Solved Possible odd internet behavior

[mrtraver]

Windows 7 SP1 64 bit
IE 11 and Chrome browsers

Today Avast kept telling me that it was blocking potentially malicious websites, but it did not find any infections. I also ran MBAM and SuperAntiSpyware, and the only things found were some registry entries and tracking cookies which I quarantined/deleted. PeerBlock 1.2 also shows tons of blocked incoming HTTP connections, even when all browsers, Steam, Origin, etc. are closed. I don't know what is causing these hits on Avast and Peerblock. (I never turned on HTTP blocking before in PeerBlock, so this may not be unusual behavior). RUBotted shows clean.
My IE options keep getting changed to block downloads, also.

In case it helps, early on, here are some logs from MBAM and dds,

Thanks!


Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 1/1/2015
Scan Time: 10:10:03 AM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.01.02
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: michael
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 436153
Time Elapsed: 8 min, 4 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [72c49c569dec3501a32c954e6c98659b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-2018537783-2302853427-1186865814-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e84e8f6377125dd9a6ced4935ea50ff1],
Registry Values: 2
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{EECF410C-006C-4A05-AD13-6741A0814DBF}, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9],
PUP.Optional.SpamFreeSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{EECF410C-006C-4A05-AD13-6741A0814DBF}, Spam Free Search Toolbar, Quarantined, [cf67c230dbae1c1a8a92528a847e17e9]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 3
PUP.Optional.NewHB.A, C:\Users\michael\AppData\Local\newhb.crx, Quarantined, [8ea8f9f97a0f5bdb0d18baaa35ce12ee],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [64d26e84850462d49867f37154afb54b],
PUP.Optional.AZLyrics.A, C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [8fa781718ffa74c24cb3adb7976c08f8],
Physical Sectors: 0
(No malicious items detected)

(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
Run by michael at 20:51:13 on 2015-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2228 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
e:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\VMware\vmware-authd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\PeerBlock\peerblock.exe
C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
E:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
e:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
e:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
e:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
e:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uProxyServer = 198.204.238.254:8085
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} -
uRun: [EADM] "D:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [PeerBlock] D:\Program Files\PeerBlock\peerblock.exe
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Plex Media Server] "E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
uRun: [Google Update] "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRunOnce: [Adobe Speed Launcher] 1420146036
mRun: [UnlockerAssistant] "D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
mRun: [VirtualCloneDrive] "e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [AvastUI.exe] "e:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
StartupFolder: C:\Users\michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - hxxp://www21.adrive.com/filemanager/landing
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} : DHCPNameServer = 192.168.0.1 205.171.2.226
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42:39
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-10-21 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-10-21 267632]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-9-23 73296]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2013-10-21 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-10-21 436624]
R1 SASDIFSV;SASDIFSV;E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;E:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;E:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-10-21 83280]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-22 116728]
R2 avast! Antivirus;avast! Antivirus;E:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-17 50344]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-9-16 122072]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-9-16 384728]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-9-16 777944]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-10-25 441344]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-6-10 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-7-9 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-6-10 23552]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-12-16 443416]
R2 TeamViewer9;TeamViewer 9;E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-2-2 4799760]
R2 VBoxAswDrv;VBoxAsw Support Driver;E:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-17 271752]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-2-27 906432]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-6-10 561064]
R3 AvastVBoxSvc;AvastVBox COM Service;E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-17 4012248]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-11 38216]
R3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2012-10-20 22600]
R3 SaiH8000;SaiH8000;C:\Windows\System32\drivers\SaiH8000.sys [2008-4-4 178560]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-9-16 409304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-8-17 112496]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-1-5 21712]
S3 GalaxyService;GalaxyService;C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2014-11-28 2191648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 Origin Client Service;Origin Client Service;D:\Program Files (x86)\Origin\OriginClientService.exe [2012-10-8 1903472]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-8 1255736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-10-10 14544]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 380064]
.
=============== Created Last 30 ================
.
2015-01-01 05:43:01 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E90BC70-8092-4289-A40F-BB908C15921A}\mpengine.dll
2014-12-18 07:09:09 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 07:09:08 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-12-16 20:32:41 -------- d-----w- C:\ProgramData\Trend Micro
2014-12-16 20:32:11 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-12-16 20:32:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-12-16 17:52:00 38160 ----a-w- C:\Windows\SysWow64\LMRTREND.dll
2014-12-16 17:52:00 182032 ----a-w- C:\Windows\SysWow64\dxtmsft3.dll
2014-12-16 17:52:00 155408 ----a-w- C:\Windows\SysWow64\LMRT.dll
2014-12-16 17:52:00 140800 ----a-w- C:\Windows\SysWow64\tm20dec.ax
2014-12-16 17:51:58 63488 ----a-w- C:\Windows\SysWow64\unam4ie.exe
2014-12-16 17:51:58 217984 ----a-w- C:\Windows\SysWow64\strmdll.dll
2014-12-16 17:51:58 109840 ----a-w- C:\Program Files (x86)\Windows Media Player\mplayer2.exe
2014-12-16 17:51:56 5672 ----a-w- C:\Windows\SysWow64\quartz.vxd
2014-12-16 17:51:56 194320 ----a-w- C:\Windows\SysWow64\qcut.dll
2014-12-16 17:51:56 11776 ----a-w- C:\Windows\SysWow64\mciqtz.drv
2014-12-16 17:51:56 10240 ----a-w- C:\Windows\SysWow64\vidx16.dll
2014-12-16 17:51:55 4608 ----a-w- C:\Windows\SysWow64\w95inf32.dll
2014-12-16 17:51:55 2272 ----a-w- C:\Windows\SysWow64\w95inf16.dll
2014-12-11 13:24:18 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-11 13:24:18 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-10 05:59:26 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-04 03:07:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-12-04 03:07:49 89960 ----a-w- C:\Windows\SysWow64\SQSRVRES.DLL
2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-12-03 04:42:16 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2014-12-03 04:41:07 -------- d-----w- C:\Windows\SysWow64\1033
2014-12-03 04:41:07 -------- d-----w- C:\Windows\System32\1033
2014-12-03 04:41:07 -------- d-----w- C:\Program Files\Microsoft SQL Server
2014-12-03 04:39:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008Templates
2014-12-03 04:39:22 -------- d-----w- C:\Windows\SysWow64\Visual Studio 2008
2014-12-03 04:38:00 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
.
==================== Find3M ====================
.
2015-01-01 16:09:07 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-16 20:38:18 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-16 20:38:18 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-11-29 05:24:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-11-29 01:01:24 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-11-24 20:04:56 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:10:29 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-19 10:26:34 1614504 ----a-w- C:\Windows\System32\FM20.DLL
2014-11-18 01:10:25 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-18 01:10:25 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-18 01:10:25 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-18 01:10:25 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-18 01:10:25 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-18 01:10:25 116728 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-11-18 01:10:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
2014-11-09 05:02:16 76888 ----a-w- C:\Windows\System32\PnkBstrA.exe
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 21:02:48 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-11-06 21:02:48 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-11-06 21:02:48 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-11-03 22:02:42 6882448 ----a-w- C:\Windows\System32\nvcpl.dll
2014-11-03 22:02:41 3531464 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-11-03 22:02:38 935232 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-11-03 22:02:38 61640 ----a-w- C:\Windows\System32\nvshext.dll
2014-11-03 22:02:38 385352 ----a-w- C:\Windows\System32\nvmctray.dll
2014-11-03 22:02:38 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-11-03 11:58:36 4099264 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-11-02 23:34:34 862 ----a-w- C:\Windows\DSXWA.reg
2014-11-02 23:34:34 1926 ----a-w- C:\Windows\DSXWA2.reg
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 16:59:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-16 16:54:03 1876296 ----a-w- C:\Windows\System32\nvdispco6434448.dll
2014-10-16 16:54:03 1539272 ----a-w- C:\Windows\System32\nvdispgenco6434448.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-07 00:34:44 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
.
============= FINISH: 20:51:39.31 ===============

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

I still need Attach.txt log from DDS.

 

[mrtraver]

Thanks!! Zipped and attached, or just pasted?

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume5
Install Date: 10/8/2012 11:29:01 AM
System Uptime: 1/1/2015 2:59:41 PM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 119 GiB total, 38.875 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 28.658 GiB free.
E: is FIXED (NTFS) - 523 GiB total, 73.976 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 24 GiB total, 2.391 GiB free.
H: is Removable
I: is FIXED (NTFS) - 49 GiB total, 48.672 GiB free.
M: is Removable
N: is FIXED (NTFS) - 0 GiB total, 0.035 GiB free.
O: is CDROM ()
Q: is Removable
R: is Removable
Z: is NetworkDisk (NTFS) - 932 GiB total, 189.846 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP525: 12/31/2014 11:42:39 PM - Windows Update
RP526: 1/1/2015 10:56:26 AM - Installed DirectX
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.22 (x64 edition)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition
Adblock Plus for IE (32-bit and 64-bit)
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 15 Plugin
Adobe Flash Player 16 ActiveX
Adobe Reader XI (11.0.10)
Adobe Shockwave Player 12.1
AI Suite
Aliens vs Predator Classic 2000
Amazon Kindle
Amazon Music Importer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
applicationupdater
AquaNox
Auslogics Duplicate File Finder
Avast Free Antivirus
AxCrypt 1.7.2931.0
Batman: Arkham City GOTY
Battlefield 1942™
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
Battlezone version 1.5.2.25
Bejeweled® 3
BlueStacks App Player
BlueStacks Notification Center
Bonjour
Burnout™ Paradise: The Ultimate Box
CCleaner
ChromecastApp
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Conquest Frontier Wars
Cool & Quiet
CPUID CPU-Z 1.69
Crusader No Remorse
D3DX10
Darksaber's Ultimate Craft Pack
Dead Space™
Definition Update for Microsoft Office 2010 (KB2910899) 64-Bit Edition
Descent 3 with Mercenary Expansion
Diaspora version 1.1.1
Disk Space Fan 4 Free 4.5.1.129
DivX Setup
Dogfight 1942
Dropbox
Dual-Core Optimizer
EasyBCD 2.2
Elementary and Middle School - Multiplication
erLT
ESN Sonar
Eternal Silence
EVGA Precision X 4.2.1
Fallout 3
Far Cry® 3 Blood Dragon
FormatFactory 3.3.4.0
Free YouTube Downloader 3.5.136
FreeSpace 2
Galaxy Client
Game Booster 3
GDR 5520 for SQL Server 2008 (KB2977321)
GOG.com Downloader version 3.6.0
Google Chrome
Google Earth
Google Update Helper
Gun Metal
HandBrake 0.9.9.1
HD Tune Pro 5.50
HD Youtube Downloader Free
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
ImgBurn
Incoming and Incoming Forces
Independence War Deluxe
Insaniquarium Deluxe 1.0
Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
iTunes
Java 8 Update 25
Java Auto Updater
K-Lite Codec Pack 10.5.0 Standard
Logitech Gaming Software
Logitech Gaming Software 8.56
Mace Griffin Bounty Hunter
Malwarebytes Anti-Malware version 2.0.4.1028
MediaCoder x64 0.8.17
MediaHuman Audio Converter version 1.8.9
Metro 2033
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 4 Runtime
Microsoft Crimson Skies
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft StarLancer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Xbox 360 Accessories 1.2
Minecraft PC Gamer Demo version 1.5
Moodagent
Movie Maker
Mozilla Firefox 33.0.3 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Control Panel 344.65
NVIDIA Graphics Driver 344.65
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA Virtual Audio 1.2.26
OpenAL
Origin
PC Inspector File Recovery
PC Probe II
PCSX2 - Playstation 2 Emulator
PeerBlock 1.2 (r693)
Peggle
Photo Common
Photo Gallery
Plants vs. Zombies™
Plex Media Server
PunkBuster Services
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recuva (remove only)
Red Baron Pack
Remove Empty Directories version 2.2
Revo Uninstaller 1.95
RivaTuner Statistics Server 5.2.0
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Word 2010 (KB2899519) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Shattered Steel
SimCity 2000 Special Edition
Skype™ 5.10
SPORE™
Spotify
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Star Wars Battlefront II
Star Wars X-Wing Alliance
Stargunner
Steam
Strike Suit Zero
SUPERAntiSpyware
Supreme Commander
swMSM
System Requirements Lab Detection
Tachyon: The Fringe
TeamSpeak 3 Client
TeamViewer 9
TGA Viewer
The Sims 2: Ultimate Collection
Titanfall™
TN3270 Plus 3.1
Tom Clancy's H.A.W.X. 2
Trend Micro RUBotted 2.0 Beta
TrueCrypt
Tyrian 2000
Unlocker 1.9.1
Unlocker 1.9.1-x64
Unreal Tournament G.O.T.Y. Edition
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 64-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 64-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
UpdateService
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
VirtualCloneDrive
Vista Shortcut Manager x64
VLC media player
VMware Player
Wheelman
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Wing Commander IV
WinPcap 4.1.3
WinX DVD Ripper Platinum 7.0.0
X3: Terran Conflict
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
12/31/2014 5:20:51 AM, Error: Schannel [36887] - The following fatal alert was received: 42.
12/30/2014 8:23:25 AM, Error: Schannel [36887] - The following fatal alert was received: 70.
12/30/2014 2:43:42 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/29/2014 2:01:59 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
12/29/2014 2:01:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000032, 0x0000000000000002, 0x0000000000000000, 0xfffff8800146f6ba). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122914-19000-01.
12/28/2014 9:48:51 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RACHEL-HOME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C}. The master browser is stopping or an election is being forced.
12/27/2014 7:09:37 AM, Error: Schannel [36887] - The following fatal alert was received: 48.
1/1/2015 8:51:37 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Win7.
1/1/2015 8:47:31 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {06622D85-6856-4460-8DE1-A81921B41C4B} and APPID {06622D85-6856-4460-8DE1-A81921B41C4B} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/1/2015 7:02:11 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
1/1/2015 3:02:20 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
1/1/2015 3:01:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
1/1/2015 3:01:26 PM, Error: Service Control Manager [7022] - The BlueStacks Android Service service hung on starting.
.
==== End Of File ===========================

 

[Broni]

You did fine

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

[mrtraver]

Here is the RK report (I did not see any additional logs). I'll run MBAR next and may have to post the logs tomorrow.

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : michael [Administrator]
Mode : Delete -- Date : 01/01/2015 22:08:41
¤¤¤ Processes : 1 ¤¤¤
[Tr.Poweliks] dllhost.exe -- C:\Windows\syswow64\dllhost.exe[7] -> Killed [TermProc]
¤¤¤ Registry : 34 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UnlockerDriver5 (\??\e:\Program Files (x86)\Unlocker\UnlockerDriver5.sys) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.204.238.254:8085 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : 198.204.238.254:8085 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.facebook.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.facebook.com/ -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/ -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1303FF4D-CC07-4115-9143-8D1C442E7088} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_4909\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1303FF4D-CC07-4115-9143-8D1C442E7088} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4B17D4D4-63A9-47D6-BDA7-3D4188E56F1C} | DhcpNameServer : 192.168.0.1 205.171.2.226 [UNITED STATES (US)] -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_michael_ON_G_D2A4\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_84B3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_84B3\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[Tr.Poweliks] (X64) HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\LocalServer32 -> Deleted
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] g9aakevy.default : user_pref("browser.startup.homepage", "https://www.facebook.com/?ref=tn_tnmn"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 226cf308850d79de8fa516ea4c082bb8
[BSP] 4b4b9059ed01ec62ec09b3026f91da30 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 535478 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1096661160 | Size: 24991 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1147858944 | Size: 50000 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 4ed0cbe9e062df4a66cf1085ec9cf38d
[BSP] 247d80e4b8d446623e850740b6e2963b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 70909 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: +++++
--- User ---
[MBR] 6406d2fde0873e30118db564b0e0b1be
[BSP] 2e5f379677b8053fa56ebbe96601e30d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 122002 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive6: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_01012015_220445.log - RKreport_DEL_01012015_220701.log - RKreport_DEL_01012015_220743.log - RKreport_DEL_01012015_220758.log
RKreport_DEL_01012015_220817.log - RKreport_DEL_01012015_220829.log

 

[mrtraver]

MBAR info - there were three files I recognized from an old flash drive back-up, and I deleted those manually after running MBAR.

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2015.01.02.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
michael :: MICHAEL-PC [administrator]
1/1/2015 10:36:29 PM
mbar-log-2015-01-01 (22-36-29).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 438163
Time elapsed: 9 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [cbcef002ec9dbb7bce9d719133cdde22]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\michael\Desktop\My flash drive backup\XP fixes\keyfinder.exe (Application.FindKey) -> No action taken. [1881886aff8abd79476081c8af53af51]
C:\Users\michael\Desktop\My flash drive backup\XP fixes\wga-fix.exe (Hacktool.WGAFix) -> No action taken. [56432dc5a3e6f1453298c289659d8f71]
C:\Users\michael\Desktop\My flash drive backup\XP fixes\Windows XP Keygen.exe (Malware.Tool) -> No action taken. [e7b205ed2069201607150547f40e19e7]
Physical Sectors Detected: 0
(No malicious items detected)
(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17501
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, N:\ DRIVE_FIXED
CPU speed: 3.166000 GHz
Memory total: 4293976064, free: 1043292160
Downloaded database version: v2015.01.02.01
Downloaded database version: v2014.12.30.01
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
01/01/2015 22:36:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\truecrypt.sys
\SystemRoot\system32\drivers\termdd.sys
\??\e:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\e:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\SysWow64\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\L1E62x64.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\vjoy.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\??\C:\Windows\system32\drivers\VMkbd.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\SaiH8000.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\drivers\aswHwid.sys
\??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\D:\Program Files\PeerBlock\pbfilter.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8004b83660
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xfffffa80055d1b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa800586b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xfffffa800480d590
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8005849790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000096\
Lower Device Object: 0xfffffa800482db60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800584b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000095\
Lower Device Object: 0xfffffa800482d060
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80040c9790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-5\
Lower Device Object: 0xfffffa8003feb680
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80040c8790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-6\
Lower Device Object: 0xfffffa8003c79060
Lower Device Driver Name: \Driver\atapi\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80040c7680
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-7\
Lower Device Object: 0xfffffa8003fe4060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80040c9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80040ca040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80040c9790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80039c3310, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003feb680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80040c7680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80040c8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80040c7680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003c78520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003fe4060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: ACD4630D
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1096659112
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1096661160 Numsec = 51183090
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1147858944 Numsec = 102400000
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80040c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80040c9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80040c8790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003fe3520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8003c79060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A52EA52E
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 145221632
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 74355769344 bytes
Sector size: 512 bytes
Done!
Drive 2
This is a System drive
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 65C3BC3B
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 249860096
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 128035676160 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800584b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048b1540, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800584b790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800482d060, DeviceName: \Device\00000095\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8005849790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80055c1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005849790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800482db60, DeviceName: \Device\00000096\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa800586b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80048b0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800586b060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800480d590, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8004b83660, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800582d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004b83660, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80055d1b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\keyfinder.exe --> [Application.FindKey]
Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\wga-fix.exe --> [Hacktool.WGAFix]
Infected: C:\Users\michael\Desktop\My flash drive backup\XP fixes\Windows XP Keygen.exe --> [Malware.Tool]
Infected: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action cmd.exe...
Success!
Executing an action cmd.exe...
Success!
Removal successful. No system shutdown is required.
=======================================

 

[Broni]

Please download Powelikscleaner (by ESET) and save it to your Desktop.

1. Double-click on ESETPoweliksCleaner.exe to start the tool.

2. Read the terms of the End-user license agreement and click Agree.

3. The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

4. If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.

The tool will produce a log in the same directory the tool was run from.

Please copy and paste the log in your next reply.

 

[mrtraver]

[2015.01.01 23:14:22.669] - Begin
[2015.01.01 23:14:22.670] -
[2015.01.01 23:14:22.671] - ....................................
[2015.01.01 23:14:22.672] - ..::::::::::::::::::....................
[2015.01.01 23:14:22.673] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Poweliks
[2015.01.01 23:14:22.674] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.0.0.1
[2015.01.01 23:14:22.675] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Oct 15 2014
[2015.01.01 23:14:22.676] - .::EE:::::::::::::SS:.EE..........TT......
[2015.01.01 23:14:22.677] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
[2015.01.01 23:14:22.678] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
[2015.01.01 23:14:22.678] - ....................................
[2015.01.01 23:14:22.678] -
[2015.01.01 23:14:22.678] - --------------------------------------------------------------------------------
[2015.01.01 23:14:22.679] -
[2015.01.01 23:14:22.680] - INFO: OS: 6.1.7601 SP1
[2015.01.01 23:14:22.680] - INFO: Product Type: Workstation
[2015.01.01 23:14:22.680] - INFO: WoW64: True
[2015.01.01 23:14:22.680] - INFO: Machine guid: 4E5A2555-1A63-44DD-B6DF-02CBD6CC31A6
[2015.01.01 23:14:22.680] -
[2015.01.01 23:14:25.240] - INFO: Scanning for system infection...
[2015.01.01 23:14:25.240] - --------------------------------------------------------------------------------
[2015.01.01 23:14:25.240] -
[2015.01.01 23:14:25.240] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.01.01 23:14:25.241] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2015.01.01 23:14:25.242] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.01.01 23:14:25.242] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2015.01.01 23:14:25.242] - INFO: Processing classes...
[2015.01.01 23:14:25.242] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.243] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing clsid [\Registry\User\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2015.01.01 23:14:25.244] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.01.01 23:14:25.252] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2015.01.01 23:14:25.253] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2015.01.01 23:14:25.253] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2015.01.01 23:14:25.257] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.01.01 23:14:25.259] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2015.01.01 23:14:25.259] - INFO: Win32/Poweliks not found
[2015.01.01 23:14:48.528] - End

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[mrtraver]

ComboFix 15-01-02.01 - michael 01/02/2015 18:44:29.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2302 [GMT -6:00]
Running from: c:\users\michael\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\cmdline.cfg
c:\programdata\1358480392.bdinstall.bin
c:\programdata\1358480697.bdinstall.bin
c:\programdata\1358480947.bdinstall.bin
c:\programdata\1358480986.2944.bin
c:\programdata\1358480986.3244.bin
c:\programdata\1358480986.4052.bin
c:\programdata\1358481051.2400.bin
c:\programdata\1358481051.2496.bin
c:\programdata\1358481051.2696.bin
c:\programdata\1358481051.2844.bin
c:\programdata\1358481051.288.bin
c:\programdata\1358481051.3456.bin
c:\programdata\1358481051.4028.bin
c:\programdata\1358481051.416.bin
c:\programdata\1358483514.bdinstall.bin
c:\programdata\1358483703.bdinstall.bin
c:\programdata\1358483746.bdinstall.bin
c:\programdata\1358483891.bdinstall.bin
c:\programdata\1364134677.bdinstall.bin
c:\programdata\1364134678.bdinstall.bin
c:\programdata\Amazon.ico
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-03 to 2015-01-03 )))))))))))))))))))))))))))))))
.
.
2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Rachel\AppData\Local\temp
2015-01-03 00:51 . 2015-01-03 00:51 -------- d-----w- c:\users\Amberlie\AppData\Local\temp
2015-01-03 00:11 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A76D3FC5-4F09-4083-BD07-8F0741274664}\mpengine.dll
2015-01-02 04:39 . 2015-01-02 04:39 -------- d-----w- c:\users\michael\AppData\Local\CrashDumps
2015-01-02 04:36 . 2015-01-02 04:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-02 03:20 . 2015-01-02 05:00 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-02 03:20 . 2015-01-02 03:20 -------- d-----w- c:\programdata\RogueKiller
2014-12-18 07:09 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-18 07:09 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\programdata\Trend Micro
2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\program files (x86)\WinPcap
2014-12-16 20:32 . 2014-12-16 20:32 -------- d-----w- c:\program files (x86)\Trend Micro
2014-12-16 17:52 . 1998-09-02 08:28 38160 ----a-w- c:\windows\SysWow64\LMRTREND.dll
2014-12-16 17:52 . 1998-09-02 08:28 155408 ----a-w- c:\windows\SysWow64\LMRT.dll
2014-12-16 17:52 . 1998-08-27 04:51 182032 ----a-w- c:\windows\SysWow64\dxtmsft3.dll
2014-12-16 17:52 . 1998-08-20 11:02 140800 ----a-w- c:\windows\SysWow64\tm20dec.ax
2014-12-16 17:51 . 1998-09-02 08:28 63488 ----a-w- c:\windows\SysWow64\unam4ie.exe
2014-12-16 17:51 . 1998-09-02 08:02 109840 ----a-w- c:\program files (x86)\Windows Media Player\mplayer2.exe
2014-12-16 17:51 . 1998-08-20 10:38 217984 ----a-w- c:\windows\SysWow64\strmdll.dll
2014-12-16 17:51 . 1998-09-02 08:02 194320 ----a-w- c:\windows\SysWow64\qcut.dll
2014-12-16 17:51 . 1998-08-17 09:21 5672 ----a-w- c:\windows\SysWow64\quartz.vxd
2014-12-16 17:51 . 1998-08-17 09:21 10240 ----a-w- c:\windows\SysWow64\vidx16.dll
2014-12-16 17:51 . 1998-08-17 09:21 11776 ----a-w- c:\windows\SysWow64\mciqtz.drv
2014-12-16 17:51 . 2014-12-16 17:51 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2014-12-16 17:51 . 2014-12-16 17:51 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2014-12-11 13:24 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-11 13:24 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-10 05:59 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-04 03:07 . 2011-09-22 23:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2014-12-04 03:07 . 2011-09-22 23:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-02 04:36 . 2014-08-16 12:32 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-02 04:33 . 2014-08-16 12:32 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-16 20:38 . 2012-10-08 18:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-16 20:38 . 2012-10-08 18:29 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 13:26 . 2012-10-08 16:51 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-11-29 05:24 . 2013-07-21 19:22 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-11-29 05:24 . 2012-10-11 02:52 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-11-29 01:01 . 2013-07-21 19:22 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-11-24 20:04 . 2012-10-08 16:52 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-22 01:10 . 2013-10-22 03:21 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 12:14 . 2014-08-16 12:32 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 12:14 . 2013-01-31 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-19 10:26 . 2014-11-19 10:26 1614504 ----a-w- c:\windows\system32\FM20.DLL
2014-11-18 01:10 . 2014-11-18 01:10 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-18 01:10 . 2014-05-07 00:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-18 01:10 . 2013-12-22 20:42 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-18 01:10 . 2013-10-22 03:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-18 01:10 . 2013-10-22 03:21 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-18 01:10 . 2013-10-22 03:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-18 01:10 . 2013-10-22 03:21 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-18 01:10 . 2013-10-22 03:21 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-18 01:10 . 2014-11-18 01:10 43152 ----a-w- c:\windows\avastSS.scr
2014-11-11 03:08 . 2014-11-19 05:52 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 05:52 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 05:52 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 05:52 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-09 05:02 . 2014-11-09 05:02 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-11-06 21:02 . 2014-11-11 19:02 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-11-06 21:02 . 2014-11-11 19:02 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-11-06 21:02 . 2014-11-11 19:02 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-11-04 00:04 . 2014-11-11 19:02 962704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-11-04 00:04 . 2014-11-11 19:02 934216 ----a-w- c:\windows\system32\NvFBC64.dll
2014-11-04 00:04 . 2014-11-11 19:02 922256 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-11-04 00:04 . 2014-11-11 19:02 898192 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-11-04 00:04 . 2014-11-11 19:02 870624 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-11-04 00:04 . 2014-11-11 19:02 4289168 ----a-w- c:\windows\system32\nvcuvid.dll
2014-11-04 00:04 . 2014-11-11 19:02 4009672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-11-04 00:04 . 2014-11-11 19:02 352016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-11-04 00:04 . 2014-11-11 19:02 31891784 ----a-w- c:\windows\system32\nvoglv64.dll
2014-11-04 00:04 . 2014-11-11 19:02 303600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-11-04 00:04 . 2014-11-11 19:02 2849736 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-11-04 00:04 . 2014-11-11 19:02 24555208 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-11-04 00:04 . 2014-11-11 19:02 20923712 ----a-w- c:\windows\system32\nvcompiler.dll
2014-11-04 00:04 . 2014-11-11 19:02 1876296 ----a-w- c:\windows\system32\nvdispco6434465.dll
2014-11-04 00:04 . 2014-11-11 19:02 174856 ----a-w- c:\windows\system32\nvinitx.dll
2014-11-04 00:04 . 2014-11-11 19:02 17259848 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-11-04 00:04 . 2014-11-11 19:02 156840 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-11-04 00:04 . 2014-11-11 19:02 1539272 ----a-w- c:\windows\system32\nvdispgenco6434465.dll
2014-11-04 00:04 . 2014-11-11 19:02 14031448 ----a-w- c:\windows\system32\nvopencl.dll
2014-11-04 00:04 . 2014-11-11 19:02 13943904 ----a-w- c:\windows\system32\nvcuda.dll
2014-11-04 00:04 . 2014-11-11 19:02 13207184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-11-04 00:04 . 2014-11-11 19:02 11397208 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-11-04 00:04 . 2014-11-11 19:02 11335408 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-11-04 00:04 . 2014-06-06 02:14 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2014-06-06 02:14 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2014-06-06 02:13 987520 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-06-06 02:13 20985544 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2014-06-06 02:13 19966344 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-11-04 00:04 . 2014-06-06 02:13 18514080 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-11-04 00:04 . 2014-06-06 02:13 3238040 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-04 00:04 . 2014-06-06 02:13 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-03 22:02 . 2014-06-06 02:14 6882448 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-06-06 02:14 3531464 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-10-24 03:02 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-03 22:02 . 2014-06-06 02:14 935232 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-06-06 02:14 61640 ----a-w- c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-06-06 02:14 385352 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-03 11:58 . 2014-06-06 02:14 4099264 ----a-w- c:\windows\system32\nvcoproc.bin
2014-11-02 23:34 . 2014-11-02 23:34 862 ----a-w- c:\windows\DSXWA.reg
2014-11-02 23:34 . 2014-11-02 23:34 1926 ----a-w- c:\windows\DSXWA2.reg
2014-10-25 16:59 . 2014-10-25 16:59 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57 . 2014-11-12 14:09 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 14:09 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-12 14:09 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-12 14:09 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-16 16:54 . 2014-10-24 03:01 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-10-16 16:54 . 2014-10-24 03:01 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
2014-10-14 02:16 . 2014-11-12 14:10 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 02:13 . 2014-11-12 14:10 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 02:13 . 2014-11-12 14:09 3241984 ----a-w- c:\windows\system32\msi.dll
2014-10-14 02:12 . 2014-11-12 14:10 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 02:09 . 2014-11-12 14:10 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 02:07 . 2014-11-12 14:10 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-10-14 01:50 . 2014-11-12 14:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-14 01:50 . 2014-11-12 14:09 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-14 01:49 . 2014-11-12 14:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-14 01:47 . 2014-11-12 14:10 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-10-14 01:46 . 2014-11-12 14:10 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-10-10 00:57 . 2014-11-12 14:09 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-07 00:34 . 2012-10-17 05:04 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="d:\program files (x86)\Origin\Origin.exe" [2014-12-19 3618648]
"PeerBlock"="d:\program files\PeerBlock\peerblock.exe" [2014-01-15 2513992]
"Steam"="e:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
"Spotify Web Helper"="c:\users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-16 1676344]
"Plex Media Server"="e:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2014-10-15 5105288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="d:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"VirtualCloneDrive"="e:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"AvastUI.exe"="e:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2013-07-26 1102872]
.
c:\users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 GalaxyService;GalaxyService;c:\program files (x86)\GalaxyClient\GalaxyService.exe;c:\program files (x86)\GalaxyClient\GalaxyService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 Origin Client Service;Origin Client Service;d:\program files (x86)\Origin\OriginClientService.exe;d:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;e:\program files (x86)\EVGA Precision X\RTCore64.sys;e:\program files (x86)\EVGA Precision X\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;d:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;e:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;e:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;e:\program files\SUPERAntiSpyware\SASCORE64.EXE;e:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]
S2 TeamViewer9;TeamViewer 9;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;e:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;e:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;e:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH8000.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 20:38]
.
2015-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 00:02]
.
2015-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-02 00:02]
.
2015-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job
- c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08 18:29]
.
2015-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job
- c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08 18:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-18 01:10 860984 ----a-w- e:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-09-16 11877656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 198.204.238.254:8085
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: sbuniv.edu
Trusted Zone: sbuniv.edu\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1 205.171.2.226
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
FF - ProfilePath - c:\users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/?ref=tn_tnmn
FF - user.js: extentions.webcake.installId - 6355730f-048b-4cd4-b7a6-fa8c4f5cef39
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 3e9271c9000000000000002215b35daa
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15902
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:42
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119351&tsp=4945
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-ApplicationUpdater - c:\users\michael\AppData\Local\Sony Online Entertainment\ApplicationUpdater\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:92,c1,e1,97,b6,e2,6e,04,68,5c,81,c2,43,fc,62,ea,b6,c3,97,df,30,c2,78,
f8,b3,3d,2c,ee,35,2a,86,af,c7,ec,0f,ad,0e,2f,73,05,a2,cc,fd,51,da,3b,86,e0,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\SecuROM\License information*]
"datasecu"=hex:76,e2,d0,d1,1f,9e,9c,67,73,3d,03,cf,06,dd,8c,e2,c7,17,fe,ad,5f,
e7,7a,c4,04,34,99,36,6c,70,7f,60,5f,72,f8,b5,ab,a1,52,f9,f6,b7,03,df,57,f0,\
"rkeysecu"=hex:f6,ec,88,a8,21,1e,1d,aa,1a,74,92,23,62,c1,80,1d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-02 18:54:28
ComboFix-quarantined-files.txt 2015-01-03 00:54
.
Pre-Run: 38,715,224,064 bytes free
Post-Run: 39,728,472,064 bytes free
.
- - End Of File - - 814B432AF1CCFA232D76B41B043758D4
5C616939100B85E558DA92B899A0FC36

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[mrtraver]

ADW log, others posted separately:

# AdwCleaner v4.106 - Report created 02/01/2015 at 19:13:51
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : michael - MICHAEL-PC
# Running from : C:\Users\michael\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
Folder Deleted : C:\Users\michael\AppData\Local\Conduit
Folder Deleted : C:\Users\michael\AppData\Local\eSupport.com
Folder Deleted : C:\Users\michael\AppData\Local\CrashRpt
Folder Deleted : C:\Users\michael\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\michael\AppData\Roaming\ARecEngine
Folder Deleted : C:\Users\michael\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\michael\AppData\Roaming\DSite
Folder Deleted : C:\Users\michael\AppData\Roaming\WebCake
File Deleted : C:\Users\michael\AppData\Local\BostonMarketOne.crx
File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\invalidprefs.js
File Deleted : C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default\user.js
File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgnjcnjlaajofpendibcoodneacalfho
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{16976E15-10EA-44FD-804A-6ECBC9EBBFC7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BD0FCFF-AD64-4315-9F2C-960EF3C21623}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507C73BB-FC69-425E-8A49-9204F886B328}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6EC57031-1740-4151-93C5-C465D6063DD2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9D217B94-6FC9-44FE-94B1-30C711871266}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B48AC2CD-9662-47E0-A3C0-3B01BB3F463E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BE698E51-830B-447A-954D-901D6E05DDE2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BFCF748F-A56E-451F-AA45-0D7EB699E416}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D617CF84-B0BC-441F-9984-B676AFBA1E8D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27F49273-DE3A-4111-90F9-6C474C37AEFB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E4EF697F-434B-4DC7-A464-4412462206DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F99DDD9A-07D0-47AB-86F1-193533DD2C60}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E44198-D164-4EC0-B2C0-F679D866C6DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5E58CDA9-3B21-4611-A859-26EE28950E61}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C5561B6-3DD2-46B5-83BE-EAE744366046}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9AE65823-3B11-458D-B6CA-89788A6D034E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v33.0.3 (x86 en-US)
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376160446311,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7.apn.tldcache", "{\"date\":1382490938031,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"net[...]
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "3e9271c9000000000000002215b35daa");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15902");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.516:42:39");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babExt", "");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tsp=4945");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\"img\":\"hxxp://freecorder.com/fc8/ui/buttons/menu_header.png\",\"width\":225,\"height\":65},{\"name[...]
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.firstrun", "false");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(\\\\\\/ig\\\\\\/firefox)\",\"[...]
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.no_trace", "false");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.trace_log", "1374018320503 - onFlagInfoReceived - Server mapping version: 0.21087\n1374018320503 - onFlagInfoReceived - No client-side server mapping version, don't update\[...]
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.unique_id", "0D0C8550BC8D6E9EE205109719D96B78");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extensions.wajam.version", "1.26");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("extentions.webcake.installId", "6355730f-048b-4cd4-b7a6-fa8c4f5cef39");
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
[g9aakevy.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "Q6XHJF5KVW34QEAR8EJTOP0MOKVXBDZFGPOQK6+W310UUKOVDZCPPRUKBY349WWL8XE5PDSDVA6XKDK7JOKCBA");
-\\ Google Chrome v
[C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3E92002215B35DAA&affID=119351&tsp=4945
*************************
AdwCleaner[R0].txt - [11919 octets] - [02/01/2015 19:12:12]
AdwCleaner[S0].txt - [12118 octets] - [02/01/2015 19:13:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12179 octets] ##########

 

[mrtraver]

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by michael on Fri 01/02/2015 at 19:20:51.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\michael\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\michael\appdata\locallow\ytd"
~~~ FireFox
Emptied folder: C:\Users\michael\AppData\Roaming\mozilla\firefox\profiles\g9aakevy.default\minidumps [66 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\michael\appdata\local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/02/2015 at 19:26:34.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[mrtraver]

FRST.txt part 1:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by michael (administrator) on MICHAEL-PC on 02-01-2015 19:29:31
Running from C:\Users\michael\Desktop
Loaded Profile: michael (Available profiles: michael & Rachel & Amberlie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) E:\Program Files (x86)\VMware\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe
(PeerBlock, LLC) D:\Program Files\PeerBlock\peerblock.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Plex, Inc.) E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
(Dropbox, Inc.) C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Python Software Foundation) E:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) E:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Avast Software) E:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Plex, Inc.) E:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-23] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-23] (Realtek Semiconductor Corp.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM-x32\...\Run: [UnlockerAssistant] => D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [AvastUI.exe] => e:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [EADM] => D:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-18] (Electronic Arts)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [PeerBlock] => D:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Spotify Web Helper] => C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Run: [Plex Media Server] => E:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [5105288 2014-10-15] (Plex, Inc.)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => e:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
BootExecute: autocheck autochk /k:C *
GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2018537783-2302853427-1186865814-1001] => 198.204.238.254:8085
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://my.yahoo.com/
https://www.techspot.com/
http://arstechnica.com/
http://www.cracked.com/
http://www.hard-light.net/forums/index.php?action=unread
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> e:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\java\bin\jp2ssv.dll No File
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> e:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
DPF: HKLM-x32 {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www21.adrive.com/filemanager/landing
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://vireo.spf.mo.gov/CACHE/stc/2/binaries/vpnweb.cab
DPF: HKLM-x32 {895D1291-D5BD-4982-BA84-AD11D29C1D6A} http://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
FireFox:
========
FF ProfilePath: C:\Users\michael\AppData\Roaming\Mozilla\Firefox\Profiles\g9aakevy.default
FF Homepage: https://www.facebook.com/?ref=tn_tnmn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> e:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: @tools.google.com/Google Update;version=3 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: @tools.google.com/Google Update;version=9 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - e:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - e:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-21]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-07-09]
FF HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Firefox\Extensions: [{F7EC2BAD-F77B-4020-B3C6-58B97D0859E5}] - C:\Program Files (x86)\Super_Lyrics\122.xpi
FF StartMenuInternet: FIREFOX.EXE - e:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=AV01
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=AV01"
CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (Google Cast) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR Profile: C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-20]
CHR Extension: (Google Drive) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (YouTube) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-20]
CHR Extension: (uTorrentControl_v6) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cflheckfmhopnialghigdlggahiomebp [2014-12-20]
CHR Extension: (Google Search) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-20]
CHR Extension: (Avast Online Security) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-20]
CHR Extension: (Google Wallet) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR Extension: (Gmail) - C:\Users\michael\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-20]
CHR HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - e:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; e:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; e:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R3 AvastVBoxSvc; e:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-17] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-09-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-09-16] (BlueStack Systems, Inc.)
S3 GalaxyService; C:\Program Files (x86)\GalaxyClient\GalaxyService.exe [2191648 2014-09-18] (GOG.com)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-11-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-27] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-07-09] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 TeamViewer9; e:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH)
R2 VMAuthdService; E:\Program Files (x86)\VMware\vmware-authd.exe [86744 2014-06-12] (VMware, Inc.)

 

[mrtraver]

FRST.txt pt 2 of 2:
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-17] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-09-16] (BlueStack Systems)
S3 CrystalSysInfo; E:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [135384 2015-01-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 pbfilter; D:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 RTCore64; E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-17] ()
R3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
R1 SASDIFSV; e:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; e:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-01] ()
R2 VBoxAswDrv; e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-17] (Avast Software)
R3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15104 2012-10-15] (Headsoft)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 WinRing0_1_2_0; D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 19:29 - 2015-01-02 19:29 - 00028997 _____ () C:\Users\michael\Desktop\FRST.txt
2015-01-02 19:29 - 2015-01-02 19:29 - 00000000 ___DC () C:\FRST
2015-01-02 19:28 - 2015-01-02 19:28 - 02123264 _____ (Farbar) C:\Users\michael\Desktop\FRST64.exe
2015-01-02 19:26 - 2015-01-02 19:26 - 00001071 _____ () C:\Users\michael\Desktop\JRT.txt
2015-01-02 19:18 - 2015-01-02 19:18 - 01707939 _____ (Thisisu) C:\Users\michael\Desktop\JRT.exe
2015-01-02 19:11 - 2015-01-02 19:13 - 00000000 ___DC () C:\AdwCleaner
2015-01-02 19:11 - 2015-01-02 19:11 - 02173952 _____ () C:\Users\michael\Desktop\adwcleaner_4.106.exe
2015-01-02 18:54 - 2015-01-02 18:54 - 00037865 ____C () C:\ComboFix.txt
2015-01-02 18:42 - 2015-01-02 18:54 - 00000000 ___DC () C:\Qoobox
2015-01-02 18:42 - 2015-01-02 18:52 - 00000000 ____D () C:\Windows\erdnt
2015-01-02 18:42 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-02 18:42 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-02 18:42 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-02 18:42 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-02 18:42 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-02 18:42 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-02 18:42 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-02 18:42 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-02 18:31 - 2015-01-02 18:31 - 05605575 ____R (Swearware) C:\Users\michael\Desktop\ComboFix.exe
2015-01-01 23:14 - 2015-01-01 23:14 - 00012776 _____ () C:\Users\michael\Desktop\ESETPoweliksCleaner.exe_20150101.231422.8180.log
2015-01-01 23:13 - 2015-01-01 23:13 - 00186568 _____ (ESET) C:\Users\michael\Desktop\ESETPoweliksCleaner.exe
2015-01-01 22:39 - 2015-01-01 22:39 - 00000000 ____D () C:\Users\michael\AppData\Local\CrashDumps
2015-01-01 22:36 - 2015-01-01 22:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-01 22:33 - 2015-01-01 22:47 - 00000000 ____D () C:\Users\michael\Desktop\mbar
2015-01-01 21:57 - 2015-01-01 21:57 - 16448208 _____ (Malwarebytes Corp.) C:\Users\michael\Desktop\mbar-1.08.2.1001.exe
2015-01-01 21:20 - 2015-01-01 23:00 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-01 21:20 - 2015-01-01 21:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-01 21:19 - 2015-01-01 21:19 - 15298136 _____ () C:\Users\michael\Desktop\RogueKiller.exe
2015-01-01 14:20 - 2015-01-01 14:20 - 00001022 _____ () C:\Users\michael\Desktop\space.exe - Shortcut.lnk
2014-12-29 14:01 - 2014-12-29 14:01 - 439415339 _____ () C:\Windows\MEMORY.DMP
2014-12-29 14:01 - 2014-12-29 14:01 - 00292320 _____ () C:\Windows\Minidump\122914-19000-01.dmp
2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F}
2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5}
2014-12-28 14:41 - 2014-12-28 14:41 - 00001854 _____ () C:\Windows\SysWOW64\gunmetal.log
2014-12-21 09:20 - 2014-11-17 00:47 - 179457476 _____ () C:\Users\michael\Desktop\Hayley wedding 325.mov
2014-12-21 09:14 - 2014-11-17 00:47 - 336532436 _____ () C:\Users\michael\Desktop\Hayley wedding 324.mov
2014-12-21 09:11 - 2014-11-17 00:46 - 363157812 _____ () C:\Users\michael\Desktop\Hayley wedding 323.mov
2014-12-18 20:21 - 2015-01-02 19:15 - 00001424 _____ () C:\Windows\setupact.log
2014-12-18 20:21 - 2014-12-18 20:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-18 01:09 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 01:09 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-12-16 14:32 - 2014-12-16 14:32 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-12-16 11:56 - 2014-12-16 11:56 - 00003276 _____ () C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267}
2014-12-16 11:52 - 1998-09-02 02:28 - 00155408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LMRT.dll
2014-12-16 11:52 - 1998-09-02 02:28 - 00038160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LMRTREND.dll
2014-12-16 11:52 - 1998-08-26 22:51 - 00182032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft3.dll
2014-12-16 11:52 - 1998-08-20 05:02 - 00140800 _____ (The Duck Corporation) C:\Windows\SysWOW64\tm20dec.ax
2014-12-16 11:51 - 2014-12-16 11:51 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w95inf32.dll
2014-12-16 11:51 - 2014-12-16 11:51 - 00002272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w95inf16.dll
2014-12-16 11:51 - 1998-09-02 02:28 - 01088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\danim.dll
2014-12-16 11:51 - 1998-09-02 02:28 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unam4ie.exe
2014-12-16 11:51 - 1998-09-02 02:02 - 00194320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qcut.dll
2014-12-16 11:51 - 1998-08-20 04:38 - 00217984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\strmdll.dll
2014-12-16 11:51 - 1998-08-17 03:21 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciqtz.drv
2014-12-16 11:51 - 1998-08-17 03:21 - 00010240 _____ () C:\Windows\SysWOW64\vidx16.dll
2014-12-16 11:51 - 1998-08-17 03:21 - 00005672 _____ () C:\Windows\SysWOW64\quartz.vxd
2014-12-16 11:20 - 2014-12-18 17:13 - 00000000 ____D () C:\Users\michael\Desktop\MCSD card
2014-12-11 07:24 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 07:24 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 00:00 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 00:00 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 00:00 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 00:00 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 00:00 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 00:00 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 00:00 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 00:00 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 00:00 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 00:00 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 00:00 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 00:00 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 00:00 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 00:00 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 00:00 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 00:00 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 00:00 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 00:00 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 00:00 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 00:00 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 00:00 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 00:00 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 00:00 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 00:00 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 00:00 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 00:00 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 00:00 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 00:00 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 00:00 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 00:00 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 00:00 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 00:00 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 00:00 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 00:00 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 00:00 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 00:00 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 00:00 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 00:00 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 00:00 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 00:00 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 00:00 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 00:00 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 00:00 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 00:00 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 00:00 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 00:00 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 00:00 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 00:00 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 00:00 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 00:00 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 00:00 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 00:00 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 00:00 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 00:00 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 00:00 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 00:00 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 00:00 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:59 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:59 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:59 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:59 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 23:59 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:59 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:59 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:59 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:59 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:59 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 23:59 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 23:59 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 23:59 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 23:59 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 14:39 - 2014-12-07 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition
2014-12-06 07:37 - 2014-12-06 09:42 - 00000142 _____ () C:\Users\michael\Desktop\GoNoodle.url
2014-12-06 07:18 - 2014-12-06 07:38 - 00000109 _____ () C:\Users\michael\Desktop\Starfall.url
2014-12-03 21:07 - 2011-09-22 17:18 - 00089960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SQSRVRES.DLL
2014-12-03 21:07 - 2011-09-22 17:18 - 00073064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-02 19:22 - 2009-07-13 22:45 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 19:22 - 2009-07-13 22:45 - 00022272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 19:20 - 2012-10-08 10:28 - 01498807 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 19:16 - 2014-07-09 05:59 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001
2015-01-02 19:16 - 2014-07-09 05:59 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001
2015-01-02 19:16 - 2012-11-02 05:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-02 19:16 - 2012-10-08 12:35 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Dropbox
2015-01-02 19:15 - 2014-10-13 04:18 - 00019140 _____ () C:\Windows\PFRO.log
2015-01-02 19:15 - 2014-09-23 20:04 - 00000000 ____D () C:\ProgramData\VMware
2015-01-02 19:15 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-02 19:12 - 2012-11-02 05:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-02 19:12 - 2012-10-08 12:29 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job
2015-01-02 18:59 - 2012-10-08 14:53 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 18:51 - 2009-07-13 20:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-02 18:34 - 2013-02-02 00:27 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CC4B44F-D605-401D-98D1-E4A8D1BE9172}
2015-01-02 18:31 - 2013-01-17 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-02 15:46 - 2012-11-23 20:49 - 00000000 ____D () C:\Users\michael\AppData\Roaming\vlc
2015-01-01 22:55 - 2014-01-25 14:10 - 00003510 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-01-01 22:36 - 2014-08-16 06:32 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 22:33 - 2014-08-16 06:32 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-01 21:12 - 2012-10-08 12:29 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job
2015-01-01 14:47 - 2012-10-13 14:28 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-01 10:57 - 2014-10-12 22:16 - 00103232 _____ () C:\Windows\DirectX.log
2015-01-01 10:57 - 2012-11-06 17:48 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-01 10:02 - 2014-08-16 06:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-01 09:29 - 2013-05-25 21:38 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-01 07:38 - 2013-04-22 07:09 - 00000000 ____D () C:\Users\michael\Desktop\1 - My stuff
2014-12-30 22:16 - 2013-08-21 15:01 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001
2014-12-30 22:16 - 2013-08-21 15:01 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001
2014-12-29 14:01 - 2012-10-30 05:47 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 22:34 - 2014-09-04 13:59 - 00003644 _____ () C:\Users\michael\fsoinstaller.properties
2014-12-28 22:34 - 2014-01-19 23:09 - 00000000 _____ () C:\Users\michael\.JarClassLoader
2014-12-27 20:11 - 2013-11-12 16:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-23 17:47 - 2014-10-14 04:18 - 00000000 ____D () C:\Users\michael\Desktop\Recipes
2014-12-22 13:08 - 2012-10-08 12:34 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Spotify
2014-12-22 13:02 - 2012-10-11 20:57 - 00000000 ____D () C:\Users\michael\AppData\Local\Spotify
2014-12-22 09:30 - 2014-05-22 18:29 - 00000019 _____ () C:\Windows\popcinfo.dat
2014-12-22 09:25 - 2014-08-02 07:46 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F2E8E647-5B6B-421A-9E0B-3D9CA84EEFDB}
2014-12-22 09:01 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-21 09:21 - 2009-04-05 20:53 - 11710976 ___SH () C:\Users\michael\Desktop\Thumbs.db
2014-12-18 21:15 - 2012-10-08 12:35 - 00000000 ____D () C:\Users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-18 20:58 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 16:18 - 2012-10-12 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
2014-12-16 16:18 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 16:11 - 2012-10-08 13:27 - 00111136 _____ () C:\Users\michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-16 14:39 - 2014-08-26 10:58 - 00000000 ____D () C:\Users\michael\AppData\Local\Adobe
2014-12-16 14:38 - 2013-01-17 21:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-16 14:38 - 2012-10-08 12:29 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-16 14:38 - 2012-10-08 12:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-16 14:34 - 2009-07-13 22:45 - 00412104 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-16 11:54 - 2014-09-05 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
2014-12-16 11:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2014-12-16 11:13 - 2014-02-05 20:47 - 00000000 ____D () C:\Users\michael\AppData\Roaming\TeamViewer
2014-12-15 22:50 - 2012-10-08 12:33 - 00000000 ____D () C:\Users\michael\AppData\Roaming\uTorrent
2014-12-12 21:23 - 2014-10-13 09:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 10:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 07:26 - 2013-07-09 22:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 07:26 - 2012-10-08 10:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 07:25 - 2012-10-11 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-07 15:39 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-07 13:40 - 2012-11-02 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-06 07:35 - 2013-08-08 09:11 - 00000000 ____D () C:\Users\michael\Desktop\Ammi new sites
2014-12-06 00:18 - 2014-12-02 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-03 21:08 - 2014-12-02 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual C++ 2008 Express Edition
2014-12-03 21:07 - 2014-12-02 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-12-03 21:07 - 2013-09-20 18:01 - 00007724 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
Files to move or delete:
====================
C:\Users\Public\FixDwndp.exe

Some content of TEMP:
====================
C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
C:\Users\michael\AppData\Local\Temp\Quarantine.exe
C:\Users\michael\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-02 00:45
==================== End Of Log ============================

 

[mrtraver]

Addition.txt part 1:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
Ran by michael at 2015-01-02 19:30:08
Running from C:\Users\michael\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
ACE COMBAT™ ASSAULT HORIZON Enhanced Edition (HKLM-x32\...\Steam App 228400) (Version: - Namco)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )
Aliens vs Predator Classic 2000 (HKLM-x32\...\1207665883_is1) (Version: 2.0.0.24 - GOG.com)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AquaNox (HKLM-x32\...\Steam App 39630) (Version: - Nordic Games)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.5 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AxCrypt 1.7.2931.0 (HKLM\...\{E191812E-F3A0-4F87-98D9-DCD03321278D}) (Version: 1.7.2931.0 - Axantum Software AB)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Battlezone version 1.5.2.25 (HKLM-x32\...\{B3B61934-313A-44A2-B589-700FDAA6C758}_is1) (Version: 1.5.2.25 - www.battlezone1.com)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{B40D9A2E-C9CA-4402-A0B7-09E33C03B9C5}) (Version: 0.9.3.4070 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{1CDC8E7D-CDFC-4C2B-A080-23D943354625}) (Version: 1.1.0.0 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
ChromecastApp (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
Command & Conquer™ 3: Kane's Wrath (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Electronic Arts Inc.)
Conquest Frontier Wars (HKLM-x32\...\GOGPACKCONQUESTFRONTIERWARS_is1) (Version: 2.0.0.6 - GOG.com)
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crusader No Remorse (HKLM-x32\...\{2AEA735F-B393-4D89-93EF-5849CB72B4A3}) (Version: 1.0.0.2 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Darksaber's Ultimate Craft Pack (HKLM-x32\...\Darksaber's Ultimate Craft Pack) (Version: v2.1 - Darksaber's X-Wing Station)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Descent 3 with Mercenary Expansion (HKLM-x32\...\GOGPACKDESCENT3_is1) (Version: 2.0.0.16 - GOG.com)
Diaspora version 1.1.1 (HKLM-x32\...\{1F5ABAAA-6D61-4FC1-A595-86CBA5517E7A}_is1) (Version: 1.1.1 - Diaspora Development)
Disk Space Fan 4 Free 4.5.1.129 (HKLM-x32\...\Disk Space Fan 4 Free_is1) (Version: - Disk Space Fan Team)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dogfight 1942 (HKLM-x32\...\Steam App 217790) (Version: - City Interactive)
Dropbox (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
Elementary and Middle School - Multiplication (HKLM-x32\...\{2A7EC44B-EDC2-4A05-8BD8-898C90E801FA}) (Version: 7.0.0 - A+ Interactive MATH, an A+ TutorSoft Inc. company)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Eternal Silence (HKLM-x32\...\Steam App 17550) (Version: - ES Team)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - Ubisoft Montreal)
FormatFactory 3.3.4.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.4.0 - Format Factory)
Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version: - )
Galaxy Client (HKLM-x32\...\{D6D1DA54-531F-4FA0-B683-CE66ACE3543F}_is1) (Version: 0.1.0.456 - GOG.com)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gun Metal (HKLM-x32\...\Steam App 267920) (Version: - Rage Software)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HD Youtube Downloader Free (HKLM-x32\...\HD Youtube Downloader Free_is1) (Version: - HD Youtube Downloader Free)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Incoming and Incoming Forces (HKLM-x32\...\GOGPACKINCOMINGPACK_is1) (Version: 2.0.0.14 - GOG.com)
Independence War Deluxe (HKLM-x32\...\GOGPACKIWAR_is1) (Version: 2.0.0.15 - GOG.com)
Insaniquarium Deluxe 1.0 (HKLM-x32\...\Insaniquarium Deluxe 1.0) (Version: - )
Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (HKLM-x32\...\{754854DC-2E0A-49D8-A1A1-426C1F9B1459}) (Version: 5.3.4.087 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Mace Griffin Bounty Hunter (HKLM-x32\...\{BE87D165-3A5A-4CDC-9571-FD8EE66EB48B}) (Version: 1.00.000 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaCoder x64 0.8.17 (HKLM\...\MediaCoder x64) (Version: 0.8.17 - Broad Intelligence)
MediaHuman Audio Converter version 1.8.9 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.8.9 - MediaHuman)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Crimson Skies (HKLM-x32\...\Crimson Skies 1.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft StarLancer (HKLM-x32\...\StarLancer 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Moodagent (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\d816b567ade41a28) (Version: 1.0.0.18 - Moodagent)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2142 - Electronic Arts, Inc.)
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{5ea93dc7-0906-47a6-8033-d26ed443f0a8}) (Version: 0.9.1101 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1101 - Plex, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (remove only) (HKLM\...\Recuva) (Version: - Piriform)
Red Baron Pack (HKLM-x32\...\GOGPACKREDBARON12_is1) (Version: 2.0.0.24 - GOG.com)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shattered Steel (HKLM-x32\...\GOGPACKSHATTEREDSTEEL_is1) (Version: 2.0.0.6 - GOG.com)
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.116 - Skype Technologies S.A.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spotify (HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.3.5500.0 - Microsoft Corporation)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars X-Wing Alliance (HKLM-x32\...\{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}) (Version: 1.0.0.0 - LucasArts, Totally Games)
Stargunner (HKLM-x32\...\GOGPACKSTARGUNNER_is1) (Version: 2.0.0.4 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strike Suit Zero (HKLM-x32\...\Steam App 209540) (Version: - Born Ready Games Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version: - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Tachyon: The Fringe (HKLM-x32\...\Steam App 32760) (Version: - NovaLogic)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TGA Viewer (HKLM-x32\...\{4FA2DAFD-2D72-4ACF-BDD8-4178E8AFD459}_is1) (Version: - IdeaMK)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts)
TN3270 Plus 3.1 (HKLM-x32\...\{A328ED44-1CFC-41E7-A893-5DBE578F421D}) (Version: 3.1.0 - SDI USA Inc.)
Tom Clancy's H.A.W.X. 2 (HKLM-x32\...\{76A232AF-B7D6-41A4-B795-6B355E6D32B1}) (Version: 1.0.1 - Ubisoft)
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Tyrian 2000 (HKLM-x32\...\GOGPACKTYRIAN2000_is1) (Version: 2.0.0.11 - GOG.com)
Unlocker 1.9.1 (HKLM-x32\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Unreal Tournament G.O.T.Y. Edition (HKLM-x32\...\UnrealTournament) (Version: - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc)
VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden
Wheelman (HKLM-x32\...\{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}) (Version: 1.00.0000 - Ubisoft Entertainment)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wing Commander IV (HKLM-x32\...\Wing Commander IV_is1) (Version: - GOG.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinX DVD Ripper Platinum 7.0.0 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version: - Egosoft)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

 

[mrtraver]

Addition.txt pt 2 of 2:

==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
31-12-2014 23:42:39 Windows Update
01-01-2015 10:56:26 Installed DirectX
01-01-2015 22:10:26 malware check
01-01-2015 22:47:01 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-01-02 18:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {175757F6-B00B-4A53-9E08-F45EB230511A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {21D1DE3E-9035-4A8D-AE10-1747E23E7F90} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {2850526E-2C21-4EF5-840A-95D7FDC03A23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {496DA467-8454-4065-899F-010F2AE0A228} - System32\Tasks\{9417DBD9-C530-41D8-A04B-E177DAA73B8E} => pcalua.exe -a H:\Software\ExpressGate\AsusSetup.exe -d H:\Software\ExpressGate
Task: {610A5DFD-AC33-458A-B427-720F669B7FBC} - System32\Tasks\CCleanerSkipUAC => E:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {61DFB090-B054-4D95-B78E-2395C17E2A2A} - System32\Tasks\Game_Booster_AutoUpdate => D:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-13] ()
Task: {697F1AB9-2BC3-4C71-9632-48FB228B0CA5} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()
Task: {823197A9-0AE9-48E0-BD0C-B5BAFDC306CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {83F9BA74-7C97-483D-A8D7-6B70F8BFA3C5} - System32\Tasks\{61EFB761-BB89-41F3-8FE9-F46821E51F0D} => pcalua.exe -a H:\setup.exe -d H:\
Task: {968D515A-0E61-4DF9-9560-0F8A705CF31C} - System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F} => E:\Program Files (x86)\Steam\SteamApps\common\Gun Metal\Gunmetal.exe [2014-12-20] ()
Task: {986894BB-7ABF-451D-A902-1802197EDC7F} - System32\Tasks\{828D8AA4-C54B-420C-83F0-847FEE7CF1AB} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W04QYR3U\MassEffect_EFIGS_1.02.exe" -d C:\Users\michael\Desktop
Task: {99B17A6A-CAD9-464E-B088-F23B4634A296} - System32\Tasks\{6FA36FC4-64D3-4606-8EF3-B27B30A98CB0} => pcalua.exe -a H:\setup.exe -d H:\
Task: {A2ED0762-CE13-4488-A7FE-1DC0BB5C4078} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A9033BE5-2015-493D-A5B8-A1AA01C45CAD} - System32\Tasks\{B6462DFB-9E7D-47BF-8101-3DDA77BDB5DC} => pcalua.exe -a E:\Downloads\MassEffect_BDtS_ES_a.exe -d C:\Users\michael\Desktop
Task: {A947D452-FBB0-4EF4-8A5E-2B2D3A461EAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16] (Adobe Systems Incorporated)
Task: {ABD5DED0-6E09-4A7F-808D-0BD9CD2E2151} - System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QNTCJ5S\crmsk102.exe" -d C:\Users\michael\Desktop
Task: {B1BE827B-F39A-4AB3-B39A-AD7B479FDAAA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2018537783-2302853427-1186865814-1001
Task: {BFADD163-2762-4C8A-AB54-E7ACD707E38A} - System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5} => E:\Program Files (x86)\Steam\SteamApps\common\Gun Metal\Gunmetal.exe [2014-12-20] ()
Task: {CB14476F-D945-43E6-9A66-2B505AD7A868} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {CD5B6A1B-10DF-4BF5-905B-82BABF785503} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-08] (Google Inc.)
Task: {D55411C1-C7CD-43A1-BF6E-9D5C523D0D78} - System32\Tasks\avast! Emergency Update => e:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: {DED76AD7-F1A2-43E4-9F3B-3F59B130F0A8} - System32\Tasks\{123A2AC0-8A56-47F5-86CD-F70B09D475F1} => pcalua.exe -a "C:\Users\michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B6R3C5X\unlocker setup.exe" -d C:\Users\michael\Desktop
Task: {E6D67E61-F4D0-4047-ADF7-5FB5C86E2431} - System32\Tasks\{AE6F854D-96EA-4130-91E3-2C7B3A722E20} => pcalua.exe -a H:\Software\setupstb.exe -d H:\Software
Task: {E8BA8C09-6B50-41AF-B5CE-6A26EF59739E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-01] (Google Inc.)
Task: {EBD763E7-A56F-45FE-A71E-05C5F84E0969} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2018537783-2302853427-1186865814-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {EFEDEDF0-C8B4-4CE7-9317-874139AB6255} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => e:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe
Task: {F9E3F677-D987-4A14-A484-ED9AE6F772DE} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-01-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001Core.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018537783-2302853427-1186865814-1001UA.job => C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-05 20:14 - 2014-11-03 16:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-08 23:02 - 2014-11-08 23:02 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-10 16:50 - 2014-06-10 16:50 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-06-10 21:03 - 2014-06-10 21:03 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-09-16 15:02 - 2014-09-16 15:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 15:02 - 2014-09-16 15:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 15:02 - 2014-09-16 15:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 15:02 - 2014-09-16 15:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2010-07-04 13:51 - 2010-07-04 13:51 - 00017408 _____ () D:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
2014-11-17 19:10 - 2014-11-17 19:10 - 00388208 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-17 19:10 - 2014-11-17 19:10 - 05851328 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-10 21:34 - 2014-06-10 21:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-01-02 16:05 - 2015-01-02 16:05 - 02909696 _____ () e:\Program Files\AVAST Software\Avast\defs\15010201\algo.dll
2014-11-17 19:10 - 2014-11-17 19:10 - 04495336 _____ () e:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-09 05:56 - 2014-07-09 05:56 - 00861784 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-12-16 14:32 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () E:\Program Files (x86)\VMware\libxml2.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll
2010-07-04 15:32 - 2010-07-04 15:32 - 00004608 _____ () D:\Program Files (x86)\Unlocker\UnlockerHook.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll
2013-12-18 06:29 - 2014-12-18 21:13 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-08-28 19:13 - 2014-11-11 12:48 - 01171456 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 19:13 - 2014-11-11 12:48 - 00442368 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 19:13 - 2014-11-11 12:48 - 00332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2014-02-15 13:03 - 2014-11-11 12:47 - 00774656 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 21:30 - 2014-11-18 14:23 - 02227904 _____ () E:\Program Files (x86)\Steam\video.dll
2014-08-28 19:13 - 2014-11-11 12:48 - 00403968 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 19:13 - 2014-11-11 12:48 - 00485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2014-02-15 13:03 - 2014-11-18 14:23 - 00690880 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-15 02:51 - 2014-10-15 02:51 - 00072840 _____ () E:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00196232 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00838792 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00049800 _____ () E:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00086664 _____ () E:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 02092680 _____ () E:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 01883784 _____ () E:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00502920 _____ () E:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-02 19:16 - 2015-01-02 19:16 - 00043008 _____ () c:\users\michael\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\michael\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-17 19:10 - 2014-11-17 19:10 - 38562088 _____ () E:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00044680 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00027784 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00018568 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00034952 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00836232 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00062600 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00166024 _____ () E:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-10-15 02:51 - 2014-10-15 02:51 - 00192136 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00016520 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00054920 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00017032 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00043656 _____ () E:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00081544 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00111240 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-10-15 02:51 - 2014-10-15 02:51 - 00689800 _____ () E:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-02-15 13:03 - 2014-11-11 12:48 - 34589888 _____ () E:\Program Files (x86)\Steam\bin\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\Windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: CCleaner Monitoring => "E:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\michael\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
========================= Accounts: ==========================
Administrator (S-1-5-21-2018537783-2302853427-1186865814-500 - Administrator - Enabled)
Amberlie (S-1-5-21-2018537783-2302853427-1186865814-1057 - Limited - Enabled) => C:\Users\Amberlie
Guest (S-1-5-21-2018537783-2302853427-1186865814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2018537783-2302853427-1186865814-1002 - Limited - Enabled)
michael (S-1-5-21-2018537783-2302853427-1186865814-1001 - Administrator - Enabled) => C:\Users\michael
Rachel (S-1-5-21-2018537783-2302853427-1186865814-1056 - Limited - Enabled) => C:\Users\Rachel
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-02 18:51:21.509
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-02 18:51:21.477
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 09:17:50.226
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-24 08:32:50.989
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 08:32:50.929
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 08:32:50.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 08:32:50.809
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-03-24 06:57:05.491
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-24 05:56:45.639
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-03-24 05:43:07.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Bitdefender\Antivirus Free Edition\avc3\avc3_sig_185\avcuf64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 52%
Total physical RAM: 4095.05 MB
Available physical RAM: 1942.92 MB
Total Pagefile: 8188.29 MB
Available Pagefile: 5876.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Win7) (Fixed) (Total:119.14 GB) (Free:36.7 GB) NTFS
Drive d: (Programs) (Fixed) (Total:69.25 GB) (Free:28.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:522.93 GB) (Free:70.75 GB) NTFS
Drive g: (WinXP) (Fixed) (Total:24.41 GB) (Free:2.38 GB) NTFS
Drive I: (Windows 10 preview) (Fixed) (Total:48.83 GB) (Free:48.67 GB) NTFS
Drive n: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive z: () (Network) (Total:931.51 GB) (Free:189.85 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: ACD4630D)
Partition 1: (Not Active) - (Size=522.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 69.2 GB) (Disk ID: A52EA52E)
Partition 1: (Active) - (Size=69.2 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 65C3BC3B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[mrtraver]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-01-2015
Ran by michael at 2015-01-02 19:58:19 Run:1
Running from C:\Users\michael\Desktop
Loaded Profile: michael (Available profiles: michael & Rachel & Amberlie)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File
GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User: Group Policy restriction detected <======= ATTENTION
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2018537783-2302853427-1186865814-1001] => 198.204.238.254:8085
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files (x86)\java\bin\jp2ssv.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL No File [ ]
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin HKU\S-1-5-21-2018537783-2302853427-1186865814-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CHR HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F}
2014-12-28 14:41 - 2014-12-28 14:41 - 00003010 _____ () C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5}
2014-12-16 11:56 - 2014-12-16 11:56 - 00003276 _____ () C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267}
C:\Users\Public\FixDwndp.exe
C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll
C:\Users\michael\AppData\Local\Temp\Quarantine.exe
C:\Users\michael\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\michael\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
*****************
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" => Key deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2018537783-2302853427-1186865814-1057\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=1.140.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
"HKU\S-1-5-21-2018537783-2302853427-1186865814-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
catchme => Service deleted successfully.
lmimirr => Service deleted successfully.
MREMP50a64 => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
MRESP50a64 => Service deleted successfully.
SBRE => Service deleted successfully.
C:\Windows\System32\Tasks\{CA8246B2-31F8-406E-95B7-D7DB055DFF6F} => Moved successfully.
C:\Windows\System32\Tasks\{A17ABDD1-3AA2-463A-A7A0-1B49F1B711A5} => Moved successfully.
C:\Windows\System32\Tasks\{5F7F94F9-A801-4013-9D6C-05EB0BE30267} => Moved successfully.
C:\Users\Public\FixDwndp.exe => Moved successfully.
C:\Users\michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbn_rko.dll => Moved successfully.
C:\Users\michael\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\michael\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2018537783-2302853427-1186865814-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.

The system needed a reboot.
==== End of Fixlog 19:58:20 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[mrtraver]

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 33.0.3 Firefox out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastui.exe
Trend Micro RUBotted RUBotSrv.exe
Trend Micro RUBotted RUBottedGUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 21-07-2014
Ran by michael (administrator) on 02-01-2015 at 21:17:11
Running from "C:\Users\michael\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

[mrtraver]

Sophos said PC is clean; nothing to report! Thank you so much for your help!!

 

[Broni]

Update Firefox to the current 34.0 version.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

======================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[mrtraver]

Thank you again! Avast hasn't shown any more hits since Roguekiller took out Poweliks yesterday, and I have not had any more issues with IE settings being changed.

And once Flash Player was updated, I stopped getting the HTTP blocks on PeerBlock, so I guess something was exploiting that.

I'm still curious as to how I contracted this, as I try to practice safe browsing, but I suppose I will not ever know for certain. The most recent thing I remember doing before noting the oddities was download a couple of Steam games, but my kids also use this PC while I am work so no telling what the clicked on. I suppose I should enable UAC even though it drives me insane 99% of the time since I am doing something intentionally.

 

[Broni]

Kids are usually main suspects
I suggest creating different (limited) user accounts for them.

Good luck and stay safe