Agent86

Malwarebytes Android and other virus softwares are calling this file a Trojan, virus or malware. Android/Trojan.Andup.e/system/priv-app/SysCore_AD_OverSea_ad_ibd_001_2015 0212_V7.2.4_001.apk My phone is Blu Studio 5 C I did a soft reset, and hard reset and Malwarebytes along with McCafee and other malware and virus protections are calling a Trojan Andup.e and suggested that the programs running it that seems to be unsecure is "Android Services" Additionally Malwarebytes says I may not be protected because my phone is "rooted" however, my phone is not rooted. All other scanners and protectors cannot delete the program either. I've read that I need to root my phone for Malwarebytes to delete it or to remove it myself. I have never rooted my phone and do not really understand how to do this if indeed I'm suppose to do it. Please advise if I should remove it or perhaps a fresh flash rom of an upgrade version might remove it. What do you think ?

One more thing It looks like this: This is a fresh install with a complete bios flash from USB very strange here: Mouse moves around computer attempts to open menu's and applications etc. Even with wifi turned off Youtube link to show actual video of this symptom

The symptom looks like the Windows MS sparkles you get when you first install Windows 10 and get to the (HI) screen that shows a sort of digital fireworks on the backround for a few seconds. This is happening all the time and it's the same effect you get when someone remotely logs into your computer even if it's not connected to the internet I get this effect. What is this anyhow ?

I'm not sure what to think about this HP touchsmart with mouse pad or usb mouse The symptom is as follows: Mouse pad or external mouse is jumpy and mouse moves around on it's own. Windows, apps and/or browser opens on it's own and eventually you can't really move your mouse because it jumps to the desktop as soon as you try to hit the X to close a windows or application. The background screen has occasional sparkles or resembles a sprinkle as if a light rain is hitting a smooth lake or something. All wifi and internet are disconnected and wiped the hard drive and partitions using a USB live linux CD to create new partition table and format. I installed Fresh windows and the mouse / sprinkle was starting to emerge again. Even after updating the flash with flash utility the sparkle effect was still present occasionally but the mouse movement appears to be gone from what I can tell. I do suspect the virus is still present in the bios and perhaps back on the hard drive somewhere. Please advise

OK, I'm not sure what this file is, but I also have a small ad window in the browser in the lower right corner of the browser all the time It's like an old school ad toolbar or something. Please advise Thanks

# DelFix v10.8 - Logfile created 02/02/2015 at 13:18:52 # Updated 29/07/2014 by Xplode # Username : Agent86 - AGENT86-PC # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\Qoobox Deleted : C:\Combofix Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\ComboFix.txt Deleted : C:\Users\Agent86\Downloads\Addition.txt Deleted : C:\Users\Agent86\Downloads\ComboFix.exe Deleted : C:\Users\Agent86\Downloads\FRST.txt Deleted : C:\Users\Agent86\Downloads\FRST64.exe Deleted : C:\Users\Agent86\Downloads\rkill.exe Deleted : C:\Windows\grep.exe Deleted : C:\Windows\PEV.exe Deleted : C:\Windows\NIRCMD.exe Deleted : C:\Windows\MBR.exe Deleted : C:\Windows\SED.exe Deleted : C:\Windows\SWREG.exe Deleted : C:\Windows\SWSC.exe Deleted : C:\Windows\SWXCACLS.exe Deleted : C:\Windows\Zip.exe Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #222 [Windows Update | 12/18/2014 20:42:50] Deleted : RP #223 [installed Java SE Development Kit 7 Update 71 (64-bit) | 12/18/2014 21:53:59] Deleted : RP #224 [installed Java 7 Update 71 (64-bit) | 12/18/2014 21:55:14] Deleted : RP #225 [installed Pantech Burst OS Upgrade Tool | 12/19/2014 04:05:44] Deleted : RP #226 [avast! antivirus system restore point | 12/21/2014 00:27:00] Deleted : RP #227 [Removed Pantech Burst OS Upgrade Tool | 12/21/2014 01:35:31] Deleted : RP #228 [Removed PingPlotter Standard 3.42.3s | 12/21/2014 01:36:20] Deleted : RP #229 [avast! antivirus system restore point | 12/22/2014 13:36:41] Deleted : RP #230 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 | 12/23/2014 02:26:48] Deleted : RP #231 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 | 12/23/2014 02:27:38] Deleted : RP #232 [Device Driver Package Install: Dev47Apps.com Sound, video and game controllers | 12/25/2014 14:14:45] Deleted : RP #233 [Device Driver Package Install: Dev47Apps.com Sound, video and game controllers | 12/25/2014 14:15:42] Deleted : RP #234 [McAfee Vulnerability Scanner | 12/27/2014 02:29:15] Deleted : RP #235 [McAfee Vulnerability Scanner | 01/03/2015 00:29:55] Deleted : RP #236 [avast! antivirus system restore point | 01/09/2015 19:23:38] Deleted : RP #237 [Windows Update | 01/10/2015 15:00:48] Deleted : RP #238 [Windows Update | 01/13/2015 22:03:35] Deleted : RP #239 [Windows Update | 01/14/2015 03:35:17] Deleted : RP #240 [Windows Update | 01/15/2015 20:42:06] Deleted : RP #241 [Removed Arc | 01/17/2015 21:49:35] Deleted : RP #242 [Windows Update | 01/20/2015 15:23:49] Deleted : RP #243 [Windows Update | 01/23/2015 15:28:44] Deleted : RP #244 [Removed Java 7 Update 71 (64-bit) | 01/25/2015 18:05:32] Deleted : RP #245 [Removed Java SE Development Kit 7 Update 71 (64-bit) | 01/25/2015 18:06:38] Deleted : RP #246 [Removed Java 7 Update 71 | 01/25/2015 18:07:49] Deleted : RP #247 [installed iRacing.com Race Simulation | 01/26/2015 21:49:47] Deleted : RP #248 [installed iRacing.com Race Simulation | 01/26/2015 21:52:20] Deleted : RP #249 [Configured iRacing.com Race Simulation | 01/26/2015 21:57:02] Deleted : RP #250 [Configured iRacing.com Race Simulation | 01/26/2015 22:04:43] Deleted : RP #251 [Removed Overwolf.Setup.VC100CRTx64.Dist | 01/27/2015 02:44:05] Deleted : RP #252 [Windows Update | 01/27/2015 16:01:21] Deleted : RP #253 [Windows Update | 01/30/2015 20:56:01] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## THANKS And thanks for the links I will read those too P.S I am actually familiar with Windows PC's and can typically keep them running smooth but this one was rare and kept coming back. I think I understand the process and the fix.txt that was applied too.

Yep I think it's all fixed and definately malware and/or adware The combination of things definately fixed it, and your instructions seem to solve it, but something was causing it to re-emerge; and I believe that I also needed to uninstall FF and remove all files too. I think some sort of adware / malware or something had infected a plugin somehow I can't say for sure if that did indeed break the link for FF to recreate the problem but it seems to be gone now for good. Thanks for all the help. Looking forward to purchasing upgraded / premium version

Phone / phablet is Model M768 which is the BearTab 7 inch phone tablet NON-rooted Anrdoid version 4.4.2 malwarebytes: version v1.05.0.9000 database version v2015.01.26.02 malicious url database v2015.01.20.02

So far so good. No re-emergence of the ads or requests for downloads of any players So I don't know exactly which item was causing this or if it were a plugin or something else Or if iRacing app became infected or something, but so far so good I will see if it appears again in the next couple of days. Thanks for all the help

ok, I'll post back later today thanks

So last thing I did was I uninstalled Firefox and all folders I could find I re-downloaded and installed it again. I'm just curious if it's Firefox relatedd because I noticed when trying to update iRacing the speed was dipping in the low teens/kbs which is lower then old dialup connection It would spike to about 1-2MBs but that is still slow for my 75/75 fios speeds Speedtest on firefox was very slow too while speedtest on IE was normal. Speedtest on linux / firefox was normal too. So anyhow iRacing updates seems to be going well so far with the newly installed firefox I will post back if I noticed any change in these poppup ads or request for downloading some player etc. If this is going to re-emerge it will do it quickly and usually every 4-5 pages browsed or so

Latest FRST scan and additional .txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Agent86 (administrator) on AGENT86-PC on 26-01-2015 21:13:24 Running from C:\Users\Agent86\Downloads Loaded Profiles: Agent86 (Available profiles: Agent86) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe () C:\Program Files (x86)\Gaming Mouse\hid.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Gaming Mouse\trayicon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Gaming Mouse\hid.exe [262656 2013-04-11] () HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2993030579-955168000-2236405169-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://192.168.1.6/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default FF DefaultSearchEngine: Bing FF Homepage: www.my.yahoo.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Agent86\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Xmarks - C:\Users\Agent86\AppData\Roaming\Mozilla\Firefox\Profiles\bshy3bmp.default\Extensions\foxmarks@kei.com [2014-11-22] FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2015-01-26] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-01-31] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-09] Chrome: ======= CHR Profile: C:\Users\Agent86\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-09] (Avast Software) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation) R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-07] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-09] () R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33080 2014-12-25] (Dev47Apps) R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [228408 2014-12-25] (Dev47Apps) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 PSMNBUS; C:\Windows\System32\DRIVERS\PSMNBUS.sys [102784 2011-10-07] (DEVGURU Co., LTD.) S3 PSMNMDM; C:\Windows\System32\DRIVERS\PSMNMDM.sys [183680 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PSMNMDMVSP; C:\Windows\System32\DRIVERS\PSMNMDMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PSMNMSMVSP; C:\Windows\System32\DRIVERS\PSMNMSMVSP.sys [183808 2011-10-07] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PSMNNET61; C:\Windows\System32\DRIVERS\PSMNNET61.sys [113408 2011-10-07] (DEVGURU Co., LTD.) S3 PSMNRMNET; C:\Windows\System32\DRIVERS\PSMNRMNET.sys [63744 2011-10-07] (DEVGURU Co., LTD.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-09] (Avast Software) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 21:13 - 2015-01-26 21:13 - 00012717 _____ () C:\Users\Agent86\Downloads\FRST.txt 2015-01-26 20:31 - 2015-01-26 20:31 - 00000197 _____ () C:\Windows\system32\2015-01-27-01-31-48.076-AvastVBoxSVC.exe-5032.log 2015-01-26 17:02 - 2015-01-26 17:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-26 17:02 - 2015-01-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-26 16:50 - 2015-01-26 17:08 - 00000000 ____D () C:\Program Files (x86)\iRacing 2015-01-26 16:42 - 2015-01-26 16:42 - 00000197 _____ () C:\Windows\system32\2015-01-26-21-42-12.062-AvastVBoxSVC.exe-3860.log 2015-01-26 16:32 - 2015-01-26 16:32 - 02129920 _____ (Farbar) C:\Users\Agent86\Downloads\FRST64.exe 2015-01-26 16:28 - 2015-01-26 16:28 - 00001258 _____ () C:\Users\Agent86\Desktop\fixlist.txt 2015-01-26 15:32 - 2015-01-26 15:32 - 00000197 _____ () C:\Windows\system32\2015-01-26-20-32-53.047-AvastVBoxSVC.exe-2760.log 2015-01-26 15:20 - 2015-01-26 15:20 - 00070222 _____ () C:\ComboFix.txt 2015-01-26 15:17 - 2015-01-26 15:17 - 00000197 _____ () C:\Windows\system32\2015-01-26-20-17-01.024-AvastVBoxSVC.exe-2532.log 2015-01-26 15:14 - 2015-01-26 20:29 - 00000672 _____ () C:\Windows\setupact.log 2015-01-26 15:14 - 2015-01-26 15:14 - 00001270 _____ () C:\Windows\PFRO.log 2015-01-26 15:14 - 2015-01-26 15:14 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-26 15:03 - 2015-01-26 15:20 - 00000000 ____D () C:\ComboFix 2015-01-26 15:01 - 2015-01-26 15:02 - 05609462 ____R (Swearware) C:\Users\Agent86\Downloads\ComboFix.exe 2015-01-26 13:56 - 2015-01-26 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 13:25 - 2015-01-26 13:25 - 00000197 _____ () C:\Windows\system32\2015-01-26-18-25-11.099-AvastVBoxSVC.exe-3276.log 2015-01-25 13:01 - 2015-01-25 13:02 - 00002114 _____ () C:\Users\Agent86\Desktop\Rkill.txt 2015-01-25 13:00 - 2015-01-25 13:00 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Agent86\Downloads\rkill.exe 2015-01-25 11:46 - 2015-01-25 11:46 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-46-24.042-AvastVBoxSVC.exe-3632.log 2015-01-25 11:16 - 2015-01-25 11:16 - 00000197 _____ () C:\Windows\system32\2015-01-25-16-16-48.021-AvastVBoxSVC.exe-3344.log 2015-01-25 09:49 - 2015-01-25 09:49 - 00000197 _____ () C:\Windows\system32\2015-01-25-14-49-24.062-AvastVBoxSVC.exe-3268.log 2015-01-24 20:28 - 2015-01-24 20:28 - 00000247 _____ () C:\Windows\system32\2015-01-25-01-28-30.024-aswFe.exe-4772.log 2015-01-24 20:21 - 2015-01-24 20:28 - 00000247 _____ () C:\Windows\system32\2015-01-25-01-21-39.096-aswFe.exe-1812.log 2015-01-24 20:21 - 2015-01-24 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-25-01-21-29.079-AvastVBoxSVC.exe-5960.log 2015-01-24 18:03 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-24 18:03 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-24 18:03 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-24 18:03 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-24 18:03 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-24 18:03 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-24 18:03 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-24 18:03 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-24 18:02 - 2015-01-26 15:20 - 00000000 ____D () C:\Qoobox 2015-01-24 18:02 - 2015-01-26 15:12 - 00000000 ____D () C:\Windows\erdnt 2015-01-24 17:54 - 2015-01-24 17:54 - 00023080 _____ () C:\Users\Agent86\Documents\cc_20150124_175443.reg 2015-01-24 17:48 - 2015-01-24 17:48 - 00000197 _____ () C:\Windows\system32\2015-01-24-22-48-53.047-AvastVBoxSVC.exe-3428.log 2015-01-24 15:06 - 2015-01-24 15:06 - 00000197 _____ () C:\Windows\system32\2015-01-24-20-06-02.064-AvastVBoxSVC.exe-3804.log 2015-01-23 19:35 - 2015-01-23 19:35 - 00000197 _____ () C:\Windows\system32\2015-01-24-00-35-37.041-AvastVBoxSVC.exe-2988.log 2015-01-23 17:07 - 2015-01-23 17:07 - 00000197 _____ () C:\Windows\system32\2015-01-23-22-07-33.044-AvastVBoxSVC.exe-3184.log 2015-01-23 10:00 - 2015-01-23 10:00 - 00000197 _____ () C:\Windows\system32\2015-01-23-15-00-50.006-AvastVBoxSVC.exe-3360.log 2015-01-23 09:53 - 2015-01-09 17:27 - 00621200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2015-01-23 09:51 - 2015-01-12 23:15 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 32102544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 25459856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 24765584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 20465296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 16009120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 13295552 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 13210248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 10774544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 10714488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 10274448 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2015-01-23 09:51 - 2015-01-10 03:07 - 03607184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 03245712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00994712 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00969360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00942736 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00929424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00906384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00877488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00496456 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00353040 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00305320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2015-01-23 09:51 - 2015-01-10 03:07 - 00027441 _____ () C:\Windows\system32\nvinfo.pb 2015-01-23 09:42 - 2015-01-23 09:43 - 00000197 _____ () C:\Windows\system32\2015-01-23-14-42-58.052-AvastVBoxSVC.exe-2992.log 2015-01-22 13:46 - 2015-01-22 13:47 - 00000197 _____ () C:\Windows\system32\2015-01-22-18-46-37.066-AvastVBoxSVC.exe-2160.log 2015-01-21 13:55 - 2015-01-21 13:55 - 00000197 _____ () C:\Windows\system32\2015-01-21-18-55-47.060-AvastVBoxSVC.exe-3344.log 2015-01-20 16:33 - 2015-01-20 16:33 - 00000000 ____D () C:\Users\Agent86\AppData\Local\ORPALIS 2015-01-20 16:29 - 2015-01-20 16:29 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Downloaded Installations 2015-01-20 15:42 - 2015-01-20 15:42 - 00000197 _____ () C:\Windows\system32\2015-01-20-20-42-28.041-AvastVBoxSVC.exe-4092.log 2015-01-20 15:16 - 2015-01-20 15:16 - 00003228 _____ () C:\Windows\System32\Tasks\{120443CF-9FB2-4274-8110-7A74B925A341} 2015-01-20 15:16 - 2007-06-27 11:32 - 00634880 _____ (Hewlett-Packard) C:\Windows\system32\hpgt7800.dll 2015-01-20 10:21 - 2015-01-20 10:21 - 00000197 _____ () C:\Windows\system32\2015-01-20-15-21-38.085-AvastVBoxSVC.exe-4104.log 2015-01-19 19:27 - 2015-01-19 19:27 - 00003205 _____ () C:\Users\Agent86\.recently-used.xbel 2015-01-19 10:21 - 2015-01-19 10:21 - 00000197 _____ () C:\Windows\system32\2015-01-19-15-21-34.005-AvastVBoxSVC.exe-1120.log 2015-01-18 09:24 - 2015-01-18 09:24 - 00000197 _____ () C:\Windows\system32\2015-01-18-14-24-03.032-AvastVBoxSVC.exe-2144.log 2015-01-17 15:35 - 2015-01-17 15:36 - 00000197 _____ () C:\Windows\system32\2015-01-17-20-35-28.099-AvastVBoxSVC.exe-3252.log 2015-01-16 09:16 - 2015-01-16 09:16 - 00000197 _____ () C:\Windows\system32\2015-01-16-14-16-48.044-AvastVBoxSVC.exe-4460.log 2015-01-16 07:50 - 2015-01-16 07:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-12-50-08.033-AvastVBoxSVC.exe-3136.log 2015-01-15 15:34 - 2015-01-15 15:34 - 00000197 _____ () C:\Windows\system32\2015-01-15-20-34-01.065-AvastVBoxSVC.exe-4196.log 2015-01-14 16:24 - 2015-01-14 16:24 - 00000197 _____ () C:\Windows\system32\2015-01-14-21-24-15.062-AvastVBoxSVC.exe-3716.log 2015-01-14 12:18 - 2015-01-14 12:18 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-18-53.083-AvastVBoxSVC.exe-3176.log 2015-01-14 12:08 - 2015-01-14 12:08 - 00000197 _____ () C:\Windows\system32\2015-01-14-17-08-49.028-AvastVBoxSVC.exe-3048.log 2015-01-14 12:01 - 2015-01-23 17:03 - 00000000 ____D () C:\AdwCleaner 2015-01-14 11:22 - 2015-01-14 11:22 - 00000197 _____ () C:\Windows\system32\2015-01-14-16-22-16.007-AvastVBoxSVC.exe-3220.log 2015-01-14 08:21 - 2015-01-14 08:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-21-50.076-AvastVBoxSVC.exe-4060.log 2015-01-14 08:06 - 2014-12-13 05:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2015-01-14 08:06 - 2014-12-13 05:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2015-01-14 08:06 - 2014-10-09 12:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2015-01-14 08:06 - 2014-10-09 12:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2015-01-14 08:06 - 2014-10-09 02:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll 2015-01-14 08:02 - 2015-01-14 08:02 - 00000197 _____ () C:\Windows\system32\2015-01-14-13-02-02.064-AvastVBoxSVC.exe-2912.log 2015-01-13 17:07 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-13 17:07 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-13 17:07 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-13 17:07 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-13 17:07 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-13 17:07 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-13 17:07 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-13 17:07 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-13 17:07 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-13 17:07 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-13 17:07 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-13 17:07 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-13 17:07 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-13 13:42 - 2015-01-13 13:42 - 00000197 _____ () C:\Windows\system32\2015-01-13-18-42-25.051-AvastVBoxSVC.exe-3028.log 2015-01-12 13:22 - 2015-01-12 13:23 - 00000197 _____ () C:\Windows\system32\2015-01-12-18-22-42.075-AvastVBoxSVC.exe-4296.log 2015-01-11 09:30 - 2015-01-11 09:31 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-30-58.063-AvastVBoxSVC.exe-4652.log 2015-01-10 09:14 - 2015-01-10 09:14 - 00000197 _____ () C:\Windows\system32\2015-01-10-14-14-13.021-AvastVBoxSVC.exe-1960.log 2015-01-09 14:50 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-50-06.058-aswFe.exe-5204.log 2015-01-09 14:41 - 2015-01-09 14:50 - 00000247 _____ () C:\Windows\system32\2015-01-09-19-41-22.065-aswFe.exe-3144.log 2015-01-09 14:41 - 2015-01-09 14:41 - 00000197 _____ () C:\Windows\system32\2015-01-09-19-41-16.072-AvastVBoxSVC.exe-3900.log 2015-01-09 14:30 - 2015-01-09 14:30 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\AVAST Software 2015-01-09 14:28 - 2015-01-09 14:28 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-01-09 14:28 - 2015-01-09 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-01-09 14:27 - 2015-01-26 20:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-09 14:27 - 2015-01-09 14:28 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-09 14:27 - 2015-01-09 14:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-09 14:26 - 2015-01-09 14:27 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-09 14:26 - 2015-01-09 14:26 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-09 14:26 - 2015-01-09 14:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-09 14:24 - 2015-01-09 14:24 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-06 15:31 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-12-31 22:32 - 2014-12-31 22:32 - 00000000 ____D () C:\Users\Public\Documents\Arc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 21:13 - 2014-12-22 13:20 - 00000000 ____D () C:\FRST 2015-01-26 20:36 - 2013-05-24 15:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-26 20:36 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-26 20:36 - 2009-07-13 23:45 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-26 20:32 - 2013-05-25 04:43 - 01938713 _____ () C:\Windows\WindowsUpdate.log 2015-01-26 20:29 - 2013-05-24 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-26 20:29 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-26 17:03 - 2013-10-18 16:23 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-26 17:02 - 2013-06-22 19:27 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-26 16:40 - 2014-12-22 08:50 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-01-26 16:38 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2015-01-26 15:30 - 2013-05-24 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-26 15:15 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini 2015-01-26 13:38 - 2014-12-20 18:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-26 13:35 - 2014-12-22 21:29 - 00000000 ____D () C:\Users\Agent86\AppData\Local\CrashDumps 2015-01-26 13:34 - 2013-05-26 15:59 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Unity 2015-01-25 13:06 - 2014-12-18 16:54 - 00000000 ____D () C:\Program Files\Java 2015-01-25 11:06 - 2014-12-22 13:23 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-01-25 11:02 - 2014-03-30 13:39 - 00000000 ____D () C:\Users\Agent86\AppData\Local\Apps\2.0 2015-01-24 20:55 - 2013-05-24 13:45 - 00000000 ____D () C:\Users\Agent86 2015-01-24 18:14 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default 2015-01-24 17:53 - 2014-05-02 11:55 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-24 16:36 - 2013-05-24 15:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 16:36 - 2013-05-24 15:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 16:36 - 2013-05-24 15:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-23 19:32 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SchCache 2015-01-23 12:33 - 2014-05-02 13:26 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-23 10:15 - 2014-12-22 08:50 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\jellylam 2015-01-23 10:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-23 09:54 - 2013-05-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-01-23 09:53 - 2013-05-25 19:18 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\TS3Client 2015-01-21 22:55 - 2014-11-19 13:38 - 00000000 ___RD () C:\Users\Agent86\Dropbox 2015-01-21 22:55 - 2014-11-19 13:36 - 00000000 ____D () C:\Users\Agent86\AppData\Roaming\Dropbox 2015-01-19 19:44 - 2014-09-06 13:34 - 00000000 ____D () C:\Users\Agent86\Documents\iRacing 2015-01-17 16:50 - 2013-05-24 13:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-16 09:16 - 2013-09-30 17:24 - 00000008 __RSH () C:\Users\Agent86\ntuser.pol 2015-01-16 01:41 - 2014-06-23 15:28 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2015-01-16 01:41 - 2014-06-23 15:28 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2015-01-16 01:41 - 2014-04-19 14:27 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2015-01-16 01:41 - 2014-04-19 14:27 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2015-01-15 15:46 - 2013-08-14 20:15 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 15:42 - 2013-05-25 10:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-10 03:07 - 2014-11-28 10:36 - 02902456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2015-01-10 03:07 - 2014-01-16 16:33 - 17250776 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2015-01-10 03:07 - 2013-10-27 09:12 - 18566296 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2015-01-10 03:07 - 2013-05-24 14:06 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2015-01-10 03:07 - 2013-05-24 14:06 - 00060744 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2015-01-10 03:07 - 2013-02-25 23:32 - 14115944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2015-01-10 03:07 - 2013-02-25 23:32 - 03298816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2015-01-09 18:30 - 2013-05-24 14:06 - 06860432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2015-01-09 18:30 - 2013-05-24 14:06 - 03517256 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2015-01-09 18:29 - 2013-05-24 14:06 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2015-01-09 18:29 - 2013-05-24 14:06 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2015-01-09 18:29 - 2013-05-24 14:06 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2015-01-09 18:29 - 2013-05-24 14:06 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2015-01-09 14:47 - 2013-05-24 14:06 - 04173527 _____ () C:\Windows\system32\nvcoproc.bin 2015-01-09 14:24 - 2013-05-24 15:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-09 14:20 - 2013-05-24 14:07 - 00000000 ____D () C:\ProgramData\McAfee 2015-01-09 14:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web 2015-01-06 11:30 - 2009-07-14 00:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-06 04:36 - 2013-05-24 14:26 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2014-08-09 11:58 - 2014-08-07 23:58 - 0000044 ____H () C:\Program Files (x86)\521ff3bb.tmp 2014-12-22 08:45 - 2014-12-22 08:45 - 0000036 _____ () C:\Users\Agent86\AppData\Local\housecall.guid.cache 2013-11-22 21:38 - 2014-09-25 14:40 - 0007601 _____ () C:\Users\Agent86\AppData\Local\resmon.resmoncfg 2014-12-18 18:32 - 2014-12-18 18:32 - 0000376 _____ () C:\Users\Agent86\AppData\Local\VC2MmUT.vbs 2014-12-25 09:37 - 2014-12-25 11:05 - 0000022 _____ () C:\ProgramData\droidcam-settings ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-25 13:47 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01 Ran by Agent86 at 2015-01-26 21:13:43 Running from C:\Users\Agent86\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) AirMech (HKLM-x32\...\Steam App 206500) (Version: - Carbon Games) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) ASRock eXtreme Tuner v0.1.381.1 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.) ATI Catalyst Install Manager (HKLM\...\{2770B8D8-701A-1D22-635F-8711DFC06B92}) (Version: 3.0.762.0 - ATI Technologies, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Avconv (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\309e5e15afa98792) (Version: 1.0.0.1 - Koxx) Battle Nations (HKLM-x32\...\Steam App 251670) (Version: - Z2) Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.3 - Broadcom Corporation) Cannons Lasers Rockets (HKLM-x32\...\Steam App 265770) (Version: - Net Games Laboratory) CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform) CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Dropbox (HKU\S-1-5-21-2993030579-955168000-2236405169-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.105 - Etron Technology) Etron USB3.0 Host Controller (x32 Version: 0.105 - Etron Technology) Hidden Evochron Mercenary (HKLM-x32\...\Evochron Mercenary_is1) (Version: - StarWraith 3D Games LLC) Evolution RTS (HKLM-x32\...\Steam App 291150) (Version: - Frozen Yak Entertainment) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.) Gaming Mouse (HKLM-x32\...\{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1) (Version: - ) Geany 1.23.1 (HKLM-x32\...\Geany) (Version: 1.23.1 - The Geany developer team) HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games) iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0516 - iRacing.com Motorsport Simulations) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) March of War (HKLM-x32\...\Steam App 234310) (Version: - ISOTX) MechWarrior Online (HKLM-x32\...\{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}) (Version: 1.4.1.0 - Piranha Games Inc.) MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Moon Breakers (HKLM-x32\...\Steam App 208030) (Version: - Imba Entertainment) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden NASCAR '14 (HKLM-x32\...\Steam App 254130) (Version: - Eutechnyx) NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) OANDA - MetaTrader (HKLM-x32\...\OANDA - MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf) Pantech Android USB Driver Ver1 (HKLM\...\{19E88D03-44D4-46aa-9F3C-D6CFC035BFE6}) (Version: 1.1.0.0 - Pantech) Pantech PC Suite (HKLM-x32\...\Pantech PC Suite) (Version: 1.1.1.3437 - MobileLeader) PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.2-1.0.11364.75 - raidcall.com) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Star Conflict Launcher 1.0.1.18 (HKLM-x32\...\StarConflictLauncher_is1) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster) Trading Paints (HKLM-x32\...\{03C0A801-FC2F-442C-A0BD-DB63B373DE27}) (Version: 1.1.1 - Shawn05.com) War Thunder Launcher 1.0.1.199 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - 2012 Gaijin Entertainment Corporation) Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version: - Eugen Systems) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813NA}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2993030579-955168000-2236405169-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-12-2014 15:42:50 Windows Update 18-12-2014 16:53:59 Installed Java SE Development Kit 7 Update 71 (64-bit) 18-12-2014 16:55:14 Installed Java 7 Update 71 (64-bit) 18-12-2014 23:05:44 Installed Pantech Burst OS Upgrade Tool 20-12-2014 19:27:00 avast! antivirus system restore point 20-12-2014 20:35:31 Removed Pantech Burst OS Upgrade Tool 20-12-2014 20:36:20 Removed PingPlotter Standard 3.42.3s 22-12-2014 08:36:41 avast! antivirus system restore point 22-12-2014 21:26:48 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 22-12-2014 21:27:38 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 25-12-2014 09:14:45 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers 25-12-2014 09:15:42 Device Driver Package Install: Dev47Apps.com Sound, video and game controllers 26-12-2014 21:29:15 McAfee Vulnerability Scanner 02-01-2015 19:29:55 McAfee Vulnerability Scanner 09-01-2015 14:23:38 avast! antivirus system restore point 10-01-2015 10:00:48 Windows Update 13-01-2015 17:03:35 Windows Update 13-01-2015 22:35:17 Windows Update 15-01-2015 15:42:06 Windows Update 17-01-2015 16:49:35 Removed Arc 20-01-2015 10:23:49 Windows Update 23-01-2015 10:28:44 Windows Update 25-01-2015 13:05:32 Removed Java 7 Update 71 (64-bit) 25-01-2015 13:06:38 Removed Java SE Development Kit 7 Update 71 (64-bit) 25-01-2015 13:07:49 Removed Java 7 Update 71 26-01-2015 16:49:47 Installed iRacing.com Race Simulation 26-01-2015 16:52:20 Installed iRacing.com Race Simulation 26-01-2015 16:57:02 Configured iRacing.com Race Simulation 26-01-2015 17:04:43 Configured iRacing.com Race Simulation ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2015-01-26 15:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {021EF2CB-EB93-48DF-AFBD-9492D759D600} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software) Task: {5CB524E1-70E9-44AD-8B93-16DE8EE136C4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated) Task: {5F5993EF-D94F-4DF2-BE9E-8953F2CD6670} - System32\Tasks\{EBD40329-5032-4591-AB22-A5CEF5BC3B52} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {910D1BCB-AAFB-4352-B2CC-9433025E1334} - System32\Tasks\{120443CF-9FB2-4274-8110-7A74B925A341} => pcalua.exe -a C:\Users\Agent86\Downloads\hp_scanjet7800_20\setup_basic_7800.exe -d C:\Users\Agent86\Downloads\hp_scanjet7800_20 Task: {CA7C18C9-A6EE-427C-B832-684C557D8AD3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-24 14:06 - 2015-01-09 18:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-04-19 14:27 - 2015-01-16 01:42 - 00715080 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll 2014-04-19 14:27 - 2015-01-16 01:42 - 00854344 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll 2014-01-16 16:18 - 2013-04-11 09:24 - 00262656 _____ () C:\Program Files (x86)\Gaming Mouse\hid.exe 2014-01-16 16:18 - 2013-03-08 17:39 - 00256512 _____ () C:\Program Files (x86)\Gaming Mouse\trayicon.exe 2015-01-09 14:25 - 2015-01-09 14:25 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-01-09 14:25 - 2015-01-09 14:25 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2015-01-26 13:25 - 2015-01-26 13:25 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012601\algo.dll 2015-01-09 14:25 - 2015-01-09 14:25 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2014-01-16 16:18 - 2013-01-15 17:06 - 00061952 _____ () C:\Program Files (x86)\Gaming Mouse\HidDevice.dll 2015-01-09 14:26 - 2015-01-09 14:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-16 16:18 - 2011-11-22 14:18 - 00249856 _____ () C:\Program Files (x86)\Gaming Mouse\language.dll 2015-01-26 13:56 - 2015-01-26 13:56 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2993030579-955168000-2236405169-500 - Administrator - Disabled) Agent86 (S-1-5-21-2993030579-955168000-2236405169-1000 - Administrator - Enabled) => C:\Users\Agent86 Guest (S-1-5-21-2993030579-955168000-2236405169-501 - Limited - Disabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/25/2015 01:47:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/25/2015 01:17:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 35.0.0.5486, time stamp: 0x54af7153 Faulting module name: mozalloc.dll, version: 35.0.0.5486, time stamp: 0x54af69d4 Exception code: 0x80000003 Fault offset: 0x00001425 Faulting process id: 0x14c0 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (01/25/2015 11:57:26 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (01/23/2015 00:32:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ENGINE.EXE, version: 0.0.0.47437, time stamp: 0x54b37453 Faulting module name: nmconew.dll_unloaded, version: 0.0.0.0, time stamp: 0x5178a4ff Exception code: 0xc0000005 Fault offset: 0x2069698d Faulting process id: 0x1130 Faulting application start time: 0xENGINE.EXE0 Faulting application path: ENGINE.EXE1 Faulting module path: ENGINE.EXE2 Report Id: ENGINE.EXE3 Error: (01/23/2015 10:03:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce Exception code: 0xc0000005 Fault offset: 0x00052043 Faulting process id: 0xc4c Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (01/23/2015 10:01:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce Exception code: 0xc0000005 Fault offset: 0x00052043 Faulting process id: 0xd58 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (01/23/2015 10:01:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce Exception code: 0xc0000005 Fault offset: 0x00052043 Faulting process id: 0x1580 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (01/23/2015 10:01:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce Exception code: 0xc0000005 Fault offset: 0x00052043 Faulting process id: 0x15d0 Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (01/23/2015 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc Faulting module name: ZMODOOCX.ocx, version: 1.1.6.33, time stamp: 0x5369e8ce Exception code: 0xc0000005 Fault offset: 0x00052043 Faulting process id: 0x147c Faulting application start time: 0xIEXPLORE.EXE0 Faulting application path: IEXPLORE.EXE1 Faulting module path: IEXPLORE.EXE2 Report Id: IEXPLORE.EXE3 Error: (01/23/2015 09:50:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Error: (01/26/2015 08:29:46 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (01/26/2015 03:13:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2015 03:12:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2015 03:12:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iRacing.com Helper Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/26/2015 03:12:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2015 03:12:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (01/26/2015 03:12:00 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (01/26/2015 03:09:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/26/2015 03:04:35 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (01/26/2015 03:04:35 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Microsoft Office Sessions: ========================= Error: (01/25/2015 01:47:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe Error: (01/25/2015 01:17:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d4800000030000142514c001d038cb08e2da28C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll79521fe8-a4be-11e4-88a7-bc5ff49bd49f Error: (01/25/2015 11:57:26 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\ccleaner.exe Error: (01/23/2015 00:32:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: ENGINE.EXE0.0.0.4743754b37453nmconew.dll_unloaded0.0.0.05178a4ffc00000052069698d113001d03731387d8d6cC:\Program Files (x86)\Steam\steamapps\common\Combat Arms\ENGINE.EXEnmconew.dllbbef4296-a325-11e4-99da-bc5ff49bd49f Error: (01/23/2015 10:03:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043c4c01d0371dad77b5c2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxeefb58f3-a310-11e4-99da-bc5ff49bd49f Error: (01/23/2015 10:01:55 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043d5801d0371d8179454eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxc496552e-a310-11e4-99da-bc5ff49bd49f Error: (01/23/2015 10:01:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043158001d0371d7404de25C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxb52babab-a310-11e4-99da-bc5ff49bd49f Error: (01/23/2015 10:01:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec00000050005204315d001d0371d646cfa7dC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocxa5a93465-a310-11e4-99da-bc5ff49bd49f Error: (01/23/2015 10:00:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17496546fddccZMODOOCX.ocx1.1.6.335369e8cec000000500052043147c01d0371d3e21105fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\DOWNLO~1\ZMODOOCX.ocx8faa1684-a310-11e4-99da-bc5ff49bd49f Error: (01/23/2015 09:50:05 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\ccleaner.exe CodeIntegrity Errors: =================================== Date: 2015-01-26 15:12:00.360 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:12:00.313 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:12:00.251 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:12:00.204 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:04:35.525 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:04:35.479 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:04:35.416 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-26 15:04:35.354 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-24 18:11:35.572 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-01-24 18:11:35.525 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-8350 Eight-Core Processor Percentage of memory in use: 14% Total physical RAM: 16341.63 MB Available physical RAM: 14001.01 MB Total Pagefile: 32681.45 MB Available Pagefile: 30031.59 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:494.73 GB) (Free:140.53 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: C7DE05E6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=494.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=436.7 GB) - (Type=05) ==================== End Of Log ============================

Scan for VirusTotal seems ok Results https://www.virustotal.com/en/file/362e960bd1d1c984aa09b116ef734df02824589ae7b992a8705961b0d0d92ecc/analysis/ c:\users\Agent86\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

I do not see anything in the ComboFix folder it appears empty. Here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01 Ran by Agent86 at 2015-01-26 16:38:51 Run:2 Running from C:\Users\Agent86\Downloads Loaded Profiles: Agent86 (Available profiles: Agent86) Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2993030579-955168000-2236405169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2993030579-955168000-2236405169-1000 -> {2AAC893C-3A01-41CA-BBD9-D721BFDCA843} URL = https://search.yahoo...p={SearchTerms} Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab DPF: HKLM-x32 {D9305048-DD6B-4EDF-8706-096EBE24E1D7} http://192.168.1.6/IPCWeb.cab Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - No File FF Homepage: my.yahoo.com FF Keyword.URL: https://search.yahoo...US0D20141222&p= ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2993030579-955168000-2236405169-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2993030579-955168000-2236405169-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2AAC893C-3A01-41CA-BBD9-D721BFDCA843}" => Key deleted successfully. HKCR\CLSID\{2AAC893C-3A01-41CA-BBD9-D721BFDCA843} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{D9305048-DD6B-4EDF-8706-096EBE24E1D7}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{D9305048-DD6B-4EDF-8706-096EBE24E1D7}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\tmtbim" => Key deleted successfully. HKCR\CLSID\{0B37915C-8B98-4B9E-80D4-464D2C830D10} => Key not found. Firefox homepage deleted successfully. Firefox Keyword.URL deleted successfully. The system needed a reboot. ==== End of Fixlog 16:38:51 ====

Ok, I downloaded java 8 and installed, then re-enabled the iRacing I know you don't want me to go to that site, but it's the only real reason I use Windows at all LOL