Malwarebytes Blocking Outgoing IPS 94.242.251.103 etc

knee · July 22, 2013

MalwareBytes Pro is blocking some outgoing IP's from Google Chrome not sure if this is working as intended or there is something on my system. Neither MalwareBytes or Microsoft Security Essentials has picked anything up on the system and it appears to be running without issues.

2013/07/22 13:13:14 +0100 BLUE Chris IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 57510, Process: chrome.exe)
2013/07/22 13:13:14 +0100 BLUE Chris IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 57511, Process: chrome.exe)

This is the type of entries shown in the logs.

MalwareBytes Pro Quick Scan Log

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.07.22.04

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16635

Chris :: BLUE [administrator]

Protection: Enabled

22/07/2013 14:30:24

mbam-log-2013-07-22 (14-30-24).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 209608

Time elapsed: 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

The DDS logs are as follows:

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Chris at 14:34:38 on 2013-07-22
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.8149.6729 [GMT 1:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
uRun: [skyDrive] "C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [spotify] "C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{17F98B56-7F17-4E3E-8E1B-204B68D4350C} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{17F98B56-7F17-4E3E-8E1B-204B68D4350C} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2013-5-6 56336]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-5-23 241152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-13 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-13 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-10 1900728]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-4-9 27792]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-24 94208]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-6-22 110744]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-7-13 25928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2013-4-9 2206352]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-23 21160]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2013-5-30 20608]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-07-22 13:19:34 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89C7A994-D851-4E59-9AF4-F213D1990C0F}\mpengine.dll
2013-07-22 12:45:18 -------- d-----w- C:\Program Files\CCleaner
2013-07-22 12:00:03 9460976 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-19 12:07:22 -------- d-----w- C:\Users\Chris\AppData\Roaming\RIFT
2013-07-19 12:07:21 -------- d-----w- C:\Program Files (x86)\RIFT
2013-07-15 09:15:03 -------- d-----w- C:\Users\Chris\AppData\Local\Chromium
2013-07-15 09:13:53 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-07-13 12:36:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-11 09:07:51 -------- d-----w- C:\Windows\System32\MRT
2013-07-11 08:59:56 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 08:59:55 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 08:59:50 2842112 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 08:59:49 2620928 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-05 15:50:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\OBS
2013-07-05 15:50:45 -------- d-----w- C:\Program Files (x86)\OBS
2013-07-04 15:11:57 -------- d-----w- C:\Users\Chris\AppData\Roaming\TS3Client
2013-07-04 14:58:24 -------- d-----w- C:\Users\Chris\AppData\Local\TeamSpeak 3 Client
2013-07-04 09:53:46 -------- d-----w- C:\ProgramData\Picroma
2013-07-04 09:53:46 -------- d-----w- C:\Program Files (x86)\Cube World
2013-07-01 09:33:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-07-04 12:11:40 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-07-04 12:11:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-07-04 12:11:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-07-04 12:11:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-07-01 09:33:45 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-07-01 09:33:45 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-06 10:00:04 447752 ----a-w- C:\Windows\SysWow64\vp6vfw.dll
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:33:13 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-23 21:25:18 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-05-23 21:25:18 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-05-23 21:25:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-05-23 21:25:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-05-23 21:25:10 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-05-23 21:25:08 123216 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-05-23 21:25:08 113464 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-05-23 21:25:04 97448 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-05-23 21:25:02 1182056 ----a-w- C:\Windows\System32\aticfx64.dll
2013-05-23 21:25:00 990976 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-05-23 21:24:56 8431232 ----a-w- C:\Windows\System32\atidxx64.dll
2013-05-23 21:24:54 7378560 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-05-23 21:24:50 4415256 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-05-23 21:24:46 5963328 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-05-23 21:24:42 4957536 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-05-23 21:24:40 6984088 ----a-w- C:\Windows\System32\atiumd64.dll
2013-05-23 21:22:58 11833856 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-05-23 21:10:18 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-05-23 21:10:02 98304 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-05-23 21:09:56 82944 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-05-23 21:09:50 86016 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-05-23 21:09:46 72704 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-05-23 21:09:30 27800576 ----a-w- C:\Windows\System32\amdocl64.dll
2013-05-23 21:07:18 23420928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-05-23 21:05:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-05-23 21:05:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-05-23 20:46:42 118784 ----a-w- C:\Windows\System32\coinst_13.101.dll
2013-05-23 20:44:48 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-05-23 20:42:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-05-23 20:42:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-05-23 20:42:26 24250880 ----a-w- C:\Windows\System32\atio6axx.dll
2013-05-23 20:42:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-05-23 20:42:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-05-23 20:42:06 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-05-23 20:37:52 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-05-23 20:26:28 19906560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-05-23 20:21:50 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-05-23 20:21:38 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-05-23 20:21:34 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-05-23 20:20:46 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-05-23 20:19:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-05-23 20:19:02 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-05-23 20:18:56 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-05-23 19:56:16 594944 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-05-23 19:56:06 419840 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-05-23 19:55:52 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-05-23 19:55:50 15872 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-05-23 19:55:50 15872 ----a-w- C:\Windows\System32\atiglpxx.dll
.
============= FINISH: 14:34:44.35 ===============

attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 09/04/2013 19:17:54
System Uptime: 22/07/2013 13:59:24 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | Z77X-D3H
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 154.465 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 931 GiB total, 831.835 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 779.837 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP23: 12/07/2013 14:16:46 - Installed DirectX
RP24: 14/07/2013 10:38:16 - Installed Microsoft Visual C++ 2005 Redistributable
RP25: 16/07/2013 10:05:09 - Installed DirectX
RP26: 22/07/2013 12:10:16 - Installed DirectX
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Photoshop Elements 11
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
Borderlands 2
Castle Crashers
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cube World version 0.0.1
DiRT 3
Dropbox
Dungeon Defenders
Elements 11 Organizer
Endless Space
Euro Truck Simulator 2
F1 2012
FileZilla Client 3.7.1
Football Manager 2013
Foxit Reader
FTL: Faster Than Light
Google Chrome
Google Update Helper
IrfanView (remove only)
Java 7 Update 25
Java Auto Updater
Java SE Development Kit 7 Update 25
Just Cause 2
L.A. Noire
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office 365 Home Premium - en-us
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft SkyDrive
Microsoft Visio MUI (English) 2013
Microsoft Visio Professional 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft WSE 3.0 Runtime
NetBeans IDE 7.3
Notepad++
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Open Broadcaster Software
OpenAL
Origin
Outils de vérification linguistique 2013 de Microsoft Office - Français
PlanetSide 2
Platform
Prison Architect
PSE11 STI Installer
RadeonPro 1.0 (Build 1.1.1.0)
RIFT
Rockstar Games Social Club
Saints Row: The Third
Scribblenauts Unlimited
Scrolls
Sid Meier's Civilization V
Spotify
Steam
Surgeon Simulator 2013
TeamSpeak 3 Client
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Late Night
The Sims™ 3 University Life
The Sims™ 3 World Adventures
Tomb Raider
Torchlight II
Towns
TrueCrypt
VIA Platform Device Manager
Worms Revolution
.
==== End Of File ===========================

RogueKiller did detect two entries - unsure what they are.

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 07/22/2013 14:42:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] e8b53a2a4de2439729e3f0f1fc19aaeb
[bSP] 3a8e10d5b127276b5a6918e44e730ead : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 243846 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] a68a760cc8444af3fe2baa3525eeb629
[bSP] c230593d7266b427bd796e3032d0a4e8 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Samsung SSD 840 PRO Series +++++
--- User ---
[MBR] 0396c04577b57c3ebbbd6ec0acee2a70
[bSP] 30b29a52438311981d61eb6325ea0b7f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07222013_144235.txt >>

Thanks

Maniac · July 22, 2013

Hello knee and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

knee · July 22, 2013

Thanks for the help, logs are below

OTL.txt

OTL logfile created on: 22/07/2013 14:59:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.26% Memory free
9.15 Gb Paging File | 7.70 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.13 Gb Total Space | 154.47 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive E: | 931.29 Gb Total Space | 831.83 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 779.83 Gb Free Space | 83.72% Space Free | Partition Type: NTFS

Computer Name: BLUE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/22 14:58:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2013/06/09 23:09:24 | 001,900,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/06/01 10:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/23 21:20:46 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/04 07:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 07:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 05:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 03:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 03:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/29 02:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/01/10 00:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/10 00:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/03 06:29:02 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/07/10 02:56:22 | 000,559,016 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/13 10:57:40 | 000,020,608 | ---- | M] (Mr. John aka japamd) [On_Demand | Stopped] -- C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/26 04:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/01 12:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/01 12:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/06/01 12:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/06/01 04:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/23 22:22:58 | 011,833,856 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/05/23 20:55:28 | 000,608,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/05/04 08:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/04 08:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/24 17:31:12 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/04/22 17:42:53 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 11:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 11:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 11:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/01/29 02:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/29 00:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/10 02:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/23 03:17:22 | 000,021,160 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdkmafd.sys -- (amdkmafd)
DRV:64bit: - [2012/09/20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/08/03 06:28:42 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012/07/26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 03:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2012/07/26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012/02/23 04:20:36 | 000,317,744 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mvs91xx.sys -- (mvs91xx)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3411466742-1522472821-638607703-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3411466742-1522472821-638607703-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3411466742-1522472821-638607703-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Clear Cache = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\0.3.3.3_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.4.3_0\
CHR - Extension: AdBlock = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: New Tab Behavior = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgjmlflcoalihhlikncfkoclobaemeg\1.0.1_0\
CHR - Extension: Window Resizer = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh\1.7.0.2_0\
CHR - Extension: Glossy Blue = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0\
CHR - Extension: Hover Zoom = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3411466742-1522472821-638607703-1001..\Run: [skyDrive] C:\Users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3411466742-1522472821-638607703-1001..\Run: [spotify] C:\Users\Chris\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3411466742-1522472821-638607703-1001..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17F98B56-7F17-4E3E-8E1B-204B68D4350C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17F98B56-7F17-4E3E-8E1B-204B68D4350C}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/22 14:41:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2013/07/22 14:30:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\infection
[2013/07/22 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/07/22 13:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/22 12:30:35 | 000,000,000 | ---D | C] -- F:\My Documents\Endless Space
[2013/07/19 13:21:36 | 000,000,000 | ---D | C] -- F:\My Documents\RIFT
[2013/07/19 13:07:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\RIFT
[2013/07/19 13:07:22 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT
[2013/07/19 13:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT
[2013/07/15 10:15:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Chromium
[2013/07/15 10:14:51 | 000,000,000 | ---D | C] -- F:\My Documents\Rockstar Games
[2013/07/15 10:13:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013/07/13 13:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/13 13:36:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/11 10:07:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/05 16:50:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\OBS
[2013/07/05 16:50:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
[2013/07/05 16:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OBS
[2013/07/04 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2013/07/04 15:58:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013/07/04 15:58:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\TeamSpeak 3 Client
[2013/07/04 13:11:39 | 000,000,000 | ---D | C] -- F:\My Documents\Baldur's Gate - Enhanced Edition
[2013/07/04 10:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
[2013/07/04 10:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Picroma
[2013/07/04 10:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cube World

========== Files - Modified Within 30 Days ==========

[2013/07/22 14:44:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 14:03:49 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/22 14:03:49 | 000,722,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/22 14:03:49 | 000,136,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/22 14:01:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 13:59:48 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 13:59:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/07/22 13:45:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/19 13:07:22 | 000,000,944 | ---- | M] () -- C:\Users\Chris\Desktop\RIFT.lnk
[2013/07/13 13:46:57 | 025,120,768 | ---- | M] () -- C:\Users\Chris\Desktop\RT-N66U_3.0.0.4_370.trx
[2013/07/12 15:37:51 | 000,130,844 | ---- | M] () -- C:\Users\Chris\Desktop\NCP Module Guide.pdf
[2013/07/12 06:24:15 | 002,063,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 10:07:25 | 000,001,045 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/07/11 10:07:21 | 000,001,013 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk
[2013/07/05 16:50:46 | 000,000,935 | ---- | M] () -- C:\Users\Chris\Desktop\Open Broadcaster Software.lnk
[2013/07/05 15:38:09 | 000,058,771 | ---- | M] () -- C:\Users\Chris\Desktop\Cube.exe_2013-07-05-14-35-04-352.jpg
[2013/07/04 15:58:26 | 000,001,203 | ---- | M] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2013/07/04 13:11:40 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/07/04 13:11:40 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/07/04 11:51:22 | 000,328,355 | ---- | M] () -- C:\Users\Chris\Desktop\Hills.jpg

========== Files Created - No Company Name ==========

[2013/07/22 13:45:19 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/19 13:07:22 | 000,000,944 | ---- | C] () -- C:\Users\Chris\Desktop\RIFT.lnk
[2013/07/12 15:37:51 | 000,130,844 | ---- | C] () -- C:\Users\Chris\Desktop\NCP Module Guide.pdf
[2013/07/12 06:24:13 | 002,063,920 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 10:00:32 | 000,386,642 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/05 16:50:46 | 000,000,935 | ---- | C] () -- C:\Users\Chris\Desktop\Open Broadcaster Software.lnk
[2013/07/05 15:38:09 | 000,058,771 | ---- | C] () -- C:\Users\Chris\Desktop\Cube.exe_2013-07-05-14-35-04-352.jpg
[2013/07/04 15:58:26 | 000,001,203 | ---- | C] () -- C:\Users\Chris\Desktop\TeamSpeak 3 Client.lnk
[2013/07/04 11:51:22 | 000,328,355 | ---- | C] () -- C:\Users\Chris\Desktop\Hills.jpg
[2013/06/05 12:16:09 | 000,003,072 | ---- | C] () -- C:\Users\Chris\AppData\Local\file__0.localstorage
[2013/05/06 13:03:07 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/04/09 20:25:19 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/04/09 19:15:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/03/29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/10/18 01:52:18 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/18 01:52:10 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/10/18 01:52:06 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2013/05/30 21:39:30 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 07:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 06:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/20 10:14:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Audacity
[2013/06/05 13:59:59 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Awesomium
[2013/07/22 14:00:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2013/07/11 10:07:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2013/07/22 14:26:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Foxit Software
[2013/05/20 10:15:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IrfanView
[2013/04/13 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NetBeans
[2013/05/01 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Notepad++
[2013/07/05 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OBS
[2013/06/06 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2013/07/05 14:45:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\RadeonPro
[2013/07/19 13:25:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\RIFT
[2013/05/26 10:15:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sports Interactive
[2013/07/22 13:50:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Spotify
[2013/04/22 20:32:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TrueCrypt
[2013/07/05 18:40:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 22/07/2013 14:59:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\downloads
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.96 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.26% Memory free
9.15 Gb Paging File | 7.70 Gb Available in Paging File | 84.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.13 Gb Total Space | 154.47 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive E: | 931.29 Gb Total Space | 831.83 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 779.83 Gb Free Space | 83.72% Space Free | Partition Type: NTFS

Computer Name: BLUE | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3411466742-1522472821-638607703-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{123C2A4F-8263-4183-B293-408A726105DB}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{16724B63-DCED-48A0-8685-533A28ABE23D}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C0B75A7-8578-4EB2-A2E3-F6C319ED9655}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C527223-F0C6-4E50-B5DB-833FB1678A88}" = lport=139 | protocol=6 | dir=in | app=system |
"{2ED72B34-320C-441A-B6F2-5AB39C7198C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{322C645F-434E-4C91-A694-C88DB14EA211}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35DA70B5-F4EF-4DDD-94DC-DEB292B18275}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3E2BD78B-27AA-4E15-B86C-AE5F74EFC31D}" = lport=445 | protocol=6 | dir=in | app=system |
"{416EB851-F075-4274-83A4-145CA593641A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B964E4D-47C9-4D51-BC6C-F1E834BD3DAB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{704AB3B0-762F-4B90-BB4D-C3608CB41A76}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{B6866B29-6111-4310-837D-97E16B254DCA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C64A2900-EBBD-480F-85AB-A108FBF36BB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{D115BF4B-2324-4AFE-8CDD-4E54076C4494}" = rport=445 | protocol=6 | dir=out | app=system |
"{F09D6210-DEBC-49C2-9CB6-8D83A43F60AB}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EB64B6-BC6C-42FF-9B2D-A88B858B13F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1450E9C4-0589-45BE-A987-D9B3EA22AEC1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2092115B-1CA2-48EB-8D70-850CACC11B75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{22CCE232-7F51-4FFC-BFFB-A88E179D82ED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{3189A2E8-D2A1-4126-8312-359D308E4212}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E3211A3-6E43-4D77-8A0E-AE4F61C6B2FD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{4AF86C64-6F7B-4078-BDB1-C386CC184332}" = dir=in | app=c:\users\chris\appdata\local\microsoft\skydrive\skydrive.exe |
"{5766F443-D282-4BCC-B7B6-7765593CCED4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{581AE540-9610-41ED-93C6-9814F58BEE55}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5F1BADB5-BD6B-465C-9200-3DD0DF16041E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{5F444223-2BA6-4848-8CDE-E52835EB3DE4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{68BEB30B-2BFD-4F45-9F73-3C7B4D2D3524}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{68D2D7BD-1A5B-461E-A5B7-9A2A5DFEFF61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{78274D8E-0BEB-4083-8D82-3DE6281A611B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{976E07F4-FEA6-4351-B85E-09FDADC509EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98C95876-8629-46D6-A290-E4178F5527C0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B81E4C9-673B-47BF-9229-B337D6EA7D2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{A67DF423-83C8-4F17-8C9D-1C3CB2BD99AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\euro truck simulator 2\bin\win_x86\eurotrucks2.exe |
"{AF676E8F-95AC-47A0-B912-D0729D130C65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\endless space\endlessspace.exe |
"{B1E5A4B9-0CC9-4CDC-A4A0-845D1FA3CB9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3CED0F5-61EB-4804-B426-F7676B597C0E}" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"{B94A09FD-0990-4616-8821-2F484544F03C}" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"{CBCB6B58-CACC-4CE2-A157-6F3E1F4C1414}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{CD00BEA9-802D-414F-A0F8-540888043F39}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D27E7BB2-DA64-414A-B659-123196D4A45F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\castlecrashers\castle.exe |
"{D2EDBC9E-DD40-4AC7-B432-82538F9FFAA8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{DABAB647-A0A3-4F22-A55D-4EFF4BC232E2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DF7E1B7D-BFAC-444A-B211-10CE0483EEC3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{FF4A92FF-2F16-467B-BE7A-69183885228E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{399F96CA-5441-4681-925C-28766982C775}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe |
"TCP Query User{39CE7A14-1FE2-48EF-8989-219247021D7D}E:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=e:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{6D6C93F0-BF1D-4204-8151-D590C0E79B27}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BD887220-3B0E-47E8-BFAA-D0AF4D160D38}E:\steamlibrary\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=e:\steamlibrary\steamapps\common\planetside 2\planetside2.exe |
"TCP Query User{FDB840F6-CA59-41BA-A3A1-93A9594A9D3B}E:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe" = protocol=6 | dir=in | app=e:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{1D7118DF-5286-4CD3-AA42-D843FBC3A50E}C:\users\chris\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\spotify\spotify.exe |
"UDP Query User{28CEBA7C-0CED-45E5-B550-E497847392ED}E:\steamlibrary\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=e:\steamlibrary\steamapps\common\planetside 2\planetside2.exe |
"UDP Query User{3A4C2EC5-A1A1-4AD6-B0F3-F10B09A6AFB9}E:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=e:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{B0CB2BA1-FCAB-47AC-A804-9FB89CAA9283}E:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe" = protocol=17 | dir=in | app=e:\steamlibrary\steamapps\common\dirt 3\dirt3_game.exe |
"UDP Query User{C6DFC7F2-503E-46AD-A6CB-939A67945D09}C:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\chris\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{68C93934-970B-14F1-671D-224ADEFCC30B}" = AMD Catalyst Install Manager
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{CDD2EF58-13FD-8ED1-41F7-977E88AAB213}" = ccc-utility64
"{F97322FA-40AE-89C0-EE30-8E67D6B35496}" = AMD Accelerated Video Transcoding
"CCleaner" = CCleaner
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08705AC5-CEAD-90DA-1A2D-EBB8079EE5F1}" = CCC Help Chinese Traditional
"{13135A83-7019-8FC9-7454-7DDDD53D1241}" = CCC Help Italian
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{19C3AE5E-CF47-B722-07EA-0516CB525BA4}" = CCC Help Norwegian
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1DACAB2A-E9C7-90C6-1BDE-C3907562A112}" = CCC Help Turkish
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2E6D3375-B935-6DC5-AD81-64353AD0275E}" = Catalyst Control Center Graphics Previews Common
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FFBF70A-9D40-4C3C-8F6C-6C3237B419BA}" = Scrolls
"{32A3A4F4-B792-11D6-A78A-00B0D0170250}" = Java SE Development Kit 7 Update 25
"{39775373-A05F-3F78-9AD0-4DC35D17F212}" = CCC Help Russian
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F0DDA99-FF02-5C57-C2BE-059E66D9DCA9}" = CCC Help Swedish
"{500FB8D6-1FEC-2A06-0951-7F9410D7A451}" = CCC Help Dutch
"{6559DE0C-AE26-E67E-8A66-269CD8254FD8}" = AMD Catalyst Control Center
"{6B8A3B8A-10C1-0E60-ED37-B3E673B3AAD1}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{763DCF7E-659D-4AE4-BF3E-837B9CB06840}" = CCC Help Greek
"{76BCFDC5-62AC-2BBB-6A9D-5F3184F9883B}" = CCC Help Spanish
"{7EB7163E-E1F1-98A5-AC8F-E8F89D67FCE7}" = CCC Help Japanese
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8342CE3B-9B7B-713D-41FE-389DAA623583}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0054-0409-0000-0000000FF1CE}" = Microsoft Visio MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91150000-0051-0000-0000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{957199C8-7F37-D978-4A39-992195F40DCC}" = CCC Help Polish
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F8F3C7-B581-DE92-591B-3681CFD23268}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D4229C-CF58-62BC-4DFF-B5860BBD4C0D}" = CCC Help Thai
"{AD18DFD0-96BB-9FCF-A1A2-78DB2566C633}" = CCC Help Hungarian
"{B5857D3C-9175-B3BE-F60A-CD9A63DEAA4D}" = CCC Help French
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BED97701-6216-C24D-CDF1-AE80CBFAD00E}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C566111B-D629-18A7-4549-7627B20FD69B}" = Catalyst Control Center InstallProxy
"{CB2380B7-1EB5-32CE-589E-1C835C288024}" = CCC Help Portuguese
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D7C05D63-6EED-53C4-18D6-42CD1A3C1234}" = CCC Help Finnish
"{E2267BB9-DF97-41CA-B15F-2B6AE82B02F9}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F6463569-DE3A-ED32-8AB9-8C046FE02687}" = CCC Help Czech
"{F87BEBBC-441C-ED0C-B9AA-CC2037663532}" = CCC Help German
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"nbi-nb-base-7.3.0.0.201302132200" = NetBeans IDE 7.3
"Notepad++" = Notepad++
"Office15.VISPROR" = Microsoft Visio Professional 2013
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"Origin" = Origin
"RadeonPro_is1" = RadeonPro 1.0 (Build 1.1.1.0)
"Rockstar Games Social Club" = Rockstar Games Social Club
"Scrolls 1.0.0" = Scrolls
"Steam App 110800" = L.A. Noire
"Steam App 200170" = Worms Revolution
"Steam App 200710" = Torchlight II
"Steam App 203160" = Tomb Raider
"Steam App 204360" = Castle Crashers
"Steam App 207890" = Football Manager 2013
"Steam App 208140" = Endless Space
"Steam App 208500" = F1 2012
"Steam App 212680" = FTL: Faster Than Light
"Steam App 218230" = PlanetSide 2
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 221020" = Towns
"Steam App 227300" = Euro Truck Simulator 2
"Steam App 233450" = Prison Architect
"Steam App 233720" = Surgeon Simulator 2013
"Steam App 44320" = DiRT 3
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 65800" = Dungeon Defenders
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"TrueCrypt" = TrueCrypt

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3411466742-1522472821-638607703-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.7.1
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client

< End of report >

Maniac · July 22, 2013

You have this problem only with Chrome?

knee · July 22, 2013

Yes just Chrome, wasn't sure if it was just MalwareBytes doing its job or not.

Maniac · July 22, 2013

You have several active extensions in Chrome, one of them is your problem. Please disable it one by one, restart your browser and check for IP blocking.

https://support.google.com/chrome/answer/187443?hl=en

knee · July 22, 2013

Thanks, Will do as you suggest and try track down the offending addon

Maniac · July 22, 2013

Please let me know which of them is actually the problem when you are ready, of course.

Thanks in advance!

knee · July 22, 2013

Blocking still happens with all extensions disabled. Think I might have found the culprit though. Narrowed the blocking down to a couple of websites, gamespot.com and gamefaqs.com (which belongs to gamespot) - I think, its one or more of their adverts that malwarebytes is blocking. Seems I might have wasted your time and I jumped the gun thinking I had an infected. Sorry for that.

Maniac · July 22, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

knee · July 22, 2013

ComboFix log

ComboFix 13-07-22.01 - Chris 22/07/2013 16:16:26.1.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.8149.6024 [GMT 1:00]
Running from: f:\downloads\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-06-22 to 2013-07-22 )))))))))))))))))))))))))))))))
.
.
2013-07-22 15:18 . 2013-07-22 15:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-22 15:18 . 2013-07-22 15:18 -------- d-----w- c:\users\Chris\AppData\Local\temp
2013-07-22 14:08 . 2013-07-22 14:08 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89C7A994-D851-4E59-9AF4-F213D1990C0F}\offreg.dll
2013-07-22 13:19 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89C7A994-D851-4E59-9AF4-F213D1990C0F}\mpengine.dll
2013-07-22 12:45 . 2013-07-22 12:45 -------- d-----w- c:\program files\CCleaner
2013-07-19 12:07 . 2013-07-19 12:25 -------- d-----w- c:\users\Chris\AppData\Roaming\RIFT
2013-07-19 12:07 . 2013-07-22 10:14 -------- d-----w- c:\program files (x86)\RIFT
2013-07-15 09:15 . 2013-07-15 09:15 -------- d-----w- c:\users\Chris\AppData\Local\Chromium
2013-07-15 09:13 . 2013-07-15 09:13 -------- d-----w- c:\program files (x86)\Rockstar Games
2013-07-13 12:36 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-11 09:07 . 2013-07-11 09:08 -------- d-----w- c:\windows\system32\MRT
2013-07-11 08:59 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 08:59 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 08:59 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 08:59 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-05 15:50 . 2013-07-05 15:50 -------- d-----w- c:\users\Chris\AppData\Roaming\OBS
2013-07-05 15:50 . 2013-07-05 15:50 -------- d-----w- c:\program files (x86)\OBS
2013-07-04 15:11 . 2013-07-05 17:40 -------- d-----w- c:\users\Chris\AppData\Roaming\TS3Client
2013-07-04 14:58 . 2013-07-04 14:58 -------- d-----w- c:\users\Chris\AppData\Local\TeamSpeak 3 Client
2013-07-04 09:53 . 2013-07-05 17:28 -------- d-----w- c:\program files (x86)\Cube World
2013-07-04 09:53 . 2013-07-04 09:53 -------- d-----w- c:\programdata\Picroma
2013-07-01 09:33 . 2013-07-01 09:33 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 09:17 . 2013-04-10 09:17 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-04 12:11 . 2013-05-01 14:40 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-07-04 12:11 . 2013-05-01 14:40 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-07-04 12:11 . 2013-05-01 14:40 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-04 12:11 . 2013-05-01 14:40 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-07-01 09:33 . 2013-04-13 10:14 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-01 09:33 . 2013-04-13 10:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-27 22:04 . 2012-07-26 08:14 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-23 23:57 . 2013-04-09 18:31 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-06 10:00 . 2013-06-06 10:05 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2013-05-30 23:24 . 2013-06-17 09:15 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-17 09:15 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-17 09:15 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-23 21:25 . 2013-05-23 21:25 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-05-23 21:25 . 2013-05-23 21:25 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-05-23 21:25 . 2013-05-23 21:25 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-05-23 21:25 . 2013-05-23 21:25 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-05-23 21:25 . 2013-04-16 14:54 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-05-23 21:25 . 2013-05-23 21:25 123216 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-05-23 21:25 . 2013-03-21 06:42 113464 ----a-w- c:\windows\system32\atiu9p64.dll
2013-05-23 21:25 . 2013-05-23 21:25 97448 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-05-23 21:25 . 2013-04-16 14:53 1182056 ----a-w- c:\windows\system32\aticfx64.dll
2013-05-23 21:25 . 2013-05-23 21:25 990976 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-05-23 21:24 . 2013-04-16 14:53 8431232 ----a-w- c:\windows\system32\atidxx64.dll
2013-05-23 21:24 . 2013-05-23 21:24 7378560 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-05-23 21:24 . 2013-05-23 21:24 4415256 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-05-23 21:24 . 2013-05-23 21:24 5963328 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-05-23 21:24 . 2013-03-21 06:41 4957536 ----a-w- c:\windows\system32\atiumd6a.dll
2013-05-23 21:24 . 2013-03-21 06:41 6984088 ----a-w- c:\windows\system32\atiumd64.dll
2013-05-23 21:22 . 2013-05-23 21:22 11833856 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-05-23 21:10 . 2013-05-23 21:10 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-05-23 21:10 . 2013-05-23 21:10 98304 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-05-23 21:09 . 2013-05-23 21:09 82944 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-05-23 21:09 . 2013-05-23 21:09 86016 ----a-w- c:\windows\system32\OVDecode64.dll
2013-05-23 21:09 . 2013-05-23 21:09 72704 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-05-23 21:09 . 2013-05-23 21:09 27800576 ----a-w- c:\windows\system32\amdocl64.dll
2013-05-23 21:07 . 2013-05-23 21:07 23420928 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-05-23 21:05 . 2013-05-23 21:05 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-23 21:05 . 2013-05-23 21:05 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-05-23 20:46 . 2013-05-23 20:46 118784 ----a-w- c:\windows\system32\coinst_13.101.dll
2013-05-23 20:44 . 2013-05-23 20:44 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-05-23 20:42 . 2013-05-23 20:42 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-05-23 20:42 . 2013-05-23 20:42 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-05-23 20:42 . 2013-05-23 20:42 24250880 ----a-w- c:\windows\system32\atio6axx.dll
2013-05-23 20:42 . 2013-05-23 20:42 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-05-23 20:42 . 2013-05-23 20:42 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-05-23 20:42 . 2013-05-23 20:42 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-05-23 20:37 . 2013-05-23 20:37 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-05-23 20:26 . 2013-05-23 20:26 19906560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-05-23 20:21 . 2013-03-21 01:52 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-05-23 20:21 . 2013-05-23 20:21 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-05-23 20:21 . 2013-05-23 20:21 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-05-23 20:20 . 2013-05-23 20:20 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-05-23 20:19 . 2013-05-23 20:19 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-05-23 20:19 . 2013-05-23 20:19 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-05-23 20:18 . 2013-05-23 20:18 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-05-23 19:56 . 2013-03-21 01:26 594944 ----a-w- c:\windows\system32\atiadlxx.dll
2013-05-23 19:56 . 2013-05-23 19:56 419840 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-05-23 19:55 . 2013-05-23 19:55 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2013-05-23 19:55 . 2013-05-23 19:55 15872 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-05-23 19:55 . 2013-05-23 19:55 15872 ----a-w- c:\windows\system32\atiglpxx.dll
2013-05-23 19:55 . 2013-05-23 19:55 95232 ----a-w- c:\windows\system32\amdave64.dll
2013-05-23 19:55 . 2013-05-23 19:55 41984 ----a-w- c:\windows\system32\atig6txx.dll
2013-05-23 19:55 . 2013-05-23 19:55 89600 ----a-w- c:\windows\SysWow64\amdave32.dll
2013-05-23 19:55 . 2013-05-23 19:55 36352 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-05-23 19:55 . 2013-05-23 19:55 89088 ----a-w- c:\windows\system32\atisamu64.dll
2013-05-23 19:55 . 2013-05-23 19:55 608256 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-05-23 19:55 . 2013-05-23 19:55 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2013-05-23 19:51 . 2013-05-23 19:51 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-05-15 22:37 . 2013-06-17 09:15 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-17 09:15 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 22:35 . 2013-06-17 09:15 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-05-15 02:25 . 2013-06-17 09:15 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-17 09:15 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-17 09:15 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-17 09:15 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-17 09:15 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 10:14 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-14 09:23 . 2013-06-17 09:15 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-05 15:51 . 2012-06-24 00:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-05-05 15:51 . 2012-06-24 00:21 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2013-05-04 07:58 . 2013-06-17 09:15 120736 ----a-w- c:\windows\system32\AuthHost.exe
2013-05-04 07:34 . 2013-06-17 09:15 446720 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS
2013-05-04 07:34 . 2013-06-17 09:15 284416 ----a-w- c:\windows\system32\drivers\spaceport.sys
2013-05-04 07:30 . 2013-06-17 09:15 58312 ----a-w- c:\windows\system32\wuauclt.exe
2013-05-04 06:59 . 2013-06-17 09:15 39424 ----a-w- c:\windows\system32\wuapp.exe
2013-05-04 06:59 . 2013-06-17 09:15 1483776 ----a-w- c:\windows\system32\VSSVC.exe
2013-05-04 06:59 . 2013-06-17 09:15 812544 ----a-w- c:\windows\system32\Magnify.exe
2013-05-04 06:59 . 2013-06-17 09:15 98304 ----a-w- c:\windows\system32\wudriver.dll
2013-05-04 06:59 . 2013-06-17 09:15 251904 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-05-04 06:59 . 2013-06-17 09:15 141824 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-04 06:59 . 2013-06-17 09:15 3241472 ----a-w- c:\windows\system32\wuaueng.dll
2013-05-04 06:59 . 2013-06-17 09:15 760320 ----a-w- c:\windows\system32\wuapi.dll
2013-05-04 06:59 . 2013-06-17 09:15 1619968 ----a-w- c:\windows\system32\wucltux.dll
2013-05-04 06:59 . 2013-06-17 09:15 13644288 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-05-04 06:58 . 2013-06-17 09:15 10116096 ----a-w- c:\windows\system32\twinui.dll
2013-05-04 06:58 . 2013-06-17 09:15 328192 ----a-w- c:\windows\system32\ubpm.dll
2013-05-04 06:58 . 2013-06-17 09:15 1332736 ----a-w- c:\windows\system32\sysmain.dll
2013-05-04 06:58 . 2013-06-17 09:15 173568 ----a-w- c:\windows\system32\storewuauth.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-04 09:51 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-04 09:51 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-04 09:51 222832 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Chris\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-04 257136]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-10 1672616]
"Spotify"="c:\users\Chris\AppData\Roaming\Spotify\spotify.exe" [2013-07-11 4640768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-05-23 676608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-7-3 29337928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
R3 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\System32\drivers\amdkmafd.sys;c:\windows\SYSNATIVE\drivers\amdkmafd.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 14:44 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 18:24]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09 18:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-04 09:51 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-04 09:51 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-04 09:51 261744 ----a-w- c:\users\Chris\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-11 09:17 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-11 09:17 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-11 09:17 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-11 23:08 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{17F98B56-7F17-4E3E-8E1B-204B68D4350C}: NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-51291065.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3411466742-1522472821-638607703-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:f9,03,3e,e9,af,0f,c2,bc,4c,b1,5a,03,97,03,93,9f,42,83,2d,87,a8,
25,a7,af,f2,1e,53,3a,7f,cb,e9,f8,e0,67,bf,e4,66,4c,fa,fd,1b,2e,d4,bd,d8,93,\
"rkeysecu"=hex:70,13,58,70,1d,25,13,a7,7f,29,c6,91,00,34,42,87
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-22 16:19:03
ComboFix-quarantined-files.txt 2013-07-22 15:19
.
Pre-Run: 165,633,814,528 bytes free
Post-Run: 165,507,985,408 bytes free
.
- - End Of File - - 96FD2A126DFC665DF6EF0036FDAF833C
A36C5E4F47E84449FF07ED3517B43A31

Maniac · July 22, 2013

Please scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
  Save it to your Desktop.
- Double click on the to download the ESET Smart Installer. icon on your Desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under Scan Settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

knee · July 22, 2013

After the scan this is what was written to the log. I know FoxIt has the ask toolbar as part of the setup but I always refuse to install it. As for the Gigabyte files, I'm assuming that's a false positive as a PUP?

F:\downloads\FoxitReader602.0413_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask.D application cleaned by deleting - quarantined
F:\drop backup\Gigabyte Z77X-D3H Drivers\Marvell Storage Utility\mb_driver_marvell_msu.exe Win32/PrcView application deleted - quarantined
F:\Dropbox\Gigabyte Z77X-D3H Drivers\Marvell Storage Utility\mb_driver_marvell_msu.exe Win32/PrcView application deleted - quarantined

Maniac · July 22, 2013

Those type of programs are included in the Riskware category, but they are not directly malicious, but are often used in conjunction with Malware.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

AdvancedSetup · July 27, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Malwarebytes Blocking Outgoing IPS 94.242.251.103 etc

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information