"{D3586705-8BB1-4439-888A-6EBD2FEA59D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D38C926D-3D9B-4336-853D-EA174F74C908}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D8BDCF4D-9725-4A09-BF38-981922130ACB}" = protocol=17 | dir=in | app=c:\boldimore program files\avg\avg2014\avgmfapx.exe |
"{D941C729-0012-4B19-B5BE-60BA12C5A1A2}" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\win64\udk.exe |
"{E03C698A-5ADA-4CAE-AB88-67451FCBBE46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0BB85D9-7198-46FD-BABA-E87154ECD0CE}" = protocol=6 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{E8AF4446-237A-4D33-8186-D3D9974F331B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA54AD22-7AD9-4998-8FE0-F070D3FDD6FA}" = protocol=6 | dir=in | app=c:\users\boldimore\appdata\roaming\utorrent\utorrent.exe |
"{EB1B322F-BF34-4EAF-945C-44CDCEA4ADFD}" = protocol=17 | dir=in | app=c:\boldimore game folder\apb reloaded\binaries\apb.exe |
"{EC433233-B466-417D-8782-F29881BD1101}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{F03B6E48-6504-4F66-87C1-595957FA83F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F094DF41-0AA5-4940-A027-A6636D9E7A90}" = protocol=17 | dir=in | app=c:\boldimore program files\realvnc\vnc server\vncserver.exe |
"{F09F927F-1FAD-42C3-86BC-96C5B2FA262C}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgemca.exe |
"{F2B64B8C-484D-4AD8-A87B-47D061F36EFD}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgmfapx.exe |
"{F310A700-9BC8-4CAA-B921-F4A03F14DFDB}" = dir=out | app=%systemdrive%\boldimore program files\bandicam\bdcam.exe |
"{F3E8F599-4F59-4F24-95AC-2C9E2DD19DEB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F658611B-5026-4FC2-8C46-09DEA086AB63}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F7B57A36-85BC-46E5-93D8-F51D275CB9F7}" = protocol=17 | dir=in | app=c:\boldimore program files\teamviewer\version8\teamviewer_service.exe |
"{F844EA71-6A79-4F8F-8A36-F7DC2AF8EFE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCE3C5F9-AD30-4114-A33B-DCFACC844478}" = protocol=6 | dir=in | app=c:\boldimore program files\avg\avg2014\avgnsa.exe |
"{FD3D9215-4F7E-40F3-A42A-00830D5F07BF}" = protocol=17 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"{FEB022C5-0288-4BBD-B7FD-F3C69B0B7369}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{07C07F96-F29C-4A53-9860-5A13084B2ABC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{4537F914-FCAC-4D9B-A8B1-0FC40937877F}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"TCP Query User{5A746339-2AAB-4F69-BE3B-28B8E9A2C443}C:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"TCP Query User{692AB713-EAAC-468E-96E2-CB61285C301B}C:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe |
"TCP Query User{A9A6F920-60D6-4D43-9279-D931CAADB57A}C:\boldimore program files\realvnc\vnc viewer\vncviewer.exe" = protocol=6 | dir=in | app=c:\boldimore program files\realvnc\vnc viewer\vncviewer.exe |
"TCP Query User{C3B10872-81B9-447A-9ADF-2DE3EF8CF0F2}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=6 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
"TCP Query User{C53B8974-1043-4BC0-9F9A-067051F226AB}C:\boldimore game folder\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\pro evolution soccer 2013\pes2013.exe |
"TCP Query User{D8B28C2E-087A-4325-AA5D-2331C9DD7839}C:\boldimore program files\java 64-bit\bin\javaw.exe" = protocol=6 | dir=in | app=c:\boldimore program files\java 64-bit\bin\javaw.exe |
"TCP Query User{DA779770-56E8-4F8A-B2B8-E7B99699AADE}C:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe |
"UDP Query User{25EFE0FD-59B5-4D57-B3E8-81FEE3E2F252}C:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\sins of a solar empire rebellion\sins of a solar empire rebellion.exe |
"UDP Query User{56457275-E2D2-4A4A-AA22-CB4CFDDA166D}C:\udk\udk-2013-07\binaries\swarmagent.exe" = protocol=17 | dir=in | app=c:\udk\udk-2013-07\binaries\swarmagent.exe |
"UDP Query User{80BDCBD4-D858-41D7-A90B-B283B749E12B}C:\boldimore program files\java 64-bit\bin\javaw.exe" = protocol=17 | dir=in | app=c:\boldimore program files\java 64-bit\bin\javaw.exe |
"UDP Query User{8F7CA6B8-238D-4089-8DF8-CBF87C4DA3E7}C:\boldimore game folder\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\pro evolution soccer 2013\pes2013.exe |
"UDP Query User{9A6543CA-5B25-4DAD-882E-380214DE61B8}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe |
"UDP Query User{AD6E6F22-5569-4D40-BFB8-2A3A1494BA79}C:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\texas hold'em poker 3d - deluxe edition\poker3d.exe |
"UDP Query User{B03B476C-9DF0-4D25-A649-701E9F2B0AB5}C:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\boldimore game folder\call of duty 4 modern warfare\call of duty modern warfare\iw3mp.exe |
"UDP Query User{C1D4B491-B753-4EB4-8CB1-F83AF8D5049F}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{CCE8E1E9-7F0F-4E0D-8755-15E3CA9F6EEE}C:\boldimore program files\realvnc\vnc viewer\vncviewer.exe" = protocol=17 | dir=in | app=c:\boldimore program files\realvnc\vnc viewer\vncviewer.exe |

 

[Boldimore]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{078B9199-C2A4-4468-BD5F-C060C51EC895}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FB568DF-207C-4B21-AC57-FC0CC2A0B113}" = Oracle VM VirtualBox 4.3.4
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7B72F338-EBCC-32A6-A44C-DEF9B436AEF2}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AAFF73AD-3432-3575-ABD1-14E48EF2F4CB}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.60610
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 331.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.93
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 10.11.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9C04584-E48A-41D9-A069-85E4C309DA9B}" = Perforce Visual Components
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{DD562794-C098-A1E5-66ED-10E8BD1C84C5}" = AMD Catalyst Install Manager
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E7DD9E2F-25BB-3488-AA6A-6C5A9A27DA76}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"AVG" = AVG 2014
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"RealVNC_is1" = VNC Server 5.0.6
"RealVNCViewer_is1" = VNC Viewer 5.0.6
"Recuva" = Recuva
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-6ee09d76-09de-4496-a75f-3c199c3d8f39" = Unreal Development Kit: 2013-07
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.8.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E1731A-5DD6-314E-889F-265C006C8EF9}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{18D606E9-9650-48DF-8D6E-5AC61C5AD1A9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{18F675EA-CB03-462D-A04B-3832DBAB5318}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.6
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{242148A9-7822-461C-93CB-8BB09ABB067B}" = Click Speed Tester
"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{36155860-97D8-43CF-828A-7ADEA94F7CAA}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{49c53021-7c66-4b0b-b842-9b878d2f0e0f}" = Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.9
"{552A96E5-4CFE-4E64-9F35-EE0E97A3C077}_is1" = Urban Trial Freestyle version 1.0
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{5EFD3544-2371-4900-8ACA-F157BA80FB0C}" = Pro Evolution Soccer 2014
"{5FF5933C-61A3-4E7C-8029-DC9661DF5DEE}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{605FFCBB-EC5A-485C-B27E-189F1C8A96E5}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C44519A-497D-382C-8596-E972C77057C2}" = Microsoft Portable Library Multi-Targeting Pack
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{77E2D875-FD9E-3DEE-9A84-C34FDECB4ECA}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.60610
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84997BD0-B37F-4047-8E83-0E1467DE5415}" = MorphVOX Pro
"{8762B098-374D-4900-B68E-34BF2840E694}" = Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{9243354A-3075-C91E-6E12-403D932B38E5}" = Catalyst Control Center InstallProxy
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{9600393b-6ede-469b-a522-689fce1461d1}" = Microsoft Visual Studio Ultimate 2012
"{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9B57CBD3-B5CE-452A-A173-9C1BEB30A6D4}" = Advanced Installer 10.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A7E87388-3512-4D9C-9BBA-284C3577CBE9}" = Microsoft Visual C++ 2012 Compilers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BD9DC17D-C48D-3B1B-944A-D0DE74FC74BC}" = Microsoft Visual C++ 2012 Extended Libraries
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C5C9E20C-CBD6-4FCE-B9FD-46E94BEC9169}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
"{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}" = Serif WebPlus X6
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3A828A9-FD4A-4463-9CB0-9673C682A0C7}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{D5FEB7A1-5D0F-4CDC-8290-F52DFB53AF23}" = Visual Studio Extensions for Windows Library for JavaScript
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E362724E-9320-4946-AF34-874E7B6B2927}" = System Requirements Lab CYRI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A344E7-9578-4767-928B-B49DF597AEA8}" = Hangman
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"Acoustica Mixcraft 6" = Acoustica Mixcraft 6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"APB Reloaded" = APB Reloaded
"Aurora 24.0a2 (x86 en-US)" = Aurora 24.0a2 (x86 en-US)
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Click Speed Tester 2.5.1" = Click Speed Tester v2.5.1
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"DAEMON Tools Lite" = DAEMON Tools Lite
"Deadpool_is1" = Deadpool
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foul Play_is1" = Foul Play
"Google Chrome" = Google Chrome
"GSplit3Set" = GSplit 3
"Hangman 1.0.0" = Hangman v1.0.0
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PowerISO" = PowerISO
"PrecisionX" = EVGA Precision X 4.2.1
"PunkBusterSvc" = PunkBuster Services
"Q2l0aWVzIGluIE1vdGlvbiAyIChjKSBQYXJhZG94IEludGVyYWN0aXZl_is1" = Cities in Motion 2 (c) Paradox Interactive version 1
"R1JJRDI=_is1" = GRID 2 (c) Codemasters version 1
"Setup - Need for Speed Rivals (c) Electronic Arts ..." = Setup - Need for Speed Rivals (c) Electronic Arts ...
"TeamViewer 9" = TeamViewer 9
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Tunngle beta_is1" = Tunngle beta
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.8
"World of Warcraft" = World of Warcraft
"XfireCodec" = Xfire Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2268423076-2387521360-3453339074-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Aurora 27.0a2 (x86 en-US)" = Aurora 27.0a2 (x86 en-US)
"GamersFirst LIVE!" = GamersFirst LIVE!
"uTorrent" = µTorrent

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Boldimore]

checkup.txt

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20789
JavaScript Tooling
Visual Studio Extensions for Windows Library for JavaScript
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

[Boldimore]

FFS.txt

Farbar Service Scanner Version: 05-12-2013
Ran by Boldimore (administrator) on 19-12-2013 at 18:18:53
Running from "C:\Users\Boldimore\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Boldimore]

I did not include the ESET scan result as the found treats are not dangerous at all(6 treats were found - you can trust me in this one)
The scan was being done in 2h:30m~

I suppose it's safe now to remove all the scanners and malware/virus removal software?

 

[Broni]

OTL fix log?

 

[Boldimore]

OTL fix log?

Sorry, forgot about that one!

12192013_180308.txt

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Boldimore
->Temp folder emptied: 2826203 bytes
->Temporary Internet Files folder emptied: 2685406 bytes
->Java cache emptied: 30947635 bytes
->FireFox cache emptied: 17641875 bytes
->Google Chrome cache emptied: 355834428 bytes
->Flash cache emptied: 722 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1104 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 391,00 mb


[EMPTYJAVA]

User: All Users

User: Boldimore
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Boldimore
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12192013_180308

Files\Folders moved on Reboot...
C:\Users\Boldimore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Boldimore\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

 

[Boldimore]

I can't seem to be able to delete "Qoobox" folder in "C:\".
Though I want to remove MBAM and TFC, there are no "Uninstallers" to do so, can I delete them as well and run CCleaner afterwards?

 

[Boldimore]

Nervermind "Qoobox", removed it after PC restart.

 

[Broni]

Way to go!!
Good luck and stay safe