Infected with ransomware and fsquirt/sftwed redirect

[MrCharlie]

Download, unzip and run zoek.exe:

http://hijackthis.nl/smeenk/

Click on Options

Check these boxes: Firefox Defaults, Reset Chrome and IE Defaults

Now click Run Script

Posy back the log, MrC

[adams2k5]

Done. Here is the log:

Zoek.exe Version 4.0.0.2 Updated 08-April-2013

Tool run by Ben on 09/04/2013 at 14:37:16.41.

Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

==== FireFox Fix ======================

Deleted from C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com/firefox");

user_pref("browser.newtab.url", "http://www.google.com/firefox");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?ie=UTF-8&oe=utf-8&q=");

Added to C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\prefs.js:

user_pref("browser.startup.homepage", "http://www.google.com");

user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.newtab.url", "http://www.google.com/");

user_pref("browser.search.defaultengine", "Google");

user_pref("browser.search.defaultenginename", "Google");

user_pref("browser.search.selectedEngine", "Google");

user_pref("browser.search.order.1", "Google");

user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

user_pref("browser.search.suggest.enabled", true);

user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default

- avast WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default

47299371607DC2FB234444EEACB1639E - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash

05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U17

D4BD9F86123C87ECA570418B69326F99 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2

F00A0EF5835E1B96F783D617F1948704 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

E0FF893763BA82BAABB869A351F0C455 - C:\Users\Ben\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

1AE38ADC21A906A6E368FB48FE96C1B6 - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll - Uplay PC Hub Plugin

7CC1570DA7C80FF095323F2C0D956C49 - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll - Uplay PC

A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In

75A1232EAC640B782CDD2132B5271AA8 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll - NVIDIA 3D VISION

D7EFF0B98C370E03D7E2593399D9B669 - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll - NVIDIA 3D Vision

A843FC35574ECFD9E7A41C5505A9921B - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

BB7F5F4966E76578A3EC0D11C444C545 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

16112E74A62381C69456566D35F9E51E - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

7B1737B3D1A4FA6FB8DF43929106B916 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

CBC91E9FD4421FCB0F874AAD6D95D1BE - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

D92439F245AD2761B240C448194D0834 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

8FE7BA502945BE735D09D5703BD76FDA - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll - Shockwave for Director / Shockwave for Director

EB04F7516DBDA486299260A13624FEDD - C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player

F9AE1AD5CC7F73827B64A05A44902B07 - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll - Winamp Application Detector

0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery

A4ECCDA55B85DEDE48BB10E461380E6C - C:\Program Files\GameSpy\Comrade\npcomrade.dll - Comrade Plugin

855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

4C5F06B81921BD513429E354E1E3E981 - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll - BYOND stub plugin for Mozilla

11EF47BE3D8A4A943E10A63870C1F2C6 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.7.3

BB7F5F4966E76578A3EC0D11C444C545 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.7.3

16112E74A62381C69456566D35F9E51E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.3

BB28A86CDFFFBB041C72AD9EFEAA00D0 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.3

7B1737B3D1A4FA6FB8DF43929106B916 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.3

CBC91E9FD4421FCB0F874AAD6D95D1BE - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.3

D92439F245AD2761B240C448194D0834 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.3

F647D0BEA553C1D0C251CE07DA6A5511 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat

DB988B4550DB9BCE86F9199D961057FC - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

E0FF893763BA82BAABB869A351F0C455 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

4C5F06B81921BD513429E354E1E3E981 - C:\Program Files\BYOND\bin\npbyond.dll - BYOND stub plugin for Mozilla

2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.co.uk/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{4E38E9E7-1452-4fff-B85D-4E75C4456A13}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{0990C061-9F14-42AC-B29C-01EEB98DC13F} Bing Url="http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH"

{4E38E9E7-1452-4fff-B85D-4E75C4456A13} Google Url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"

{CF285E56-5626-419b-8BB2-B620F6B551BB} Yahoo Url="http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV"

==== Reset Google Chrome ======================

C:\users\Ben\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\Ben\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

[MrCharlie]

Any difference???

When did this all start??

Do you have any Bluetooth items on the system??

MrC

[adams2k5]

No luck I'm afraid, still pops up on boot. Started around the same time the problem with wscript did, about a couple of months ago. I have no Bluetooth devices connected or available.

[MrCharlie]

For now.......Make sure this file and folder have been deleted:

C:\Users\Ben\AppData\Roaming\bbd9\adcf.js

--------------------------------

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[adams2k5]

Had a quick look and there doesn't seem to be any instances of that file anywhere. I ran security check. Here is the log:

Results of screen317's Security Check version 0.99.62

Windows 7 Service Pack 1 x86 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

avast! Antivirus

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 7 Update 17

Adobe Flash Player 11.6.602.180

Adobe Reader 10.1.6 Adobe Reader out of Date!

Mozilla Firefox (for.)

Google Chrome 26.0.1410.43

Google Chrome 26.0.1410.64

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[MrCharlie]

At some point, update Adobe:

Adobe Reader 10.1.6 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.

--------------------------

Do this now though:

Google Chrome 26.0.1410.43 <---Old

Google Chrome 26.0.1410.64 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7 users must use “Run As Administrator.”

----------------------

This is an old version: (should be 1.75.0.1300)

Malwarebytes Anti-Malware version 1.65.1.1000

If you check for updates, the new version should be automatically download, just open up Malwarebytes and it will install.

If not, you can download the latest version here:

http://fileforum.bet...re/1186760019/1

Install it, update and do a Full Scan (will take some time to do)

Post the log if it finds anything, MrC

[adams2k5]

Updated and done. MBAM found a trace it always keeps finding. The file keeps on cropping up after every sweep ive done with it, and removed it countless times. Here is the log:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.13.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16540

Ben :: BEN-PC [administrator]

13/04/2013 14:36:30

mbam-log-2013-04-13 (14-36-30).txt

Scan type: Full scan (C:\|D:\|E:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 1511580

Time elapsed: 1 day(s), 19 hour(s), 37 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

This is a strange one, this is a long shot but download and install SpywareBlaster:

http://www.brightfort.com/spywareblaster.html

Here's tutorial:

http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

Under tools there's an option to lock in your homepage, etc.

Let me know....MrC

[adams2k5]

I have run SpywareBlaster and set it to block cookies, scripts, restricted sites and active X. However fsquirt.exe is still popping up whenever windows explorer starts. Could it be rooted somewhere in the explorer files or startup programs themselves?

[MrCharlie]

I'm not sure where it is, I don't see any thing in the logs.

You once said you disabled it in the registry, where did you do that?

MrC

[adams2k5]

I found the keys for IE and manually re-entered the homepage settings etc to prevent it from hijacking the page, it didn't work consistently, and then not at all. I seem to recall having to make a new registry key to try and override it. Il find it and try it again. The hijacker was originally redirecting anything to sftwred and anything that was put in the address bar would go there also. The site has since disappeared but something is still continuing to carry out the redirect.

[MrCharlie]

Here's what I suggest you try.

Download and install Starter:

http://www.softpedia...k/Starter.shtml

With this program you'll be able to disable an item and see if it has any effect on the problem.

There's three sections..Startups, Processes and Services.

I would start with Startups and then Processes

Just be careful of what you disable, you don't want to disable anything that would prevent Windows from working.

Let me know.....MrC

[MrCharlie]

New scanner out...please run it and post the logs:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

MrC

[adams2k5]

I ran Starter but no luck there, fsquirt still pops up whenever explorer starts.

I have also run Farbar. Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02

Ran by Ben (administrator) on 22-04-2013 20:22:24

Running from C:\Users\Ben\Desktop

Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) [1000] C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) [1024] C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) [1160] C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) [1644] C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) [1676] C:\Windows\system32\nvvsvc.exe

(AVAST Software) [1976] C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) [2232] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Realtek) [2300] C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe

(LogMeIn Inc.) [2356] C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) [2468] c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

() [2724] C:\Windows\system32\PnkBstrA.exe

(Microsoft Corporation) [2856] c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corp.) [2988] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(O&O Software GmbH) [3132] C:\Program Files\OO Software\CleverCache\ooccag.exe

(Microsoft Corp.) [3252] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) [1900] C:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) [1012] C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Realtek Semiconductor) [560] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(http://tortoisesvn.net) [1348] C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(Splashtop Inc.) [2780] C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

(Intel Corporation) [1452] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Microsoft Corporation) [3032] C:\Program Files\Microsoft Security Client\msseces.exe

(AVAST Software) [756] C:\Program Files\AVAST Software\Avast\AvastUI.exe

(LogMeIn Inc.) [1512] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

(O&O Software GmbH) [2968] C:\Program Files\OO Software\CleverCache\ooccctrl.exe

(Apple Inc.) [3616] C:\Program Files\iTunes\iTunesHelper.exe

(Sun Microsystems, Inc.) [1076] C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) [3964] C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) [4092] C:\Windows\system32\wbem\unsecapp.exe

(NVIDIA Corporation) [1988] C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtime Soft Ltd) [2760] C:\Program Files\UltraMon\UltraMon.exe

(Dropbox, Inc.) [3700] C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Realtime Soft Ltd) [4120] C:\Program Files\UltraMon\UltraMonTaskbar.exe

(ASUSTeK Computer Inc.) [4212] C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtWlan.exe

(AddGadgets) [4536] C:\Users\Ben\Downloads\PCMeter\PCMeter\PCMeterV0.3.exe

(Realtime Soft Ltd) [5256] C:\Program Files\UltraMon\UltraMonUiAcc.exe

(Apple Inc.) [5336] C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) [4752] C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems, Inc.) [5788] C:\Users\Ben\Desktop\flashplayer_11_sa_32bit.exe

(Microsoft Corporation) [5080] C:\Program Files\Internet Explorer\iexplore.exe

(Farbar) [6880] C:\Users\Ben\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10959464 2012-01-16] (Realtek Semiconductor)

HKLM\...\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2011-12-16] (Intel Corporation)

HKLM\...\Run: [uSB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation)

HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-12-10] (LogMeIn Inc.)

HKLM\...\Run: [OOCCCTRL.EXE] "C:\Program Files\OO Software\CleverCache\ooccctrl.exe" /tasktray [2901320 2010-12-08] (O&O Software GmbH)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM\...\Winlogon: [system]

HKCU\...\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1174016 2010-11-20] (Microsoft Corporation)

HKU\UpdatusUser\...\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKCU - {CF285E56-5626-419b-8BB2-B620F6B551BB} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

PDF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

PDF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

PDF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

PDF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

PDF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

PDF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab

PDF: {D27CDB6E-AE6D-11CF-96B8-444553560000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

PDF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Winsock: Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default

FF SearchEngine: Google

FF Homepage: hxxp://www.google.com

FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @comrade.gamespy.com/comrade - C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)

FF Plugin: @esn.me/esnsonar,version=0.70.0 - C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File

FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Extension: No Name - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\cuoebtwm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (BYOND stub plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npbyond.dll (BYOND)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Comrade Plugin) - C:\Program Files\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Unity Player) - C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

CHR Extension: (Google Docs) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Skype Click to Call) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0

CHR Extension: (Gmail) - C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S4 ASGT; C:\Windows\System32\ASGT.exe [55296 2012-01-17] ()

R2 AsusSE; C:\Program Files\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-02-16] ()

S3 Desura Install Service; C:\Program Files\Common Files\Desura\desura_service.exe [131912 2012-01-30] (Desura Pty Ltd)

R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)

S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation)

S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)

R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)

S4 MSSQLServerADHelper100; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2008-07-11] (Microsoft Corporation)

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)

S4 npggsvc; C:\Windows\system32\GameMon.des [4005936 2011-06-06] (INCA Internet Co., Ltd.)

R2 OOCleverCache; C:\Program Files\OO Software\CleverCache\ooccag.exe [705864 2010-12-08] (O&O Software GmbH)

S4 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1244936 2011-09-07] (Raxco Software, Inc.)

S4 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2117384 2011-09-07] (Raxco Software, Inc.)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2013-01-30] ()

S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-08-13] (Skype Technologies S.A.)

S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)

S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [539248 2011-03-25] (VMware, Inc.)

S4 SCBackService; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [x]

S4 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [x]

S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-08-21] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-08-21] (AVAST Software)

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [729752 2012-08-21] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355632 2012-08-21] (AVAST Software)

S3 bDMusicb; C:\Users\Ben\AppData\Local\Temp\bDMusicb.sys [29696 2013-11-24] ()

R3 CamDrL; C:\Windows\System32\DRIVERS\Camdrl.sys [1075360 2007-02-03] (Logitech Inc.)

R2 cpuz135; C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2011-09-21] (CPUID)

R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [138768 2011-08-04] (Raxco Software, Inc.)

S3 gdrv; C:\Windows\gdrv.sys [17488 2012-10-11] (Windows ® 2000 DDK provider)

R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)

R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [32368 2011-03-25] (VMware, Inc.)

S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-03-24] (Huawei Technologies Co., Ltd.)

S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-03-24] (Huawei Technologies Co., Ltd.)

S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [168448 2011-03-24] (Huawei Technologies Co., Ltd.)

S3 IOMap; C:\Windows\system32\drivers\IOMap.sys [33280 2010-03-05] (ASUSTeK Computer Inc.)

R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)

R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)

R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)

S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()

R3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()

R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)

R1 MpKsl2e885be7; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFF0A0A4-0D63-45C6-B8B6-347A90CA1065}\MpKsl2e885be7.sys [29904 2013-04-22] (Microsoft Corporation)

R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [66832 2011-09-07] (Raxco Software, Inc.)

S3 pgfilter; C:\Program Files\PeerGuardian2\pgfilter.sys [8192 2007-06-02] ()

S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)

R3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [1037416 2011-06-29] (Realtek Semiconductor Corporation )

R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()

R2 UltraMonUtility; C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [17184 2008-11-14] (Realtime Soft Ltd)

S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2010-11-11] (VMware, Inc.)

R2 vstor2-ws60; C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [22448 2010-08-19] (VMware, Inc.)

R3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [66152 2009-08-21] (Microsoft Corporation)

S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

R3 WinRing0_1_2_0; \??\C:\Users\Ben\AppData\Local\Temp\tmp16DB.tmp [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\CodeStuff

2013-04-22 20:19 - 2013-04-22 20:19 - 01147723 ____A (Farbar) C:\Users\Ben\Desktop\FRST.exe

2013-04-20 01:38 - 2013-04-20 02:17 - 00000000 ____D C:\Users\Ben\Documents\TmForever

2013-04-20 01:32 - 2013-04-20 01:33 - 00000000 ____D C:\Program Files\TmNationsForever

2013-04-19 22:28 - 2013-04-19 22:28 - 00000000 ___HD C:\Windows\PIF

2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\NCH Software

2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Program Files\NCH Software

2013-04-16 18:02 - 2013-04-16 18:04 - 00000000 ____D C:\Program Files\SpywareBlaster

2013-04-16 18:02 - 2009-03-24 12:52 - 00129872 ____A (Microsoft Corporation) C:\Windows\System32\MSSTDFMT.DLL

2013-04-15 02:12 - 2013-04-15 02:12 - 00000065 ____A C:\Users\Ben\Desktop\corruption of champions.txt

2013-04-14 18:14 - 2013-04-14 18:14 - 00000000 ____D C:\Users\Ben\AppData\Local\SWTORPerf

2013-04-14 18:08 - 2013-04-14 18:08 - 00000000 ____D C:\Program Files\Electronic Arts

2013-04-14 14:26 - 2013-04-14 14:29 - 261846936 ____A (GOG.com ) C:\Users\Ben\Downloads\setup_magic_carpet2_2.1.0.7.exe

2013-04-10 22:26 - 2012-08-23 15:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll

2013-04-10 22:26 - 2012-08-23 15:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys

2013-04-10 22:26 - 2012-08-23 15:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys

2013-04-10 22:26 - 2012-08-23 15:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

2013-04-10 22:26 - 2012-08-23 15:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

2013-04-10 22:26 - 2012-08-23 14:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll

2013-04-10 22:26 - 2012-08-23 14:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll

2013-04-10 22:26 - 2012-08-23 14:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll

2013-04-10 22:26 - 2012-08-23 14:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll

2013-04-10 22:26 - 2012-08-23 14:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-10 22:26 - 2012-08-23 12:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe

2013-04-10 22:26 - 2012-08-23 12:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe

2013-04-10 22:26 - 2012-08-23 12:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-10 22:26 - 2012-08-23 12:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll

2013-04-10 22:26 - 2012-08-23 11:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe

2013-04-10 22:26 - 2012-08-23 11:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2013-04-10 22:25 - 2012-08-23 09:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-10 22:24 - 2013-02-21 11:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-10 22:24 - 2013-02-21 11:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-10 22:24 - 2013-02-21 11:30 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-04-10 22:24 - 2013-02-21 11:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-10 22:24 - 2013-02-21 11:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-04-10 22:24 - 2013-02-19 13:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-10 22:24 - 2013-02-19 12:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-10 21:30 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-04-10 21:30 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-10 21:30 - 2013-03-19 05:48 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-10 21:30 - 2013-03-19 03:49 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-10 21:30 - 2013-03-01 04:09 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-10 21:30 - 2013-01-24 05:47 - 00196328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-10 21:29 - 2013-03-02 06:07 - 01212264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-10 01:41 - 2013-04-22 01:02 - 00000025 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Usage.ini

2013-04-09 15:00 - 2013-04-22 20:18 - 00005462 ____A C:\Users\Ben\Network_Meter_Data.js

2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\Windows\ERUNT

2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\JRT

2013-04-03 20:01 - 2013-04-03 20:01 - 00000000 ____D C:\Users\Ben\Doctor Web

2013-03-30 15:56 - 2012-08-24 18:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2013-03-30 15:56 - 2012-08-24 18:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2013-03-30 15:56 - 2012-08-24 17:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2013-03-30 15:56 - 2012-08-24 17:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll

2013-03-30 14:25 - 2013-03-30 15:11 - 00000000 ____D C:\ComboFix

2013-03-29 17:06 - 2013-04-14 18:09 - 00013644 ____A C:\Users\Ben\Documents\Install STAR WARS The Old Republic.log

2013-03-29 17:06 - 2013-03-29 17:06 - 00000000 ____D C:\users\hedev

2013-03-28 09:20 - 2013-03-28 09:20 - 00000000 ____D C:\FRST

2013-03-28 03:06 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe

2013-03-28 03:06 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe

2013-03-28 03:06 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-03-28 03:06 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-03-28 03:06 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-03-28 03:06 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe

2013-03-28 03:06 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe

2013-03-28 03:06 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe

2013-03-28 03:03 - 2013-03-30 15:11 - 00000000 ___AD C:\Qoobox

2013-03-28 03:03 - 2013-03-28 19:06 - 00000000 ____D C:\Windows\erdnt

2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\TheStrain

2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\Phantom Zombie Pack

2013-03-24 15:07 - 2013-03-24 15:07 - 09998094 ____A C:\Users\Ben\Desktop\wing_commander_reference_cards.zip

2013-03-24 15:07 - 2013-03-24 15:07 - 02735435 ____A C:\Users\Ben\Desktop\wing_commander_manual.zip

==================== One Month Modified Files and Folders ========

2013-04-22 20:20 - 2013-04-22 20:20 - 00000000 ____D C:\Program Files\CodeStuff

2013-04-22 20:19 - 2013-04-22 20:19 - 01147723 ____A (Farbar) C:\Users\Ben\Desktop\FRST.exe

2013-04-22 20:18 - 2013-04-09 15:00 - 00005462 ____A C:\Users\Ben\Network_Meter_Data.js

2013-04-22 20:18 - 2012-02-14 03:42 - 00000000 ____D C:\Users\Ben\AppData\Local\LogMeIn Hamachi

2013-04-22 20:18 - 2011-10-26 02:07 - 00000000 ___RD C:\Users\Ben\Dropbox

2013-04-22 20:18 - 2011-10-26 02:04 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Dropbox

2013-04-22 20:17 - 2012-02-29 10:10 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-22 20:17 - 2011-03-17 08:36 - 00000308 ____A C:\Windows\Tasks\GlaryInitialize.job

2013-04-22 20:04 - 2012-04-08 10:10 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-22 19:57 - 2012-02-29 10:10 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-22 18:56 - 2011-03-16 23:57 - 01900185 ____A C:\Windows\WindowsUpdate.log

2013-04-22 18:41 - 2009-07-14 05:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-22 18:41 - 2009-07-14 05:34 - 00014336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-22 18:32 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-22 18:32 - 2009-07-14 05:39 - 00005036 ____A C:\Windows\setupact.log

2013-04-22 01:02 - 2013-04-10 01:41 - 00000025 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Usage.ini

2013-04-21 19:51 - 2011-05-10 03:03 - 00000000 ____D C:\Program Files\Steam

2013-04-21 19:27 - 2012-11-30 02:26 - 00000000 ____D C:\GOG Games

2013-04-21 19:27 - 2011-04-01 00:04 - 00000000 ____D C:\Program Files\GOG.com

2013-04-21 01:17 - 2011-04-12 03:33 - 00000000 ____D C:\Users\Ben\AppData\Roaming\vlc

2013-04-20 14:20 - 2011-07-07 22:30 - 00000000 ____D C:\Users\Ben\AppData\Roaming\TS3Client

2013-04-20 02:22 - 2011-03-17 00:57 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Skype

2013-04-20 02:17 - 2013-04-20 01:38 - 00000000 ____D C:\Users\Ben\Documents\TmForever

2013-04-20 01:38 - 2011-03-17 10:35 - 00401734 ____A C:\Windows\Directx.log

2013-04-20 01:33 - 2013-04-20 01:32 - 00000000 ____D C:\Program Files\TmNationsForever

2013-04-19 22:36 - 2011-05-24 05:13 - 00000000 ____D C:\Program Files\DOSBox-0.74

2013-04-19 22:28 - 2013-04-19 22:28 - 00000000 ___HD C:\Windows\PIF

2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Users\Ben\AppData\Roaming\NCH Software

2013-04-18 01:02 - 2013-04-18 01:02 - 00000000 ____D C:\Program Files\NCH Software

2013-04-16 18:58 - 2012-04-08 10:10 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-04-16 18:58 - 2011-05-30 02:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-04-16 18:58 - 2011-03-27 17:00 - 00000000 ____D C:\Temp 5

2013-04-16 18:04 - 2013-04-16 18:02 - 00000000 ____D C:\Program Files\SpywareBlaster

2013-04-16 17:49 - 2011-03-17 00:56 - 00000000 ____D C:\Users\Ben\AppData\Local\TSVNCache

2013-04-16 17:39 - 2011-03-17 08:38 - 00184162 ____A C:\Windows\PFRO.log

2013-04-15 14:39 - 2011-02-01 00:39 - 00000000 ____D C:\Users\Ben\Documents\StarCraft II

2013-04-15 14:05 - 2011-02-09 00:05 - 00000000 ____D C:\Program Files\StarCraft II

2013-04-15 14:02 - 2011-02-09 00:05 - 00000000 ____D C:\Program Files\Common Files\Blizzard Entertainment

2013-04-15 02:12 - 2013-04-15 02:12 - 00000065 ____A C:\Users\Ben\Desktop\corruption of champions.txt

2013-04-14 20:00 - 2012-12-02 14:41 - 00000000 ____D C:\Users\Ben\AppData\Local\Take On Helicopters

2013-04-14 18:24 - 2011-03-21 00:52 - 00107888 ____A (Sony DADC Austria AG.) C:\Windows\System32\CmdLineExt.dll

2013-04-14 18:14 - 2013-04-14 18:14 - 00000000 ____D C:\Users\Ben\AppData\Local\SWTORPerf

2013-04-14 18:09 - 2013-03-29 17:06 - 00013644 ____A C:\Users\Ben\Documents\Install STAR WARS The Old Republic.log

2013-04-14 18:08 - 2013-04-14 18:08 - 00000000 ____D C:\Program Files\Electronic Arts

2013-04-14 18:08 - 2011-02-04 07:35 - 00000000 ____D C:\Program Files\Common Files\BioWare

2013-04-14 14:29 - 2013-04-14 14:26 - 261846936 ____A (GOG.com ) C:\Users\Ben\Downloads\setup_magic_carpet2_2.1.0.7.exe

2013-04-13 19:44 - 2011-03-17 00:46 - 00000000 ____D C:\Users\Ben\AppData\Local\Google

2013-04-13 14:44 - 2012-10-08 23:51 - 00000000 __SHD C:\Program Files\a4d

2013-04-13 14:35 - 2011-02-04 00:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-04-13 14:32 - 2011-03-04 04:19 - 00000000 ____D C:\Program Files\Foxit Software

2013-04-13 14:32 - 2011-02-03 21:38 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-04-12 23:32 - 2011-07-07 22:18 - 00000000 ____D C:\Users\Ben\AppData\Local\TeamSpeak 3 Client

2013-04-11 20:41 - 2012-09-17 22:35 - 00000000 ____D C:\Users\Ben\AppData\Local\ArmA 2 OA

2013-04-11 19:25 - 2011-02-03 22:51 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2013-04-11 18:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2013-04-11 17:51 - 2009-07-14 05:33 - 00409120 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-11 00:17 - 2011-03-17 21:10 - 00000000 ____D C:\Windows\System32\Drivers\ja-JP

2013-04-11 00:17 - 2011-03-17 20:47 - 00000000 ____D C:\Windows\System32\Drivers\nl-NL

2013-04-11 00:17 - 2011-03-17 20:31 - 00000000 ____D C:\Windows\System32\Drivers\it-IT

2013-04-11 00:17 - 2011-03-17 19:41 - 00000000 ____D C:\Windows\System32\Drivers\de-DE

2013-04-11 00:17 - 2011-03-17 07:34 - 00000000 ____D C:\Windows\System32\Drivers\fr-FR

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\th-TH

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sl-SI

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sk-SK

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\lv-LV

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\he-IL

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\et-EE

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-04-11 00:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ar-SA

2013-04-10 22:16 - 2011-03-17 01:21 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-04-09 14:55 - 2012-09-29 15:20 - 00001196 ____A C:\Users\Ben\AppData\Roaming\Network Meter_Settings.ini

2013-04-08 20:18 - 2012-09-08 15:44 - 00000000 ____D C:\Program Files\Splashtop

2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\Windows\ERUNT

2013-04-08 20:17 - 2013-04-08 20:17 - 00000000 ____D C:\JRT

2013-04-07 22:44 - 2012-02-14 20:08 - 00000000 ____D C:\Program Files\Origin

2013-04-07 20:11 - 2011-05-05 03:25 - 00000000 ____D C:\Users\Ben\AppData\Roaming\.minecraft

2013-04-07 02:51 - 2013-02-03 20:39 - 00000000 ____D C:\Program Files\War Thunder

2013-04-07 00:41 - 2012-03-20 19:42 - 00000178 ____A C:\Users\Ben\Desktop\Money owed.txt

2013-04-05 00:29 - 2012-02-29 10:10 - 00000000 ____D C:\Program Files\Google

2013-04-04 14:50 - 2012-10-09 01:33 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-04-04 01:33 - 2011-02-04 00:39 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-04-03 20:01 - 2013-04-03 20:01 - 00000000 ____D C:\Users\Ben\Doctor Web

2013-04-02 11:33 - 2011-03-17 01:22 - 00237088 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-04-01 17:57 - 2011-03-17 21:28 - 00460878 ____A C:\Windows\System32\prfh0804.dat

2013-04-01 17:57 - 2011-03-17 21:28 - 00156308 ____A C:\Windows\System32\prfc0804.dat

2013-04-01 17:57 - 2011-03-17 21:11 - 00494688 ____A C:\Windows\System32\perfh011.dat

2013-04-01 17:57 - 2011-03-17 21:11 - 00158448 ____A C:\Windows\System32\perfc011.dat

2013-04-01 17:57 - 2011-03-17 20:48 - 00825712 ____A C:\Windows\System32\perfh013.dat

2013-04-01 17:57 - 2011-03-17 20:48 - 00190064 ____A C:\Windows\System32\perfc013.dat

2013-04-01 17:57 - 2011-03-17 20:32 - 00822656 ____A C:\Windows\System32\perfh010.dat

2013-04-01 17:57 - 2011-03-17 20:32 - 00184064 ____A C:\Windows\System32\perfc010.dat

2013-04-01 17:57 - 2011-03-17 20:23 - 00810730 ____A C:\Windows\System32\prfh0816.dat

2013-04-01 17:57 - 2011-03-17 20:23 - 00189946 ____A C:\Windows\System32\prfc0816.dat

2013-04-01 17:57 - 2011-03-17 19:59 - 00806128 ____A C:\Windows\System32\perfh019.dat

2013-04-01 17:57 - 2011-03-17 19:59 - 00187488 ____A C:\Windows\System32\perfc019.dat

2013-04-01 17:57 - 2011-03-17 19:50 - 00795714 ____A C:\Windows\System32\prfh0416.dat

2013-04-01 17:57 - 2011-03-17 19:50 - 00184748 ____A C:\Windows\System32\prfc0416.dat

2013-04-01 17:57 - 2011-03-17 07:58 - 00744606 ____A C:\Windows\System32\perfh01D.dat

2013-04-01 17:57 - 2011-03-17 07:58 - 00179226 ____A C:\Windows\System32\perfc01D.dat

2013-04-01 17:57 - 2011-03-17 07:40 - 00478180 ____A C:\Windows\System32\prfh0404.dat

2013-04-01 17:57 - 2011-03-17 07:40 - 00151394 ____A C:\Windows\System32\prfc0404.dat

2013-04-01 17:57 - 2011-03-17 02:14 - 00575306 ____A C:\Windows\System32\perfh014.dat

2013-04-01 17:57 - 2011-03-17 02:14 - 00131830 ____A C:\Windows\System32\perfc014.dat

2013-04-01 17:57 - 2011-03-17 00:35 - 17580002 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-30 16:06 - 2011-02-04 00:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-03-30 15:11 - 2013-03-30 14:25 - 00000000 ____D C:\ComboFix

2013-03-30 15:11 - 2013-03-28 03:03 - 00000000 ___AD C:\Qoobox

2013-03-30 14:59 - 2009-07-14 03:04 - 00000689 ____A C:\Windows\system.ini

2013-03-29 17:06 - 2013-03-29 17:06 - 00000000 ____D C:\users\hedev

2013-03-28 20:56 - 2011-03-17 07:48 - 00000000 ____D C:\Windows\th-TH

2013-03-28 19:09 - 2009-07-14 03:37 - 00000000 __RHD C:\users\Default

2013-03-28 19:09 - 2009-07-14 03:37 - 00000000 ___RD C:\users\Public

2013-03-28 19:06 - 2013-03-28 03:03 - 00000000 ____D C:\Windows\erdnt

2013-03-28 09:20 - 2013-03-28 09:20 - 00000000 ____D C:\FRST

2013-03-27 09:52 - 2011-03-17 21:10 - 00000000 ____D C:\Windows\ja-JP

2013-03-26 21:34 - 2011-02-04 00:42 - 00000000 ____D C:\Program Files\Glary Utilities

2013-03-26 21:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp

2013-03-26 21:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration

2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\TheStrain

2013-03-24 23:45 - 2013-03-24 23:45 - 00000000 ____D C:\Users\Ben\Desktop\Phantom Zombie Pack

2013-03-24 15:07 - 2013-03-24 15:07 - 09998094 ____A C:\Users\Ben\Desktop\wing_commander_reference_cards.zip

2013-03-24 15:07 - 2013-03-24 15:07 - 02735435 ____A C:\Users\Ben\Desktop\wing_commander_manual.zip

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-04-14 04:50

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-04-2013 02

Ran by Ben at 2013-04-22 20:24:54 Run:

Running from C:\Users\Ben\Desktop

Boot Mode: Normal

==========================================================

==================== Installed Programs =======================

@BIOS (Version: 2.24)

µTorrent (Version: 3.2.1.28086)

A Game of Dwarves

A Valley Without Wind

A.R.E.S.

AC3Filter 1.62b (Version: 1.62b)

ACEIP (Version: 1.13)

ACEMod (Version: 1.09)

Adobe AIR (Version: 3.3.0.3670)

Adobe Flash Player 11 ActiveX (Version: 11.7.700.169)

Adobe Flash Player 11 Plugin (Version: 11.7.700.169)

Adobe Shockwave Player 11.6 (Version: 11.6.5.635)

Age of Mythology

Age of Mythology - The Titans Expansion

AI War: Fleet Command

AirBuccaneers

AirMech

Alien Swarm

Alien Swarm - SDK

Aliens vs. Predator

Altitude

Anno 2070

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

Arcadia

Arma 2 Army of The Czech Republic (LITE) Uninstall

Arma 2 Army of The Czech Republic Uninstall

ARMA 2 Operation Arrowhead Uninstall

Arma 2 RFT Uninstall

ArmA 2 Uninstall

Arma Cold War Assault Uninstall

ArmA II Launcher (Version: 1.4.1.0)

ArmA Queen's Gambit Uninstall

ArmA Uninstall

ASUS GPU Tweak (Version: 2.1.0.1)

ASUS PCE-N15 WLAN Card Utilities & Driver (Version: 1.0.0.7)

Audacity 2.0

AutoGreen B12.0206.1 (Version: 1.00.0000)

avast! Free Antivirus (Version: 7.0.1466.0)

BattlEye for Iron Front Uninstall

BattlEye for OA Uninstall

Battlezone 1.5 version 0.60 (Version: 0.60)

Battlezone 1998

Battlezone Configuration Utilities

Battlezone II

Bear Force II 0.3 (Version: 0.3)

Beat Hazard

Big Fish Games: Game Manager (Version: 3.0.1.60)

BIT.TRIP BEAT

BIT.TRIP CORE

BIT.TRIP RUNNER

BIT.TRIP VOID

Blazing Angels Squadrons of WWII (Version: 1.02.0000)

Blitzkrieg Mod (Version: 4.6.4.1)

Blood II: The Chosen

BoneCraft (Version: 1.0.4)

Bonjour (Version: 3.0.0.10)

Borderlands 2

Braid

BufferChm (Version: 90.0.146.000)

Build Your Own Net Dream (remove only)

BulletStorm (Version: 1.0.0001.130)

Call of Duty® - World at War 1.2 Patch

Call of Duty® - World at War 1.4 Patch

Call of Duty® - World at War 1.5 Patch

Call of Duty® - World at War 1.6 Patch

Call of Duty® - World at War 1.7 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)

Cargo Commander

Choplifter HD

Cisco EAP-FAST Module (Version: 2.2.14)

Cisco LEAP Module (Version: 1.0.19)

Cisco PEAP Module (Version: 1.1.6)

Codename Gordon

CodeStuff Starter (Version: 5.6.2.9)

Company of Heroes - FAKEMSI (Version: 2.0.0.0)

Company of Heroes (Version: 2.602.0)

Conquest Frontier Wars (Version: 2.0.0.6)

Contribtastic 2.1.1 (Version: 2.1.1)

Core Temp version 0.99.7 (Version: 0.99.7)

Cortex Command

Counter-Strike: Global Offensive

Counter-Strike: Source

CPUID CPU-Z 1.60

Crusader No Regret (Version: 2.0.0.8)

Crusader No Remorse (Version: 2.0.0.15)

Crysis Wars

CustomerResearchQFolder (Version: 1.00.0000)

D.I.P.R.I.P. Warm Up

D1400 (Version: 90.0.235.000)

D1400_Help (Version: 90.0.235.000)

D3DX10 (Version: 15.4.2368.0902)

Dangerous Waters

Dark Reign - The Future of War + The Rise of the Shadowhand

Dark Reign 2

Dawn of War - Dark Crusade (Version: 1.00.0000)

Dawn of War - Soulstorm (Version: 1.00.0000)

Dawn of War - Tyranid Mod v0.45DC (Version: "0.45DC")

Dawn of War - Tyranid Mod v0.45SS (Version: "0.45SS")

Dawn Of War - Winter Assault (Version: 1.4)

DawnOfWar (Version: 1.00.00000)

Day of Defeat: Source

DCS Black Shark 2 (Version: 1.1.1.1)

DCS World (Version: 1.2.2.7570)

Death Rally for Windows

Debut Video Capture Software

Defense Grid: The Awakening

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Descent 3 and Mercenary Expansion

Descent and Descent 2 (Version: 2.0.0.7)

Desura (Version: 100.53)

Desura: 8-Bit Commando (Version: Demo)

Desura: Battle Group (Version: Full)

Desura: Dwarf Fortress (Version: Full)

Desura: Hack, Slash, Loot (Version: Demo)

Desura: OpenTTD (Version: Full)

Desura: Soldat (Version: Free)

DeviceDiscovery (Version: 90.0.205.000)

DeviceManagementQFolder (Version: 1.00.0000)

D-Fend Reloaded 1.2.1 (deinstall) (Version: 1.3.0)

Dino D-Day

dj_sf_ProductContext (Version: 90.0.235.000)

dj_sf_software (Version: 90.0.235.000)

dj_sf_software_req (Version: 90.0.235.000)

Dropbox (Version: 1.6.18)

Dungeon Siege Legends of Aranna

Dungeons of Dredmor

Dystopia

Easy Tune 6 B12.0402.1 (Version: 1.00.0000)

EasyBCD 2.1.2 (Version: 2.1.2)

Eets

ESET Online Scanner v3

eSupportQFolder (Version: 1.00.0000)

Euro Truck Simulator 2

EVE Online (remove only)

EVEMon (Version: 1.8.1.4016)

Fallout Mod Manager 0.13.21

FileZilla Client 3.6.0.2 (Version: 3.6.0.2)

Forged Alliance Forever (Version: 240.8.4)

Foxit Reader (Version: 5.4.5.124)

Freespace 2

Freespace with Silent Threat Expansion

Frozen Synapse

FTL: Faster Than Light

GameRanger

GameShadow V3.1 (Version: 3.00.000)

GameSpy Comrade (Version: 3.2.17.236)

Garry's Mod

Glary Utilities 2.51.0.1666 (Version: 2.51.0.1666)

GOG.com Downloader (Version: 0.9.30)

Google Chrome (Version: 26.0.1410.64)

Google Update Helper (Version: 1.3.21.135)

Gratuitous Space Battles

Gratuitous Tank Battles

Half-Life 2

Half-Life 2: Deathmatch

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Half-Life Deathmatch: Source

Hard Reset

Hawken

HazeronPatch

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

HiJackThis (Version: 1.0.0)

HOARD

Homeworld2

Hotline Miami

HP Customer Participation Program 9.0 (Version: 9.0)

HP Deskjet Printer Driver Software 9.0 (Version: 9.0)

HP Imaging Device Functions 9.0 (Version: 9.0)

HP Photosmart Essential 2.01 (Version: 2.01)

HP Photosmart Essential2.01 (Version: 1.01.0000)

HP Product Detection (Version: 11.14.0001)

HP Solution Center 9.0 (Version: 9.0)

HP Update (Version: 5.003.001.001)

HPProductAssistant (Version: 90.0.146.000)

HPSSupply (Version: 2.2.0.0000)

I Am Alive

iCloud (Version: 2.1.2.8)

Impulse® (Version: 3.29)

Indeo® Software

Intel® Management Engine Components (Version: 8.0.0.1351)

Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)

Iron Grip: Warlord

iTunes (Version: 11.0.2.26)

Java 7 Update 17 (Version: 7.0.170)

Java Auto Updater (Version: 2.1.9.0)

Junk Mail filter update (Version: 15.4.3502.0922)

KerbalModManager (Version: 1.4.61)

Killing Floor

Killing Floor SDK

KKND2 Krossfire (Version: 2.0.0.7)

Krush, Kill and Destroy Xtreme

Krush, Kill 'n' Destroy Xtreme

LAME v3.99.3 (for Windows)

Left 4 Dead

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

Left 4 Dead 2 Authoring Tools

Left 4 Dead 2 Dedicated Server

Left 4 Dead Authoring Tools

Left 4 Dead Dedicated Server

LIMBO

Livestream Procaster (Version: 20.3.0)

Lockon Flaming Cliffs 1.2.1 patch

Logitech QuickCam (Version: 10.51.2029)

LogMeIn Hamachi (Version: 2.1.0.294)

Lone Survivor

LoveChess Age Of Egypt (Version: 2.29.0000)

LoveChess Salvage (Version: 1.02)

LoveChess The Greek Era (Free) (Version: 1.50.000)

Machinarium

Magic Carpet (Version: 2.0.0.18)

Magic Carpet 2 (Version: 2.1.0.7)

MagicDisc 2.7.106

Magicka

Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)

MarketResearch (Version: 90.0.146.000)

Mass Effect (Version: 1.00)

Mass Effect 2 (Version: 1.02)

Mass Effect™ 3 (Version: 1.05.0.0)

MechWarrior Online (Version: 1.2.0.0)

Mesh Runtime (Version: 15.4.5722.2)

Messenger Companion (Version: 15.4.3502.0922)

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6012.5000)

Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)

Microsoft Games for Windows Marketplace (Version: 3.5.50.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Security Client (Version: 4.2.0223.1)

Microsoft Security Essentials (Version: 4.2.223.1)

Microsoft Silverlight (Version: 5.1.20125.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)

Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)

Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)

Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)

Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)

Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)

Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)

Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)

Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322)

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)

Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)

Microsoft XML Parser (Version: 8.70.1104.04)

Microsoft XNA Framework Redistributable 1.0 Refresh (Version: 1.1.10405.0)

Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)

Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)

Mount & Blade

Mount & Blade: Warband

Mount & Blade: With Fire and Sword

Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0)

Mozilla Maintenance Service (Version: 12.0)

MrRobot 1.21

MSVCRT (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)

MSXML4 Parser (Version: 1.0.0)

Myth II: Soulblighter version 1.7.1 (Version: 1.7.1)

Natural Selection 2

Naval War: Arctic Circle

Nexus: The Jupiter Incident

North and South version 0.4 (Version: 0.4)

Notepad++ (Version: 5.9)

Nuclear Dawn

NVIDIA 3D Vision Driver 311.06 (Version: 311.06)

NVIDIA Control Panel 311.06 (Version: 311.06)

NVIDIA Graphics Driver 311.06 (Version: 311.06)

NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA PhysX (Version: 9.12.1031)

NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

O&O CleverCache (Version: 7.1.2787)

On the Rain-Slick Precipice of Darkness, Episode One

On the Rain-Slick Precipice of Darkness, Episode Two

ON_OFF Charge B11.1102.1 (Version: 1.00.0001)

One Unit Whole Blood (Version: 2.0.0.21)

OpenAL

Orcs Must Die!

Organ Trail: Director's Cut

Origin (Version: 8.5.0.4554)

PanoStandAlone (Version: 90.0.146.000)

PAYDAY: The Heist

PC Wizard 2012.2.0

PeerGuardian 2.0 (Version: 2.1.0.2)

Penny Arcade's On the Rain-Slick Precipice of Darkness 3

PerfectDisk 12 Professional (Version: 12.00.290)

PlanetSide 2

Poker Night at the Inventory

Portal

Portal 2

PSSWCORE (Version: 2.01.0000)

PunkBuster Services (Version: 0.986)

PVSonyDll (Version: 1.00.0001)

Python 2.6 (Version: 2.6.150)

QuickTime (Version: 7.73.80.64)

Real Hide IP (Version: 4.0.9.2)

Realtek Ethernet Controller Driver (Version: 7.49.927.2011)

Realtek High Definition Audio Driver (Version: 6.0.1.6554)

Revo Uninstaller 1.94 (Version: 1.94)

Rockstar Games Social Club (Version: 1.1.0.1)

Sanctum

SequoiaView

Service Pack 3 for SQL Server 2008 (KB2546951) (Version: 10.3.5500.0)

Shores of Hazeron

Silver

SimCity 4 Deluxe

Sins of a Solar Empire

Sins of a Solar Empire - Diplomacy

Sins of a Solar Empire - Entrenchment

Sins of a Solar Empire: Rebellion Beta

Six Updater (Version: 2.09.7024)

Skype Click to Call (Version: 6.2.10687)

Skype™ 6.1 (Version: 6.1.129)

Sniper Elite: Nazi Zombie Army

SolutionCenter (Version: 90.0.146.000)

Source SDK

Spec Ops: The Line

Splashtop Connect for Firefox (Version: 2.0.5.2)

Splashtop Connect for IE (Version: 2.0.5.1)

SpywareBlaster 5.0 (Version: 5.0.0)

Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)

SQL Server System CLR Types (Version: 10.3.5500.0)

Star Conflict

Star Hammer Tactics Demo

Star Wars: The Old Republic (Version: 1.00)

StarCraft II (Version: 2.0.7.25293)

StarForge Alpha

Starscape Music Pack

Starscape V2.3

Status (Version: 90.0.146.000)

Steam (Version: 1.0.0.0)

Strike Commander CD-ROM Edition (Version: 2.0.0.5)

Stronghold (Version: 1.20.0000)

Stronghold 2 (Version: 1.40.1000)

Stronghold Crusader Extreme (Version: 1.20.0000)

Stronghold Legends (Version: 1.20.0000)

Super Meat Boy

Super Meat Boy Editor

Supreme Commander (Version: 1.00.0000)

SWBFIIv1.2

Sword of the Stars: The Pit

Syndicate (Version: 2.0.0.11)

Syndicate Wars (Version: 2.0.0.20)

System Requirements Lab CYRI (Version: 4.5.1.0)

Take On Helicopters

Take On Helicopters Rearmed Uninstall

Take On Hinds

Take On Noisecontrollers Uninstall

Team Fortress 2

TeamSpeak 3 Client (Version: 3.0.10.1)

TeamViewer 7 (Version: 7.0.12979)

TextMaker Viewer

The Anglo Zulu war (Version: 1.0.0)

The Binding of Isaac

The Ur-Quan Masters 0.7.0 (Version: 0.7.0)

The Walking Dead

Theme Hospital (Version: 2.0.0.5)

TmNationsForever

Toolbox (Version: 90.0.146.000)

Torchlight Editor

TortoiseSVN 1.7.6.22632 (32 bit) (Version: 1.7.22632)

TrayApp (Version: 90.0.146.000)

Trine

Tropico 2: Pirate Cove

Ubisoft Game Launcher (Version: 1.0.0.0)

UltraMon (Version: 3.1.0)

Unity (Version: )

Unity Web Player (Version: )

Universe at War Earth Assault (Version: 1.00.0000)

UnloadSupport (Version: 9.0.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VDMSound 2.0.4 (Version: 2.0.4.0)

VideoPad Video Editor

VideoToolkit01 (Version: 90.0.146.000)

VLC media player 2.0.5 (Version: 2.0.5)

VMware Workstation (Version: 7.1.4.16648)

War Thunder Launcher 1.0.1.145

WebM Media Foundation Components (Version: 1.0.0.0)

WebReg (Version: 90.0.146.000)

Winamp (Version: 5.621 )

Winamp Detector Plug-in (Version: 1.0.0.1)

Windows 7 Codec Pack 3.5.0 (Version: 3.5.0)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3538.0513)

Windows Live Family Safety (Version: 15.4.3538.0513)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3538.0513)

Windows Live Messenger Companion Core (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

Wing Commander 1 and 2 (Version: 2.0.0.18)

Wing Commander III - Heart of the Tiger (Version: 2.0.0.5)

Wing Commander IV (Version: 2.0.0.17)

Wing Commander Privateer (Version: 2.0.0.9)

WinRAR 4.00 (32-bit) (Version: 4.00.0)

WinSCP 4.3.7 (Version: 4.3.7)

World in Conflict: Soviet Assault (Version: 1.0.1.0)

World of Warcraft (Version: 5.2.0.16709)

XCOM: Enemy Unknown Demo

X-COM: Enforcer

XviD MPEG-4 Codec

Zeno Clash

Zeno Clash Models

Zip Motion Block Video codec (Remove Only)

Zombie Driver HD

Zombie Panic Source

==================== Restore Points =========================

21-04-2013 09:42:12 Scheduled Checkpoint

22-04-2013 17:44:14 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/22/2013 08:22:09 PM) (Source: Application Error) (User: )

Description: Faulting application name: svchost.exe_p2pimsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60

Exception code: 0xc0000005

Fault offset: 0x0003224d

Faulting process id: 0x16d8

Faulting application start time: 0xsvchost.exe_p2pimsvc0

Faulting application path: svchost.exe_p2pimsvc1

Faulting module path: svchost.exe_p2pimsvc2

Report Id: svchost.exe_p2pimsvc3

Error: (04/22/2013 07:21:34 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2013 07:14:18 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2013 07:14:18 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2013 11:24:34 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2013 11:24:34 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2013 10:41:14 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".

Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2013 10:35:19 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".

Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/21/2013 10:35:19 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".

Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.

Error: (04/20/2013 01:34:23 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.

.

This is often caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {00acb7df-a5f6-4a4c-8e4a-865adcb6c51a}

System errors:

=============

Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: )

Description: The Peer Name Resolution Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Grouping service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/22/2013 08:22:11 PM) (Source: Service Control Manager) (User: )

Description: The Peer Networking Identity Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (04/22/2013 08:18:40 PM) (Source: Service Control Manager) (User: )

Description: The WinRing0_1_2_0 service failed to start due to the following error:

%%2

Error: (04/22/2013 08:17:38 PM) (Source: Service Control Manager) (User: )

Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (04/22/2013 08:10:20 PM) (Source: DCOM) (User: )

Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (04/22/2013 08:09:52 PM) (Source: Service Control Manager) (User: )

Description: The Windows Modules Installer service terminated with the following error:

%%1450

Error: (04/22/2013 06:36:01 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:

%%1069

Error: (04/22/2013 06:36:01 PM) (Source: Service Control Manager) (User: )

Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:

%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (04/22/2013 06:33:06 PM) (Source: Service Control Manager) (User: )

Description: The SupportSoft RemoteAssist service failed to start due to the following error:

%%2

Microsoft Office Sessions:

=========================

Error: (04/22/2013 08:22:09 PM) (Source: Application Error)(User: )

Description: svchost.exe_p2pimsvc6.1.7600.163854a5bc100ntdll.dll6.1.7601.177254ec49b60c00000050003224d16d801ce3f8e0e5beb60C:\Windows\System32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllec90204f-ab81-11e2-8840-902b341dfe76

Error: (04/22/2013 07:21:34 PM) (Source: SideBySide)(User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe

Error: (04/22/2013 07:14:18 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe

Error: (04/22/2013 07:14:18 PM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (04/21/2013 11:24:34 AM) (Source: SideBySide)(User: )

Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe

Error: (04/21/2013 11:24:34 AM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (04/21/2013 10:41:14 AM) (Source: SideBySide)(User: )

Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\GIGABYTE\ET6\DLLS\install_flash_player_11_active_x_64bit.exe

Error: (04/21/2013 10:35:19 AM) (Source: SideBySide)(User: )

Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Python26\Lib\distutils\command\wininst-9.0-amd64.exe

Error: (04/21/2013 10:35:19 AM) (Source: SideBySide)(User: )

Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Python26\Lib\distutils\command\wininst-8_d.exe

Error: (04/20/2013 01:34:23 AM) (Source: VSS)(User: )

Description: 0x80070005, Access is denied.

Operation:

Gathering Writer Data

Context:

Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer

Writer Instance ID: {00acb7df-a5f6-4a4c-8e4a-865adcb6c51a}

==================== Memory info ===========================

Percentage of memory in use: 44%

Total physical RAM: 3563.57 MB

Available physical RAM: 1985.75 MB

Total Pagefile: 7125.44 MB

Available Pagefile: 5281.68 MB

Total Virtual: 2499.88 MB

Available Virtual: 2366.67 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:931.51 GB) (Free:3.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (MAIN7) (Fixed) (Total:39.52 GB) (Free:24.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (STORAGE) (Fixed) (Total:193.36 GB) (Free:191.21 GB) NTFS

Drive f: (SC2-200-D1) (CDROM) (Total:7.8 GB) (Free:0 GB) UDF

Drive j: (Outpost) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 232 GB 1024 KB

Partitions of Disk 0:

===============

Disk ID: B489B48A

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Main NTFS Partition 931 GB Healthy System (partition with boot components)

=========================================================

Partitions of Disk 1:

===============

Disk ID: 18121811

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 39 GB 31 KB

Partition 2 Primary 193 GB 39 GB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D MAIN7 NTFS Partition 39 GB Healthy

=========================================================

Disk: 1

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 E STORAGE NTFS Partition 193 GB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B489B48A)

Partition 1: (Active) - (Size=932 GB) - (Type=07) (NTFS)

====================================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 18121811)

Partition 1: (Active) - (Size=40 GB) - (Type=07) (NTFS)

Partition 2: (Not Active) - (Size=193 GB) - (Type=07) (NTFS)

[MrCharlie]

Looks OK

Are these something you recognize:

C:\Users\Ben\AppData\Roaming\Network Meter_Usage.ini

C:\Users\Ben\Network_Meter_Data.js

---------------------------------------

I'm about out of ideas, you can try a clean boot to see if you can isolate the problem:

http://support.microsoft.com/kb/929135

Here it is>>>>>>

How to determine what is causing the problem by clean boot

Windows Vista and Windows 7

A: Log on to the computer by using an account that has administrator rights.

B: Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.

If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.

C: Click the Services tab, and then click to select the Hide all Microsoft services check box.

D: Click to select half of the check boxes in the Service list.

E: Click OK, and then click Restart.

F: After the computer finishes restarting, determine whether the problem still occurs.

If the problem still occurs, repeat steps 2a through 2e, but clear half of the checked boxes in the

Service

list that you originally selected.

If the problem does not occur, repeat steps 2a through 2e, selecting only half of the remaining check boxes that are cleared in the

Service

list. Repeat these steps until you have selected all the check boxes.

If you still experience the problem after only one service is selected in the

Service

list, this means that the selected service causes the problem. Go to step

2j

. If no service causes this problem, go to step

2g

.

G: step2g Perform a clean boot by repeating steps 2a and 2b.

Click the Startup tab, and then click to select half of the check boxes in the Startup Item list.

I: Click OK, and then click Restart.

If the problem still occurs, repeat steps 2g and 2h, but clear half of the checked boxes in the

Startup Item

list that you originally selected.

If the problem does not occur, repeat steps 2g and 2h, selecting only half of the remaining check boxes that are cleared in the

Startup Item

list. Repeat these steps until you have selected all the check boxes.

If you still experience the problem after only one Startup Item is selected in the

Startup Item

list, this means that theselected Startup Item causes theproblem. Go to Step 2j. If no Startup Item causes this problem, a Microsoft service probably causes the problem.To determine which Microsoft service may be causing the problem, repeat steps 2a through 2f without selecting the

Hide all Microsoft services

check box in either step.

J: step2j After you determine the startup item or the service that causes the problem, contact the program manufacturer to determine whether the problem can be resolved. Or, run the System Configuration utility, and then click to clear the check box for the problem item.

Let me know.....MrC

[adams2k5]

Msconfig didn't work I'm afraid. However, I ran the AVPT tool again, as I was browsing some other forums so thought id give it a shot. It seems to have removed the problem completely as the window is no longer launching when explorer starts. Thanks for the help though

[MrCharlie]

OK....GOOD

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!