Jump to content

Need urgent help, explorer.exe infected with virus


Recommended Posts

Ok so the issue I'm having is Malwarebytes keeps popping notifications up saying that my explorer.exe keeps trying to connect to malicious IP adresses but Malwarebytes blocks it. I scanned my pc with Malwarebytes (I have the premium version not the free version) and cleaned all the objects it found and still the same problem with explorer.exe so I then scanned with AVG anti-virus and removed all objects it found but still the same problem. Explorer.exe keeps trying to connect to malicious adresses only to be blocked by Malwarebytes. I have also scanned my pc with both adw cleaner and junkware removal tool all to no avail, still same issue. Please if someone can help me clean this garbage messing with explorer.exe It will be greatly appreciated.

Link to post
Share on other sites

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:
C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

 

Let me see those logs in your next reply...

 

Kevin.

Link to post
Share on other sites

Ok thank you, here are the logs you requested.

 

Farbar Scan logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-10-2014 01
Ran by Ant at 2014-10-01 20:53:03
Running from C:\Users\Ant\Desktop\Farbar Recovery
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security Business Edition (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security Business Edition (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security Business Edition (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Bridge DS4 (64bit) (HKLM-x32\...\3D Bridge DS4 (64bit) 1.3.0.18) (Version: 1.3.0.18 - DAZ 3D)
ActivePerl 5.14.2 Build 1402 (HKLM-x32\...\{02BFF1A3-A0D5-4F64-8558-A22682BCDA58}) (Version: 5.14.1402 - ActiveState)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.0.3.13070 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ASRock OC Tuner v2.4.70 (HKLM-x32\...\ASRock OC Tuner_is1) (Version:  - )
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit (HKLM\...\Autodesk DirectConnect 2015 64-bit) (Version: 9.0.56.4 - Autodesk)
Autodesk DirectConnect 2015 64-bit (Version: 9.0.56.4 - Autodesk) Hidden
Autodesk Maya 2015 (HKLM\...\Autodesk Maya 2015) (Version: 15.0.1335.0 - Autodesk)
Autodesk Maya 2015 (Version: 15.0.1335.0 - Autodesk) Hidden
AVG (HKLM\...\AVG) (Version: 3469 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2441 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4010.19 - AVG Technologies)
AVG PC TuneUp (x32 Version: 12.0.4010.19 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4010.19 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.7 - AVG Technologies)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
Bolt Screensaver (HKLM-x32\...\Bolt Screensaver) (Version:  - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Core Temp version 0.99.7 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 0.99.7 - Arthur Liberman)
CPUID CPU-Z 1.57 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.7) (Version: 4.8.1.7 - DAZ 3D)
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.27) (Version: 1.1.0.27 - DAZ 3D)
DAZ Studio 4.6 (64bit) (HKLM-x32\...\DAZ Studio 4.6 (64bit) 4.6.0.18) (Version: 4.6.0.18 - DAZ 3D)
Dead Rising 2: OTR (x32 Version: 1.0.0000.131 - Capcom) Hidden
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
DellTouch (HKLM-x32\...\{706D5382-7381-4680-9DD0-161832578252}) (Version:  - )
D-i-v-X AVI Codec Pack Pro 2.4.0 (HKLM-x32\...\D-i-v-X - AVI Codec Pack Pro) (Version:  - D-i-v-X AVI Codec Pack Pro)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
eMedia Piano and Keyboard Method (HKLM-x32\...\{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}) (Version:  - eMedia Piano and Keyboard Method)
Fallen Earth (HKLM-x32\...\Steam App 113420) (Version:  - )
Feedback Tool (HKLM-x32\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
FeralHeart version 1.13 (HKLM-x32\...\{EAD29228-1A50-4178-B1EA-E1D83FC691F0}_is1) (Version: 1.13 - Kovuworks)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Free DigiRack Plug-Ins 8.0 (HKLM-x32\...\{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}) (Version: 8.0 - Digidesign, A Division of Avid Technology, Inc.)
FurryBall 4 (HKLM\...\FurryBall 4_is1) (Version: 4.8.3286 - Art And Animation Studio)
Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin VoiceStudio v2.40 (HKLM-x32\...\{15DF4EE8-DE41-453A-800A-5814A5CDF003}) (Version: 2.40.0.0 - Garmin Ltd or its subsidiaries)
Genesis Starter Essentials (HKLM-x32\...\Genesis Starter Essentials 1.13) (Version: 1.13 - DAZ 3D)
GIANTS Editor 4.1.7 (HKLM-x32\...\giants_editor_4.1.7_is1) (Version: 4.1.7 - GIANTS Software GmbH)
GIANTS Editor 5.0.1 (HKLM-x32\...\giants_editor_5.0.1_is1) (Version: 5.0.1 - GIANTS Software GmbH)
GIANTS Editor 5.0.3 64-bit (HKLM-x32\...\giants_editor_5.0.3_win64_is1) (Version: 5.0.3 - GIANTS Software GmbH)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoZ DS4 (64bit) (HKLM-x32\...\GoZ DS4 (64bit) 1.3.0.18) (Version: 1.3.0.18 - DAZ 3D)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Hexagon 2 (HKLM-x32\...\Hexagon 2 2.5.1.79) (Version: 2.5.1.79 - DAZ 3D)
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Impressive World (HKLM-x32\...\Impressive World) (Version: 0.9d1 build 0027 Winter Fix - Puchisoft, Inc.)
Install Creator (HKLM-x32\...\Install Creator) (Version:  - )
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.5 - PACE Anti-Piracy)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Java 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version:  - Valve)
Lexmark 2500 Series (HKLM\...\Lexmark 2500 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version:  - )
MAGIX Burn routines (HKLM\...\{712D74A5-4C3D-41E6-A850-1696E54B28CD}) (Version: 11.0.0.237 - MAGIX AG)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{529AD3BB-8A9F-4178-8E67-02DF0A93D323}) (Version: 4.3.1.6 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.1.6 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (HKLM-x32\...\MX.{088A4B09-8FB2-48D0-932A-7F90BE050543}) (Version: 20.0.2.35 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (HKLM-x32\...\MX.{773A4DDC-3B52-42C7-8B7A-52369B9A390B}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker 2014 Premium (Synthesizer and effects) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium (Version: 20.0.2.35 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Premium Update (Version: 20.0.4.49 - MAGIX AG) Hidden
MAGIX Music Maker 2014 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (HKLM-x32\...\MAGIX_{69B2507C-1C1B-47F5-8EC4-64F1C40D1B79}) (Version: 19.0.3.46 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.1.27 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
mental ray renderer for Autodesk Maya 2015 (HKLM\...\{BDF821F0-D64C-421D-0052-A9B995B20873}) (Version: 15.0.1335.0 - mental ray)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Professional - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 11 (HKLM-x32\...\{7E4413BB-CE31-4E01-A1C0-E37BDD0187CE}) (Version: 11.0.11200 - Nero AG)
Nero 11 Collection 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Disc Menus Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Image Samples (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes 3 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes 4 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero 11 PiP Effects Basic (x32 Version: 11.0.11400.14.0 - Nero AG) Hidden
Nero 11 Video Transitions 1 (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp 11 (x32 Version: 6.0.18000.19.100 - Nero AG) Hidden
Nero BackItUp 11 Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
Nero Burning ROM 11 (x32 Version: 11.0.12500.24.100 - Nero AG) Hidden
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15600.1.17 - Nero AG) Hidden
Nero CoverDesigner 11 (x32 Version: 6.0.10800.11.100 - Nero AG) Hidden
Nero CoverDesigner 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Express 11 (x32 Version: 11.0.11900.24.100 - Nero AG) Hidden
Nero Express 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.10.24000.138.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Recode 11 (x32 Version: 5.0.13800.37.100 - Nero AG) Hidden
Nero Recode 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero SoundTrax 11 (x32 Version: 5.0.10700.6.100 - Nero AG) Hidden
Nero SoundTrax 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
Nero Video 11 (x32 Version: 8.0.14600.27.100 - Nero AG) Hidden
Nero Video 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero WaveEditor 11 (x32 Version: 6.0.11100.7.100 - Nero AG) Hidden
Nero WaveEditor 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20008 - Nero AG) Hidden
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.8.6 - )
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA nTune (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIA nTune (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version:  - Codemasters Action Studio)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
PlayItAll media player 1.0.5 (HKLM-x32\...\PlayItAll media player) (Version: 1.0.5 - PlayItAll)
Poser Pro 2014 version 10.0.3 (HKLM\...\Poser Pro 2014_is1) (Version: 10.0.3 - Smith Micro Software, Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Python 3.3.0 (64-bit) (HKLM\...\{290329c4-a276-3aec-b633-9f5a39d8dd96}) (Version: 3.3.150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
Saints Row IV (HKLM-x32\...\U2FpbnRzUm93SVY=_is1) (Version: 1 - )
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version:  - )
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Silent Hill Homecoming (HKLM-x32\...\{AE7D5AF6-E561-4711-BC5A-E2CE7AFD8CA7}_is1) (Version:  - Konami)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SlimDX Redistributable (March 2009) (HKLM-x32\...\{D5395E5F-4D45-4665-8F00-234FA33678AF}) (Version: 2.0.7.41 - SlimDX Group)
Sniper Elite: Nazi Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.80.4.50 - Conexant Systems)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{6473C0E9-9763-4D94-808A-B250540AA750}) (Version: 10.0.152 - Sony)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tablet Driver V7.0 (HKLM-x32\...\TabletDriver) (Version:  - )
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\Steam App 212630) (Version:  - Ubisoft Paris)
Toon Boom Studio 8.0 (HKLM-x32\...\{D7294307-BFD3-4D70-8A8B-80693EB8245C}) (Version:  - Toon Boom Animation Inc.)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
TSR RigFix (HKLM-x32\...\{1F2A56A0-AF80-4423-8C73-ADBFAB40E629}) (Version: 1.0.10 - The Sims Resource)
TSR Workshop (HKLM-x32\...\{496A7E82-448B-4D22-A941-6650D7BA87C9}) (Version: 2.0.28 - The Sims Resource)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 add-on content (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Drum Engine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Piano (Version: 1.0.2.0 - MAGIX AG) Hidden
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
welcome (x32 Version: 11.0.21500.0.4 - Nero AG) Hidden
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.6.1 - Shark007)
Windows Driver Package - Acer, Inc (androidusb) USB  (12/20/2011 1.0.0010.00000) (HKLM\...\3A22385941281AFEE4CDB6EE09AB8D0BF418CE17) (Version: 12/20/2011 1.0.0010.00000 - Acer, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Linux Developer Community Net  (12/08/2011 5.1.2600.2781) (HKLM\...\AAA1ACCA6262EC232B355F1427BDDE4D745AFBC1) (Version: 12/08/2011 5.1.2600.2781 - Linux Developer Community)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wolf-Online (HKLM-x32\...\{9059877F-745A-437B-B2E7-898187A30B6D}) (Version: 1.2.0 - Raven-Woods)
WolfQuest (HKLM-x32\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb)
XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-14057114-1929341420-811863276-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> F:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

24-09-2014 07:41:58 Installed DirectX
26-09-2014 23:06:09 Device Driver Package Install: PenTablet Tablet pointing devices
26-09-2014 23:06:54 Device Driver Package Install: PenTablet Human Interface Devices
26-09-2014 23:07:15 Device Driver Package Install: PenTablet System devices
28-09-2014 10:11:29 Removed ABBYY FineReader 6.0 Sprint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2012-10-15 12:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01222B29-E531-4848-94A8-E69DC04E700A} - System32\Tasks\{84644C32-4A29-44E3-8FE4-B55877ED8D0B} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {14D34FB8-8C61-4114-ABA0-B50EAA8AA692} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02] (Google Inc.)
Task: {233AC164-0BD9-4F43-BCAC-0FE0EA6A3A29} - System32\Tasks\{548A4448-0353-4445-BA7B-92ECF49334F9} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {2CD6E76E-A2DD-4522-91BF-1F5AAD5A9FDC} - System32\Tasks\{7225FFF9-FE58-457C-86FB-C740ED225498} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {3F19D7E7-1276-4261-9089-8EE720919BB6} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2011-02-15] ()
Task: {40B25A5F-42D7-4E5B-8A72-6CC3E00D97CE} - System32\Tasks\{3DF5629B-657B-4B8A-9C5D-B2802D591CB2} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {4479072D-8486-4B15-A444-A830EEBCF7CE} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {448E8988-2521-476C-92C5-51CA402BD421} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {4B3F032B-46C9-4E46-B3B4-871FD0DA222D} - System32\Tasks\{81DF37F5-9CEE-4102-BF56-1D7FF83D1890} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {58C43E39-35AC-4DB8-9286-68665BCDDD48} - System32\Tasks\{5A08D91D-C3B0-4F16-A94B-77C8466D1432} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {6557654F-F2C8-4C64-9D47-0103A0955C8E} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {662C593B-320B-4262-8F50-FC708D900F10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-02] (Google Inc.)
Task: {682542F9-C77B-47C5-97CE-3CF0E1D08DFF} - System32\Tasks\{0817BC1A-E6E3-4EC4-9695-5A4DAC9B9DC0} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {6D17E236-9B29-4F62-9057-4804F5D1FEEF} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-12-14] (AVG)
Task: {6F13EF0F-BE5E-45E8-B717-F0131865DE05} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\CyberDefender\PC Optimizer\CDPCO.exe
Task: {70794593-5206-48CC-8553-D4321A4A18FB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {73F370A9-165F-4BDF-9113-A1264C445BA6} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {73F4DFCD-695F-4290-A4CC-34F34F1E2826} - System32\Tasks\{E5EEC2BB-01C4-48D1-95C6-1DE52448B478} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {8B50600C-120D-435C-8010-96624A802E23} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {9AFBAA7B-3D62-40DB-9EB7-7D377E4D833A} - System32\Tasks\AdobeAAMUpdater-1.0-Lambda-Ant => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {A209BD3D-8CAA-435B-887C-C297E5C42406} - System32\Tasks\{843C29D7-EF4D-4E5B-955E-CC01716688D8} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {B12AF6BE-0530-44C2-9C0C-1635FF358A48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {BE2CC202-F765-4166-B8E2-82D68C7F9484} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Task: {C0D1321E-FCFE-465D-8D8D-FAE6958A30DE} - System32\Tasks\{569344A3-AB63-4A87-ABA7-350AE44CCE6D} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {CA4A8F8E-D176-4544-9BE8-9C5BFC2306B4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-14057114-1929341420-811863276-1000
Task: {D619A566-C88B-44B8-8A9D-B8AB2DE30EAB} - System32\Tasks\{AF161EEA-B568-4349-86F1-13C9D400F6E6} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {E2AD383F-E6D6-4B1B-82A8-70C3FCFB5937} - System32\Tasks\{AEEA16D3-3F13-425B-BC64-0F6ED5FE7537} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {E82E6512-EABC-4620-A916-EFA7E3253517} - System32\Tasks\{24BCF9F1-9689-4C69-A004-66DF33E45415} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {ED3005B7-2C87-49DB-8E7A-ABE3E699D0BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F1CF94B8-BC7B-4189-81EF-D112DB3CBE3A} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-21 05:43 - 2014-09-13 16:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-20 18:33 - 2007-02-21 18:14 - 00045056 _____ () C:\Windows\System32\LXF3PMON.DLL
2014-06-20 18:33 - 2006-11-07 05:02 - 00036864 _____ () C:\Windows\System32\LXF3OEM.DLL
2014-06-20 18:33 - 2007-02-21 18:10 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2014-06-20 18:33 - 2007-02-21 18:14 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL
2014-06-20 18:37 - 2007-02-26 23:20 - 00125952 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdddrpp.dll
2014-08-31 16:16 - 2011-05-05 15:36 - 00022528 _____ () F:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
2014-08-31 16:16 - 2011-05-05 15:36 - 01479680 _____ () F:\Program Files\DAZ 3D\Content Management Service\ace_x64.dll
2014-08-31 16:16 - 2011-05-05 15:36 - 00977408 _____ () F:\Program Files\DAZ 3D\Content Management Service\VServer_x64.dll
2014-08-31 16:16 - 2011-05-05 15:36 - 01053696 _____ () F:\Program Files\DAZ 3D\Content Management Service\ace_ssl_x64.dll
2014-08-31 16:16 - 2011-05-05 15:36 - 00155136 _____ () F:\Program Files\DAZ 3D\Content Management Service\asnmp_x64.dll
2014-09-14 15:51 - 2014-09-14 15:51 - 03140096 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-09-14 15:51 - 2014-09-14 15:51 - 02498560 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2011-02-15 06:20 - 2011-02-15 06:20 - 00364544 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2014-06-29 05:04 - 2014-06-29 05:04 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-20 18:31 - 2007-06-11 14:27 - 00291760 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
2014-06-20 18:32 - 2007-04-30 03:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
2013-09-24 07:52 - 2011-06-20 03:28 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-09-24 07:52 - 2011-06-20 03:28 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-09-24 07:52 - 2011-06-20 03:28 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-09-10 16:46 - 2013-12-22 01:22 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-09-10 16:46 - 2013-12-22 01:22 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2012-05-30 07:09 - 2012-05-30 07:09 - 00301888 ____N () C:\Windows\system32\wintab32.dll
2011-02-15 06:20 - 2011-02-15 06:20 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2011-02-15 06:19 - 2011-02-15 06:19 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2011-02-15 06:19 - 2011-02-15 06:19 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2011-02-15 06:19 - 2011-02-15 06:19 - 00147456 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2011-02-15 06:20 - 2011-02-15 06:20 - 00278528 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-26 23:37 - 2010-07-26 23:37 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2012-05-30 07:09 - 2012-05-30 07:09 - 00301888 ____N () C:\Windows\system32\WinTab32.DLL
2014-06-20 18:31 - 2007-01-09 11:10 - 00278528 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll
2014-06-20 18:31 - 2007-03-06 02:16 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll
2014-06-20 18:31 - 2006-12-28 05:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll
2014-06-20 18:32 - 2007-05-30 00:12 - 00040960 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll
2014-06-20 18:32 - 2007-05-30 00:12 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll
2014-06-20 18:32 - 2007-05-30 00:11 - 00057344 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
2014-06-20 18:32 - 2007-04-30 03:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
2014-06-20 18:32 - 2007-04-30 03:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
2014-06-20 18:32 - 2007-04-30 03:20 - 00011776 _____ () C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2012-05-30 07:09 - 2012-05-30 07:09 - 00249664 ____N () C:\Windows\SysWOW64\WinTab32.DLL
2012-05-30 07:09 - 2012-05-30 07:09 - 00241472 _____ () C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2014-09-24 16:14 - 2014-09-24 16:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:2HpzFMl8ez8ZQOxFuy
AlternateDataStreams: C:\ProgramData\Microsoft:74HLvIQYXPqMvTGWSEFRk2
AlternateDataStreams: C:\ProgramData\Microsoft:fjVaVzOLC08XSyYasUsKW3d3a
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
AlternateDataStreams: C:\Users\Ant\Cookies:B9KUzZeygrYNwy8v97o
AlternateDataStreams: C:\Users\Ant\Cookies:kqKYjttNrsIctmbo
AlternateDataStreams: C:\Users\Ant\Cookies:lxtArG7CBP1MuEVx6brfZ
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temp:QJ3bzGs37VnWwIGuoSqbOQN6i
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temp:WkwfrXnNKC3EF9PWDIEtBLDGEmcj
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temporary Internet Files:BtpDgLbghcGpqa4VK1gZmv
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temporary Internet Files:YExPBeref04E6gq3devqW

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

724C975706F3454EA13B (S-1-5-21-14057114-1929341420-811863276-1008 - Limited - Enabled)
Administrator (S-1-5-21-14057114-1929341420-811863276-500 - Administrator - Disabled)
Ant (S-1-5-21-14057114-1929341420-811863276-1000 - Administrator - Enabled) => C:\Users\Ant
Guest (S-1-5-21-14057114-1929341420-811863276-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-14057114-1929341420-811863276-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.


==================== Memory info ===========================

Processor: AMD Athlon II X4 630 Processor
Percentage of memory in use: 51%
Total physical RAM: 4095.24 MB
Available physical RAM: 2003.27 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 5528.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:465.76 GB) (Free:60 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (Local Disk) (Fixed) (Total:233.76 GB) (Free:61.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233.8 GB) (Disk ID: B9BE7CFD)
Partition 1: (Not Active) - (Size=233.8 GB) - (Type=42)

==================== End Of Log ============================

Link to post
Share on other sites

Second Farbar scan log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-10-2014 01
Ran by Ant (administrator) on LAMBDA on 01-10-2014 20:51:46
Running from C:\Users\Ant\Desktop\Farbar Recovery
Loaded Profile: Ant (Available profiles: Ant)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
() F:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
( ) C:\Windows\System32\lxddcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeChat\LifeChat.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe
() C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
(Akamai Technologies, Inc.) C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [lxddmon.exe] => C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe [291760 2007-06-11] ()
HKLM\...\Run: [lxddamon] => C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe [20480 2007-04-30] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-20] (VIA)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-09-24] (FNet Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [312240 2007-06-11] ()
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2014-03-09] (Tablet Driver)
HKU\S-1-5-21-14057114-1929341420-811863276-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Ant\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-14057114-1929341420-811863276-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21646944 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-14057114-1929341420-811863276-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1323776 2014-09-24] (Bogdan Sharkov)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\NVIDIA => C:\PROGRA~1\NVIDIA File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0064AACF503BCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {26FA9842-99EC-5E06-B85A-1C19D5B532C6} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ant\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Ant\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ant\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: Yahoo! Toolbar - C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-01]
FF Extension: Personas Plus - C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\Extensions\personas@christopher.beard.xpi [2014-06-08]
FF Extension: Adblock Plus - C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-02]
CHR Extension: (Google Drive) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-02]
CHR Extension: (YouTube) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-02]
CHR Extension: (Google Search) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02]
CHR Extension: (Gmail) - C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 DAZContentManagementService; F:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 lxdd_device; C:\Windows\system32\lxddcoms.exe [567216 2007-05-25] ( )
R2 lxdd_device; C:\Windows\SysWOW64\lxddcoms.exe [537520 2007-05-25] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-29] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148816 2012-12-14] (AVG)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [X]
S2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-09-12] (AVG Technologies)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-07-29] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-09-24] (FNet Co., Ltd.)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1485824 2009-02-13] (Conexant Systems, Inc.)
S3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2010-08-10] (Leaf Networks)
R3 LoopBeMidi1; C:\Windows\System32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NVR0Dev; C:\Windows\nvoclk64.sys [18216 2007-01-22] (NVidia Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-09-16] (Realtek Semiconductor Corporation                           ) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-03] () [File not signed]
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
S3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
U3 a7yvnaf9; C:\Windows\System32\Drivers\a7yvnaf9.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Ant\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Fwleaf; system32\DRIVERS\fwleaf.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 20:51 - 2014-10-01 20:51 - 00000000 ____D () C:\FRST
2014-10-01 20:49 - 2014-10-01 20:51 - 00000000 ____D () C:\Users\Ant\Desktop\Farbar Recovery
2014-09-30 04:57 - 2014-09-30 04:57 - 00001900 _____ () C:\Users\Ant\Desktop\JRT.txt
2014-09-30 04:53 - 2014-09-30 04:53 - 00000000 ____D () C:\Windows\ERUNT
2014-09-30 04:50 - 2014-09-30 04:50 - 01699276 _____ (Thisisu) C:\Users\Ant\Desktop\JRT.exe
2014-09-30 04:44 - 2014-09-30 04:44 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-30 04:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-30 04:36 - 2014-09-30 04:40 - 00000000 ____D () C:\AdwCleaner
2014-09-30 04:32 - 2014-09-30 04:32 - 01373475 _____ () C:\Users\Ant\Downloads\AdwCleaner.exe
2014-09-30 04:14 - 2014-09-30 04:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ant\Downloads\tdsskiller(1).exe
2014-09-28 19:21 - 2014-09-28 19:21 - 00790240 _____ (Shark Labs) C:\Users\Ant\Downloads\CFSetup360.exe
2014-09-27 04:22 - 2014-09-27 04:32 - 00000000 ____D () C:\Users\Ant\Desktop\BNEHM map
2014-09-26 22:03 - 2014-09-26 22:03 - 00000843 _____ () C:\Users\Ant\AppData\Local\recently-used.xbel
2014-09-26 18:05 - 2014-09-26 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
2014-09-26 18:05 - 2014-09-26 18:07 - 00000000 ____D () C:\Program Files (x86)\TABLET
2014-09-24 16:14 - 2014-09-24 16:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 10:07 - 2014-09-24 10:07 - 00007168 ____N () C:\bootex.log
2014-09-24 06:21 - 2014-09-24 06:21 - 00000000 __SHD () C:\found.000
2014-09-24 02:43 - 2014-09-24 02:43 - 00002031 _____ () C:\Users\Public\Desktop\Microsoft LifeCam.lnk
2014-09-24 02:43 - 2014-09-24 02:43 - 00002031 _____ () C:\ProgramData\Desktop\Microsoft LifeCam.lnk
2014-09-24 02:43 - 2014-09-24 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2014-09-24 02:42 - 2014-09-24 02:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-09-24 02:42 - 2014-09-24 02:42 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-09-24 02:27 - 2014-10-01 20:34 - 00002922 _____ () C:\Windows\setupact.log
2014-09-24 02:09 - 2014-09-24 02:21 - 29546352 _____ (Microsoft Corporation) C:\Users\Ant\Downloads\LifeCam3.22.exe
2014-09-21 21:45 - 2014-09-21 22:05 - 00000264 _____ () C:\Windows\Tablet8000x6000M.ini
2014-09-21 21:21 - 2014-09-26 18:05 - 00000000 ____D () C:\Windows\SysWOW64\TabletPmt
2014-09-21 15:07 - 2014-09-21 15:07 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\NVIDIA
2014-09-21 05:44 - 2014-09-13 15:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-21 05:43 - 2014-09-13 16:53 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-21 05:43 - 2014-09-13 16:53 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-21 05:43 - 2014-09-13 16:53 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-21 05:43 - 2014-09-13 16:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-21 05:43 - 2014-09-13 16:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-21 05:43 - 2014-09-11 10:37 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-21 05:42 - 2014-09-13 18:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-09-21 05:42 - 2014-09-13 18:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-21 05:38 - 2014-09-13 18:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-21 05:38 - 2014-09-13 18:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-21 03:35 - 2014-09-21 03:37 - 01354752 _____ () C:\Users\Ant\Downloads\pcscreencapture.exe
2014-09-21 01:58 - 2014-09-21 01:58 - 00000000 ____D () C:\Users\Ant\AppData\Local\LogMeIn
2014-09-21 01:58 - 2014-09-21 01:58 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-09-19 04:58 - 2014-09-19 04:58 - 04947557 _____ () C:\Users\Ant\Downloads\Starfox_Krystal_Minidress.zip
2014-09-19 04:12 - 2014-09-19 04:14 - 12265297 _____ () C:\Users\Ant\Downloads\Starfox_Krystal_Clothes1_v13.zip
2014-09-19 03:09 - 2014-09-19 03:10 - 06147951 _____ () C:\Users\Ant\Downloads\Starfox_Krystal_TankTop.zip
2014-09-19 03:09 - 2014-09-19 03:10 - 01340916 _____ () C:\Users\Ant\Downloads\BossyBoots_Krystal.zip
2014-09-19 02:27 - 2014-09-19 02:27 - 00000000 ____D () C:\ProgramData\Poser Pro
2014-09-19 02:26 - 2014-09-19 02:26 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Poser Pro
2014-09-19 02:21 - 2014-09-19 02:21 - 00000984 _____ () C:\Users\Public\Desktop\Queue Manager 2014.lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000984 _____ () C:\ProgramData\Desktop\Queue Manager 2014.lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000964 _____ () C:\Users\Public\Desktop\Poser Pro 2014.lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000964 _____ () C:\Users\Public\Desktop\Poser Pro 2014 (x86).lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000964 _____ () C:\ProgramData\Desktop\Poser Pro 2014.lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000964 _____ () C:\ProgramData\Desktop\Poser Pro 2014 (x86).lnk
2014-09-19 02:21 - 2014-09-19 02:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smith Micro
2014-09-19 02:19 - 2014-09-19 05:21 - 00000000 ____D () C:\Users\Ant\Documents\Poser Pro 2014 Content
2014-09-18 22:57 - 2014-09-18 22:57 - 00356495 _____ () C:\Users\Ant\Downloads\Starfox_Krystal_TailFur.zip
2014-09-18 22:53 - 2014-09-18 22:54 - 10663285 _____ () C:\Users\Ant\Downloads\Starfox_Krystal_Base_v13.zip
2014-09-18 22:01 - 2014-09-18 22:01 - 00994359 _____ () C:\Users\Ant\Downloads\Nanogrrr.BrawlModels.zip
2014-09-18 21:56 - 2014-09-18 21:57 - 03260108 _____ () C:\Users\Ant\Downloads\Nanogrrr.AssaultModel2.zip
2014-09-18 20:40 - 2014-09-18 20:40 - 00000779 _____ () C:\Users\Ant\Desktop\FurryBall.lnk
2014-09-18 20:40 - 2014-09-18 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FurryBall 4
2014-09-18 17:17 - 2014-09-18 17:17 - 00000000 ____D () C:\Users\Ant\AppData\Local\Ufmedia
2014-09-18 17:07 - 2014-09-25 18:23 - 00000000 ____D () C:\Users\Ant\AppData\Local\IPsoft
2014-09-18 03:16 - 2014-09-18 20:49 - 00000000 ____D () C:\Users\Ant\AppData\Local\FurryBall4
2014-09-18 03:12 - 2014-02-18 02:13 - 00000000 ____D () C:\Users\Ant\Downloads\FurryBall 4.6 Win64
2014-09-18 01:00 - 2014-09-18 01:08 - 44868162 _____ () C:\Users\Ant\Downloads\GreyFireFox_Krystal_Rig_1.4.zip
2014-09-17 22:14 - 2014-09-17 22:14 - 00000000 ____D () C:\Users\Ant\Documents\BVH Profile
2014-09-14 23:46 - 2014-09-14 23:46 - 00001471 _____ () C:\Users\Ant\Desktop\iClone3DXchange.exe - Shortcut.lnk
2014-09-14 23:31 - 2014-09-15 01:31 - 521155264 _____ (Reallusion Inc.) C:\Users\Ant\Downloads\IC5_Enu_Resource_Pack.exe
2014-09-14 23:31 - 2014-09-14 23:31 - 00002152 _____ () C:\Users\Public\Desktop\iClone v5.51 PRO (64 Bit).lnk
2014-09-14 23:31 - 2014-09-14 23:31 - 00002152 _____ () C:\ProgramData\Desktop\iClone v5.51 PRO (64 Bit).lnk
2014-09-14 23:31 - 2014-09-14 23:31 - 00002132 _____ () C:\Users\Public\Desktop\iClone v5.51 PRO.lnk
2014-09-14 23:31 - 2014-09-14 23:31 - 00002132 _____ () C:\ProgramData\Desktop\iClone v5.51 PRO.lnk
2014-09-14 23:30 - 2014-09-14 23:30 - 00000152 __RSH () C:\Windows\ICSET50.BIN
2014-09-12 22:25 - 2014-09-13 02:25 - 00000000 ____D () C:\Users\Ant\AppData\Local\AVG Web TuneUp
2014-09-12 22:25 - 2014-09-12 22:25 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxwtu-secure-search.xml
2014-09-12 22:25 - 2014-09-12 22:24 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-09-12 22:24 - 2014-09-12 22:25 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-09-12 22:24 - 2014-09-12 22:24 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-09-12 20:51 - 2014-09-12 20:51 - 00208040 _____ () C:\Users\Ant\Downloads\AVG Web TuneUp.exe
2014-09-12 04:17 - 2014-09-12 05:35 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Synthesia
2014-09-11 14:34 - 2014-09-11 14:34 - 00001696 _____ () C:\Users\Ant\Desktop\eMedia.lnk
2014-09-11 14:33 - 2014-09-11 18:22 - 00000308 _____ () C:\Windows\KM1Pref.ini
2014-09-11 14:29 - 2014-09-11 14:33 - 00000000 ____D () C:\Program Files (x86)\eMedia Piano and Keyboard Method
2014-09-11 14:29 - 2014-09-11 14:29 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eMedia Piano and Keyboard Method
2014-09-11 14:12 - 2014-09-11 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMedia Piano and Keyboard Method
2014-09-11 14:12 - 2014-09-11 14:12 - 00000000 ____D () C:\ProgramData\QuickTime
2014-09-11 05:54 - 2014-09-28 19:22 - 00001899 _____ () C:\Users\Ant\Desktop\Clownfish.lnk
2014-09-11 05:54 - 2014-09-28 19:22 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-09-11 05:54 - 2014-09-11 05:54 - 00000000 ____D () C:\Users\Ant\Documents\Skype Voice Records
2014-09-11 05:54 - 2014-09-11 05:54 - 00000000 ____D () C:\Users\Ant\Documents\Clownfish Avatars
2014-09-11 05:54 - 2014-09-11 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clownfish
2014-09-11 05:51 - 2014-09-11 05:52 - 00681256 _____ (Shark Labs) C:\Users\Ant\Downloads\CFSetup356.exe
2014-09-10 20:41 - 2014-09-10 20:41 - 03105700 _____ () C:\Users\Ant\Downloads\fox1.0(1).zip
2014-09-10 17:26 - 2014-09-10 17:26 - 00000000 ____D () C:\Users\Ant\Documents\xgen
2014-09-10 17:09 - 2014-09-18 03:25 - 00000000 ____D () C:\Users\Ant\Documents\maya
2014-09-10 17:09 - 2014-09-10 17:09 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\Users\Ant\Documents\Direct Connect
2014-09-10 16:59 - 2014-09-10 16:59 - 00001603 _____ () C:\Users\Public\Desktop\Maya 2015.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00001603 _____ () C:\ProgramData\Desktop\Maya 2015.lnk
2014-09-10 16:59 - 2014-09-10 16:59 - 00000000 ____D () C:\Program Files\Common Files\Macrovision Shared
2014-09-10 16:47 - 2014-09-10 17:26 - 00000000 ____D () C:\Users\Ant\AppData\Local\Autodesk
2014-09-10 16:47 - 2014-09-10 16:47 - 00000000 ____D () C:\Users\Ant\Documents\Autodesk Application Manager
2014-09-10 16:46 - 2014-09-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-09-10 16:46 - 2014-09-10 17:00 - 00000000 ____D () C:\Program Files\Common Files\Autodesk Shared
2014-09-10 16:34 - 2014-09-14 21:54 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Autodesk
2014-09-10 16:34 - 2014-09-10 17:25 - 00000000 ____D () C:\ProgramData\Autodesk
2014-09-09 19:33 - 2014-09-09 19:33 - 01365384 _____ () C:\Users\Ant\Downloads\Wolfdog_001.rar
2014-09-09 19:10 - 2014-09-09 19:18 - 17404071 _____ () C:\Users\Ant\Downloads\Dog.rar
2014-09-09 19:04 - 2014-09-09 19:05 - 03105700 _____ () C:\Users\Ant\Downloads\fox1.0.zip
2014-09-09 18:51 - 2014-09-09 18:52 - 03547888 _____ () C:\Users\Ant\Downloads\448764d78bae24ecce8e5afc43adf761.zip
2014-09-09 18:23 - 2014-09-09 18:24 - 05529460 _____ () C:\Users\Ant\Downloads\wolf.rar
2014-09-09 01:54 - 2014-09-09 02:03 - 61430852 _____ () C:\Users\Ant\Downloads\Sacred Havens.zip
2014-09-09 01:17 - 2014-09-09 01:18 - 00897213 _____ () C:\Users\Ant\Documents\InsaInsaWolf_2.fhp
2014-09-08 20:14 - 2014-09-08 20:14 - 00000000 ____D () C:\Program Files\Plogue
2014-09-05 01:58 - 2014-09-05 01:59 - 01402920 _____ () C:\Users\Ant\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-04 02:23 - 2014-09-04 02:23 - 01397992 _____ () C:\Users\Ant\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-09-02 03:20 - 2014-09-02 03:20 - 00000000 ____D () C:\Users\Ant\Documents\Hexagon Projects
2014-09-01 22:50 - 2014-09-01 22:50 - 00288925 _____ () C:\Users\Ant\Downloads\Canine Claws FH(1).zip
2014-09-01 22:47 - 2014-09-01 22:47 - 01045648 _____ () C:\Users\Ant\Downloads\Feline Claws FH.zip
2014-09-01 22:24 - 2014-09-01 22:24 - 01388829 _____ () C:\Users\Ant\Downloads\Claws English.exe
2014-09-01 20:52 - 2014-09-01 21:07 - 29771345 _____ () C:\Users\Ant\Downloads\OukaHanzoMeshs.zip
2014-09-01 20:44 - 2014-09-01 20:46 - 03405930 _____ () C:\Users\Ant\Downloads\Pagoda and temple thingy.zip
2014-09-01 20:39 - 2014-09-01 20:41 - 11629961 _____ () C:\Users\Ant\Downloads\Jays City Mesh Pack.zip
2014-09-01 19:44 - 2014-09-01 19:47 - 21226523 _____ () C:\Users\Ant\Downloads\Herbs.zip
2014-09-01 19:09 - 2014-09-01 19:11 - 03964404 _____ () C:\Users\Ant\Downloads\Den meshes9962.zip
2014-09-01 19:01 - 2014-09-01 19:03 - 07632249 _____ () C:\Users\Ant\Downloads\Romies Street MeshesZIP.zip
2014-09-01 18:56 - 2014-09-01 18:57 - 01453292 _____ () C:\Users\Ant\Downloads\Modern Villiage Set.zip
2014-09-01 18:53 - 2014-09-01 18:53 - 00332918 _____ () C:\Users\Ant\Downloads\JapCandle.zip
2014-09-01 18:52 - 2014-09-01 18:52 - 00376739 _____ () C:\Users\Ant\Downloads\Trash.zip
2014-09-01 18:50 - 2014-09-01 18:51 - 01106588 _____ () C:\Users\Ant\Downloads\Dumpster.zip
2014-09-01 18:48 - 2014-09-01 18:49 - 00663161 _____ () C:\Users\Ant\Downloads\Angels.zip
2014-09-01 18:25 - 2014-09-01 18:27 - 03056710 _____ () C:\Users\Ant\Downloads\Tent Mesh.zip
2014-09-01 18:25 - 2014-09-01 18:25 - 00254143 _____ () C:\Users\Ant\Downloads\Cage1 mesh.zip
2014-09-01 03:01 - 2014-09-01 03:12 - 69339962 _____ () C:\Users\Ant\Downloads\DeathScene.zip
2014-09-01 02:36 - 2014-09-01 02:36 - 00000914 _____ () C:\Users\Ant\Desktop\Hexagon 2.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-01 20:52 - 2012-03-30 23:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-01 20:45 - 2014-04-20 01:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-01 20:43 - 2009-07-13 23:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-01 20:43 - 2009-07-13 23:45 - 00025936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-01 20:41 - 2010-08-02 16:16 - 01617074 _____ () C:\Windows\WindowsUpdate.log
2014-10-01 20:38 - 2011-03-07 15:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-01 20:37 - 2010-12-18 21:38 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Skype
2014-10-01 20:34 - 2014-05-02 22:09 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-01 20:34 - 2010-08-03 13:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-01 20:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-01 06:25 - 2014-05-02 22:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-01 05:42 - 2011-12-20 15:52 - 00000000 ____D () C:\ProgramData\Origin
2014-10-01 04:08 - 2014-06-29 05:04 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-01 04:08 - 2012-12-08 14:06 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-01 04:07 - 2012-12-08 13:41 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-01 04:01 - 2011-12-20 15:51 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-10-01 02:00 - 2014-06-18 02:00 - 00000000 ____D () C:\Users\Ant\AppData\Local\Adobe
2014-09-28 05:07 - 2010-08-19 23:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-27 04:34 - 2013-08-25 18:24 - 00000000 ____D () C:\Users\Ant\Desktop\exports
2014-09-27 04:06 - 2014-08-22 22:01 - 00000000 ____D () C:\Users\Ant\Desktop\Meshes
2014-09-27 04:00 - 2009-07-14 00:13 - 00874246 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 22:03 - 2013-01-14 15:58 - 00000000 ____D () C:\Users\Ant\.gimp-2.8
2014-09-25 18:12 - 2013-08-26 16:33 - 00000000 ____D () C:\Users\Ant\Desktop\driver sweeper
2014-09-25 05:15 - 2013-03-24 16:51 - 00000000 ____D () C:\Users\Ant\AppData\Local\Avg2013
2014-09-25 05:11 - 2012-05-06 00:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 00:17 - 2013-03-25 02:47 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-09-24 20:33 - 2014-05-02 22:19 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 20:33 - 2014-05-02 22:19 - 00002104 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-09-24 02:53 - 2012-03-30 23:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 02:53 - 2012-03-30 23:01 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 02:53 - 2011-07-14 22:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 19:55 - 2012-02-26 03:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-21 21:39 - 2010-08-02 17:16 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-21 21:39 - 2010-08-02 17:00 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Adobe
2014-09-21 05:45 - 2010-10-17 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-21 05:44 - 2010-08-03 13:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-21 05:44 - 2007-10-16 14:47 - 00000000 ___HD () C:\Temp
2014-09-21 05:43 - 2010-10-17 15:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-21 05:43 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-09-21 05:42 - 2014-05-04 18:50 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-21 03:59 - 2014-06-24 18:55 - 00000000 ____D () C:\Users\Ant\AppData\Local\NVIDIA
2014-09-21 01:55 - 2013-02-08 04:16 - 00000000 ____D () C:\Users\Ant\AppData\Local\join.me
2014-09-19 02:14 - 2010-08-12 15:24 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-19 02:14 - 2010-08-12 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-19 02:14 - 2010-08-12 15:17 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-09-18 22:15 - 2012-11-06 14:29 - 00000000 ____D () C:\Users\Ant\AppData\Local\Paint.NET
2014-09-18 20:42 - 2010-09-23 22:11 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-09-18 20:41 - 2013-10-11 08:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 05:21 - 2010-09-23 22:11 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-16 22:14 - 2012-04-29 15:51 - 00000000 ____D () C:\Users\Ant\Downloads\nd2
2014-09-14 23:30 - 2014-08-31 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reallusion
2014-09-14 23:25 - 2014-08-31 21:03 - 00000000 ____D () C:\Users\Public\Documents\Reallusion
2014-09-14 23:25 - 2014-08-31 21:03 - 00000000 ____D () C:\ProgramData\Documents\Reallusion
2014-09-14 23:24 - 2010-08-03 15:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 14:29 - 2009-07-13 21:34 - 00000381 _____ () C:\Windows\win.ini
2014-09-10 01:24 - 2009-08-04 19:45 - 00000000 ____D () C:\Users\Ant\Documents\My Games
2014-09-10 01:23 - 2010-08-23 14:51 - 00867970 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-08 20:14 - 2012-02-12 02:35 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-09-07 23:24 - 2014-06-20 18:37 - 00000000 ____D () C:\Program Files\Lx_cats
2014-09-05 19:53 - 2013-10-11 08:30 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-01 02:38 - 2014-08-31 16:16 - 00000000 ____D () C:\Users\Ant\Documents\DAZ 3D
2014-09-01 02:38 - 2014-08-31 16:15 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\DAZ 3D
2014-09-01 02:36 - 2014-08-31 16:17 - 00000000 ____D () C:\Users\Ant\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D

Some content of TEMP:
====================
C:\Users\Ant\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\Ant\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2010-10-17 13:35

==================== End Of Log ============================

Link to post
Share on other sites

RogueKiller log:

 

RogueKiller V9.2.13.0 [sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ant [Admin rights]
Mode : Scan -- Date : 10/01/2014  21:50:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 30 ¤¤¤
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Ant\AppData\Local\Temp\ALSysIO64.sys) -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Ant\AppData\Local\Temp\ALSysIO64.sys) -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Ant\AppData\Local\Temp\ALSysIO64.sys) -> FOUND
[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NVR0Dev (\??\C:\Windows\nvoclk64.sys) -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : :0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

¤¤¤ Scheduled tasks : 6 ¤¤¤
[suspicious.Path] \\{24BCF9F1-9689-4C69-A004-66DF33E45415} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND
[suspicious.Path] \\{3DF5629B-657B-4B8A-9C5D-B2802D591CB2} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND
[suspicious.Path] \\{548A4448-0353-4445-BA7B-92ECF49334F9} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND
[suspicious.Path] \\{5A08D91D-C3B0-4F16-A94B-77C8466D1432} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND
[suspicious.Path] \\{81DF37F5-9CEE-4102-BF56-1D7FF83D1890} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND
[suspicious.Path] \\{AEEA16D3-3F13-425B-BC64-0F6ED5FE7537} -- C:\Users\Ant\Desktop\Repair\SETUP.EXE -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] zn2mznam.default-1401590938101 : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> FOUND
[PUM.HomePage][FIREFX:Config] zn2mznam.default-1401590938101 : user_pref("browser.startup.homepage", "https://www.yahoo.com/"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT725050VLA SCSI Disk Device +++++
--- User ---
[MBR] 47d76333728429985490a5f9fad5fb30
[bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD25 00YD-01NVB1 SCSI Disk Device +++++
--- User ---
[MBR] 1ee9b8534a60ce0cc5c1155e085baba1
[bSP] c051dc113bef829b0bec51989611ac9a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 239371 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
 

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Next,

 

Remove the following outdated versions of Java via Programs and Features:

 

Java 7 Update 10
Java™ 6 Update 30
Java™ 6 Update 35

 

Let me see the logs from above scans, also give an update on any remaining issues or concerns...

 

Kevin..

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Here is the Adwcleaner log:

 

# AdwCleaner v3.311 - Report created 02/10/2014 at 21:50:28
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ant - LAMBDA
# Running from : C:\Users\Ant\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\$RMVVBIW.default\prefs.js ]


[ File : C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\u0kaox64.default\prefs.js ]


[ File : C:\Users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Ant\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13254 octets] - [30/09/2014 04:36:49]
AdwCleaner[R1].txt - [1409 octets] - [02/10/2014 21:48:37]
AdwCleaner[s0].txt - [12925 octets] - [30/09/2014 04:40:38]
AdwCleaner[s1].txt - [1332 octets] - [02/10/2014 21:50:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1392 octets] ##########
 

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Ultimate x64
Ran by Ant on Thu 10/02/2014 at 22:12:18.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/02/2014 at 22:18:22.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes did not detect anything when I ran a threat scan with those options enabled so the log is empty. Do you still need it?

Link to post
Share on other sites

Farbar recovery Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2014
Ran by Ant at 2014-10-02 20:51:15 Run:1
Running from C:\Users\Ant\Desktop\Farbar Recovery
Loaded Profile: Ant (Available profiles: Ant)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
AppInit_DLLs: C:\PROGRA~1\NVIDIA => C:\PROGRA~1\NVIDIA File Not Found
S3 ALSysIO; \??\C:\Users\Ant\AppData\Local\Temp\ALSysIO64.sys [X]
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh664.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Fwleaf; system32\DRIVERS\fwleaf.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
C:\Users\Ant\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\Ant\AppData\Local\Temp\Quarantine.exe
Task: {233AC164-0BD9-4F43-BCAC-0FE0EA6A3A29} - System32\Tasks\{548A4448-0353-4445-BA7B-92ECF49334F9} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {40B25A5F-42D7-4E5B-8A72-6CC3E00D97CE} - System32\Tasks\{3DF5629B-657B-4B8A-9C5D-B2802D591CB2} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {4B3F032B-46C9-4E46-B3B4-871FD0DA222D} - System32\Tasks\{81DF37F5-9CEE-4102-BF56-1D7FF83D1890} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {58C43E39-35AC-4DB8-9286-68665BCDDD48} - System32\Tasks\{5A08D91D-C3B0-4F16-A94B-77C8466D1432} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {70794593-5206-48CC-8553-D4321A4A18FB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Program Files (x86)\Lavasoft
Task: {E82E6512-EABC-4620-A916-EFA7E3253517} - System32\Tasks\{24BCF9F1-9689-4C69-A004-66DF33E45415} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
Task: {E82E6512-EABC-4620-A916-EFA7E3253517} - System32\Tasks\{24BCF9F1-9689-4C69-A004-66DF33E45415} => C:\Users\Ant\Desktop\Repair\SETUP.EXE
AlternateDataStreams: C:\ProgramData\Microsoft:2HpzFMl8ez8ZQOxFuy
AlternateDataStreams: C:\ProgramData\Microsoft:74HLvIQYXPqMvTGWSEFRk2
AlternateDataStreams: C:\ProgramData\Microsoft:fjVaVzOLC08XSyYasUsKW3d3a
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E
AlternateDataStreams: C:\Users\Ant\Cookies:B9KUzZeygrYNwy8v97o
AlternateDataStreams: C:\Users\Ant\Cookies:kqKYjttNrsIctmbo
AlternateDataStreams: C:\Users\Ant\Cookies:lxtArG7CBP1MuEVx6brfZ
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temp:QJ3bzGs37VnWwIGuoSqbOQN6i
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temp:WkwfrXnNKC3EF9PWDIEtBLDGEmcj
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temporary Internet Files:BtpDgLbghcGpqa4VK1gZmv
AlternateDataStreams: C:\Users\Ant\AppData\Local\Temporary Internet Files:YExPBeref04E6gq3devqW
EmptyTemp:
End


*****************

"C:\PROGRA~1\NVIDIA" => Value Data not found.
ALSysIO => Service deleted successfully.
BCMH43XX => Service deleted successfully.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
esgiguard => Service deleted successfully.
Fwleaf => Service deleted successfully.
Lbd => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
Tablet2k => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
WPRO_41_1742 => Service deleted successfully.
"C:\Users\Ant\AppData\Local\Temp\Lifecam3.0.204.0.exe" => File/Directory not found.
C:\Users\Ant\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{233AC164-0BD9-4F43-BCAC-0FE0EA6A3A29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233AC164-0BD9-4F43-BCAC-0FE0EA6A3A29}" => Key deleted successfully.
C:\Windows\System32\Tasks\{548A4448-0353-4445-BA7B-92ECF49334F9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{548A4448-0353-4445-BA7B-92ECF49334F9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B25A5F-42D7-4E5B-8A72-6CC3E00D97CE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B25A5F-42D7-4E5B-8A72-6CC3E00D97CE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3DF5629B-657B-4B8A-9C5D-B2802D591CB2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DF5629B-657B-4B8A-9C5D-B2802D591CB2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B3F032B-46C9-4E46-B3B4-871FD0DA222D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B3F032B-46C9-4E46-B3B4-871FD0DA222D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{81DF37F5-9CEE-4102-BF56-1D7FF83D1890} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81DF37F5-9CEE-4102-BF56-1D7FF83D1890}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58C43E39-35AC-4DB8-9286-68665BCDDD48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58C43E39-35AC-4DB8-9286-68665BCDDD48}" => Key deleted successfully.
C:\Windows\System32\Tasks\{5A08D91D-C3B0-4F16-A94B-77C8466D1432} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A08D91D-C3B0-4F16-A94B-77C8466D1432}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70794593-5206-48CC-8553-D4321A4A18FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70794593-5206-48CC-8553-D4321A4A18FB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update (Weekly)" => Key deleted successfully.
C:\Program Files (x86)\Lavasoft => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E82E6512-EABC-4620-A916-EFA7E3253517}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E82E6512-EABC-4620-A916-EFA7E3253517}" => Key deleted successfully.
C:\Windows\System32\Tasks\{24BCF9F1-9689-4C69-A004-66DF33E45415} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24BCF9F1-9689-4C69-A004-66DF33E45415}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E82E6512-EABC-4620-A916-EFA7E3253517}" => Key not found.
C:\Windows\System32\Tasks\{24BCF9F1-9689-4C69-A004-66DF33E45415} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{24BCF9F1-9689-4C69-A004-66DF33E45415}" => Key not found.
C:\ProgramData\Microsoft => ":2HpzFMl8ez8ZQOxFuy" ADS removed successfully.
C:\ProgramData\Microsoft => ":74HLvIQYXPqMvTGWSEFRk2" ADS removed successfully.
C:\ProgramData\Microsoft => ":fjVaVzOLC08XSyYasUsKW3d3a" ADS removed successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":ECF54A0E" ADS removed successfully.
"C:\Users\Ant\Cookies" => ":B9KUzZeygrYNwy8v97o" ADS not found.
"C:\Users\Ant\Cookies" => ":kqKYjttNrsIctmbo" ADS not found.
"C:\Users\Ant\Cookies" => ":lxtArG7CBP1MuEVx6brfZ" ADS not found.
C:\Users\Ant\AppData\Local\Temp => ":QJ3bzGs37VnWwIGuoSqbOQN6i" ADS removed successfully.
C:\Users\Ant\AppData\Local\Temp => ":WkwfrXnNKC3EF9PWDIEtBLDGEmcj" ADS removed successfully.
"C:\Users\Ant\AppData\Local\Temporary Internet Files" => ":BtpDgLbghcGpqa4VK1gZmv" ADS not found.
"C:\Users\Ant\AppData\Local\Temporary Internet Files" => ":YExPBeref04E6gq3devqW" ADS not found.
EmptyTemp: => Removed 652.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

Windows malicious software removal mrt.log:

 

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Thu Oct 02 22:43:47 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 02 23:07:38 2014


Return code: 0 (0x0)
 

Link to post
Share on other sites

When I try to uninstall Java 6 update 35 it says The feature you are trying to use is on a network resource that is unavailable. Click ok to try again or enter an alternate path to a folder containing the installation package. And when I leave the path set to the default which is: C:\Users\Ant\AppData\LocalLow\Sun\Java\jre1.6.0_33\ and click ok it says that path cannot be found. Any suggestions?

Link to post
Share on other sites

Leave Java for now, run the following:

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Link to post
Share on other sites

Ok done, here is ComboFix's log:

 

ComboFix 14-10-02.01 - Ant 10/03/2014  11:27:20.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2465 [GMT -5:00]
Running from: c:\users\Ant\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\1412233074.bdinstall.bin
c:\programdata\1412233195.bdinstall.bin
c:\programdata\1412233642.752.bin
c:\programdata\1412233642.bdinstall.bin
c:\users\Ant\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.xml
c:\users\Ant\AppData\Roaming\inst.exe
c:\users\Ant\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\ST~78A9.tmp
c:\windows\SysWow64\ST~9666.tmp
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll
c:\windows\wininit.ini
.
---- Previous Run -------
.
c:\program files (x86)\Search Toolbar\icon.ico
c:\users\Ant\AppData\Roaming\Antlog.dat
c:\windows\isRS-000.tmp
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
c:\windows\SysWow64\tmp556B.tmp
c:\windows\SysWow64\tmp5972.tmp
c:\windows\SysWow64\tmpA2ED.tmp
c:\windows\SysWow64\tmpA31D.tmp
c:\windows\SysWow64\tmpA81D.tmp
c:\windows\SysWow64\tmpA83D.tmp
c:\windows\SysWow64\tmpBA8F.tmp
c:\windows\SysWow64\tmpBAAF.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
-------\Service_NVSvc
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-03 to 2014-10-03  )))))))))))))))))))))))))))))))
.
.
2014-10-03 16:49 . 2014-10-03 16:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-03 05:01 . 2014-10-03 05:21    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-10-03 05:01 . 2014-10-03 05:01    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2014-10-03 02:08 . 2014-10-03 16:01    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-03 02:08 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-03 02:08 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-03 02:04 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-02 08:43 . 2014-10-02 08:43    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin32.dll
2014-10-02 07:11 . 2014-10-02 07:11    --------    d-----w-    c:\programdata\BDLogging
2014-10-02 06:58 . 2014-10-02 07:12    --------    d-----w-    c:\programdata\Bitdefender
2014-10-02 06:58 . 2013-11-04 21:47    84848    ----a-w-    c:\windows\system32\BDSandBoxUISkin.dll
2014-10-02 06:58 . 2013-11-04 21:46    34384    ----a-w-    c:\windows\system32\BDSandBoxUH.dll
2014-10-02 06:57 . 2014-10-02 06:57    --------    d-----w-    c:\users\Ant\AppData\Roaming\QuickScan
2014-10-02 06:34 . 2014-10-03 02:50    --------    d-----w-    c:\users\Ant\AppData\Local\CrashDumps
2014-10-02 06:33 . 2014-10-02 06:33    --------    d-----w-    c:\programdata\AVG2012
2014-10-02 06:20 . 2014-10-02 07:07    --------    d-----w-    c:\program files\Common Files\Bitdefender
2014-10-02 02:41 . 2014-10-02 02:41    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-02 02:41 . 2014-10-02 02:41    --------    d-----w-    c:\programdata\RogueKiller
2014-10-02 01:51 . 2014-10-03 01:53    --------    d-----w-    C:\FRST
2014-09-30 09:53 . 2014-09-30 09:53    --------    d-----w-    c:\windows\ERUNT
2014-09-30 09:38 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-09-30 09:36 . 2014-10-03 02:50    --------    d-----w-    C:\AdwCleaner
2014-09-26 23:05 . 2014-09-26 23:07    --------    d-----w-    c:\program files (x86)\TABLET
2014-09-24 11:21 . 2014-09-24 11:21    --------    d-----w-    C:\found.000
2014-09-24 07:42 . 2014-09-24 07:43    --------    d-----w-    c:\program files (x86)\Microsoft LifeCam
2014-09-24 07:42 . 2014-09-24 07:42    --------    d-----w-    c:\program files\Microsoft LifeCam
2014-09-23 09:00 . 2014-09-23 09:00    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c5a502e859860ee097d5bf360b820cf1\WMP xMPG Codec Pack.exe
2014-09-23 09:00 . 2014-09-23 09:00    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\bba637deb5abc56a942e1c137d078c9f\WMP xMPG Codec Pack.exe
2014-09-22 02:21 . 2014-09-26 23:05    --------    d-----w-    c:\windows\SysWow64\TabletPmt
2014-09-21 20:07 . 2014-09-21 20:07    --------    d-----w-    c:\users\Ant\AppData\Roaming\NVIDIA
2014-09-21 10:44 . 2014-09-13 20:13    613696    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-09-21 10:43 . 2014-09-13 21:53    3529872    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-21 10:43 . 2014-09-13 21:53    934216    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-21 10:43 . 2014-09-13 21:53    62608    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-21 10:43 . 2014-09-13 21:53    6890696    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-21 10:43 . 2014-09-13 21:53    385168    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-21 10:43 . 2014-09-11 15:37    3961833    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-09-21 10:42 . 2014-09-13 23:48    73872    ----a-w-    c:\windows\system32\OpenCL.dll
2014-09-21 10:42 . 2014-09-13 23:48    60560    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-09-21 06:58 . 2014-09-21 06:58    --------    d-----w-    c:\users\Ant\AppData\Local\LogMeIn
2014-09-21 06:58 . 2014-09-21 06:58    --------    d-----w-    c:\programdata\LogMeIn
2014-09-21 03:16 . 2014-09-21 03:16    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe
2014-09-21 02:17 . 2014-09-21 02:17    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fce7c884809a8be7683847ce23160259\MathMagic Personal Edition.exe
2014-09-21 02:16 . 2014-09-21 02:16    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe
2014-09-19 07:27 . 2014-09-19 07:27    --------    d-----w-    c:\programdata\Poser Pro
2014-09-19 07:26 . 2014-09-19 07:26    --------    d-----w-    c:\users\Ant\AppData\Roaming\Poser Pro
2014-09-18 22:17 . 2014-09-18 22:17    --------    d-----w-    c:\users\Ant\AppData\Local\Ufmedia
2014-09-18 22:07 . 2014-09-25 23:23    --------    d-----w-    c:\users\Ant\AppData\Local\IPsoft
2014-09-18 08:16 . 2014-09-19 01:49    --------    d-----w-    c:\users\Ant\AppData\Local\FurryBall4
2014-09-15 04:30 . 2014-09-15 04:30    152    --sh--r-    c:\windows\ICSET50.BIN
2014-09-15 04:29 . 2014-09-15 04:29    --------    d-----w-    c:\programdata\Reallusion
2014-09-15 04:24 . 2014-09-15 04:24    --------    d-----w-    c:\program files (x86)\Reallusion
2014-09-14 20:51 . 2014-09-14 20:51    2498560    ----a-w-    c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-13 03:25 . 2014-09-13 07:25    --------    d-----w-    c:\users\Ant\AppData\Local\AVG Web TuneUp
2014-09-13 03:25 . 2014-09-13 03:24    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-09-13 03:24 . 2014-09-13 03:25    --------    d-----w-    c:\programdata\AVG Web TuneUp
2014-09-13 03:24 . 2014-09-13 03:24    --------    d-----w-    c:\program files (x86)\AVG Web TuneUp
2014-09-12 09:17 . 2014-09-12 10:35    --------    d-----w-    c:\users\Ant\AppData\Roaming\Synthesia
2014-09-11 19:29 . 2014-09-11 19:33    --------    d-----w-    c:\program files (x86)\eMedia Piano and Keyboard Method
2014-09-11 19:12 . 2014-09-11 19:12    --------    d-----w-    c:\programdata\QuickTime
2014-09-11 10:54 . 2014-09-29 00:22    --------    d-----w-    c:\program files (x86)\Clownfish
2014-09-10 22:09 . 2014-09-10 22:09    --------    d-----w-    c:\programdata\FLEXnet
2014-09-10 21:59 . 2014-09-10 21:59    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2014-09-10 21:47 . 2014-09-10 22:26    --------    d-----w-    c:\users\Ant\AppData\Local\Autodesk
2014-09-10 21:46 . 2014-09-10 22:00    --------    d-----w-    c:\program files\Common Files\Autodesk Shared
2014-09-10 21:46 . 2014-09-10 21:59    --------    d-----w-    c:\program files (x86)\Common Files\Autodesk Shared
2014-09-10 21:34 . 2014-09-15 02:54    --------    d-----w-    c:\users\Ant\AppData\Roaming\Autodesk
2014-09-10 21:34 . 2014-09-10 22:25    --------    d-----w-    c:\programdata\Autodesk
2014-09-09 01:14 . 2014-09-09 01:14    --------    d-----w-    c:\program files\Plogue
2014-09-04 12:50 . 2014-09-04 12:50    188304    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 09:08 . 2014-06-29 10:04    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-10-01 09:08 . 2012-12-08 19:06    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-10-01 09:07 . 2012-12-08 18:41    297088    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-09-24 07:53 . 2012-03-31 04:01    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 07:53 . 2011-07-15 03:43    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 18:01 . 2010-08-03 17:45    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-28 21:57 . 2010-06-24 17:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 03:14 . 2014-08-19 03:14    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-30 02:34 . 2013-10-21 06:05    32320    ----a-w-    c:\windows\system32\drivers\FNETTBOH_305.SYS
2007-04-09 14:32 . 2009-11-17 18:15    828542    ----a-w-    c:\program files (x86)\free MP3 by eMusic.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll" [2014-06-02 1583384]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Ant\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-25 21646944]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2014-10-02 815088]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-20 5199984]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-09-24 5019360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2013-12-22 477064]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"WTClient"="WTClient.exe" [2014-03-10 32768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LoopBe1 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe1\loopBeMon.exe [2011-4-9 273024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-14057114-1929341420-811863276-1000\Scripts\Logoff\0\0]
"Script"=c:\program files\Bitdefender\Bitdefender 2015\support.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite^Registry: HKCU:RUN]
2010-04-01 09:16    357696    ----a-w-    c:\program files (x86)\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys;c:\windows\SYSNATIVE\drivers\dalwdm.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys;c:\windows\SYSNATIVE\DRIVERS\leafnets.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DAZContentManagementService;DAZ Content Management Service;f:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;f:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 01:29    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:53]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 03:09]
.
2014-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 03:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-09-14 20:51    3140096    ----a-w-    c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2350880]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2014-10-02 1597376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,61,99,24,3e,01,af,b4,37,c3,97,b6,1c,0c,d3,cd,3f,8b,b1,24,f1,
   2e,4e,28,78,b7,1e,c1,c5,d9,0f,0c,8a,6c,7f,89,0e,38,e6,83,95,5a,90,13,44,96,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-03  11:54:19
ComboFix-quarantined-files.txt  2014-10-03 16:54
.
Pre-Run: 57,656,762,368 bytes free
Post-Run: 57,477,197,824 bytes free
.
- - End Of File - - D37AADCC800975060EA1F29A8B5C8470
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Thanks for the log, we continue:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns..

 

Kevin..

Link to post
Share on other sites

Here is the new Combofix log:

 

ComboFix 14-10-02.01 - Ant 10/04/2014   5:34.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2228 [GMT -5:00]
Running from: c:\users\Ant\Desktop\ComboFix.exe
Command switches used :: c:\users\Ant\Desktop\CFScript.txt
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ant\AppData\Local\Microsoft\Windows\Temporary Internet Files\result.xml
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-04 to 2014-10-04  )))))))))))))))))))))))))))))))
.
.
2014-10-04 10:55 . 2014-10-04 10:55    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-10-04 10:55 . 2014-10-04 10:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-04 10:55 . 2014-10-04 10:55    --------    d-----w-    c:\users\Anyone\AppData\Local\temp
2014-10-03 05:01 . 2014-10-03 05:21    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-10-03 05:01 . 2014-10-03 05:01    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2014-10-03 02:08 . 2014-10-04 07:45    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-03 02:08 . 2014-05-12 12:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-03 02:08 . 2014-05-12 12:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-03 02:04 . 2014-05-12 12:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-02 08:43 . 2014-10-02 08:43    74512    ----a-w-    c:\windows\system32\bdsandboxuiskin32.dll
2014-10-02 07:11 . 2014-10-02 07:11    --------    d-----w-    c:\programdata\BDLogging
2014-10-02 06:58 . 2014-10-02 07:12    --------    d-----w-    c:\programdata\Bitdefender
2014-10-02 06:58 . 2013-11-04 21:47    84848    ----a-w-    c:\windows\system32\BDSandBoxUISkin.dll
2014-10-02 06:58 . 2013-11-04 21:46    34384    ----a-w-    c:\windows\system32\BDSandBoxUH.dll
2014-10-02 06:57 . 2014-10-02 06:57    --------    d-----w-    c:\users\Ant\AppData\Roaming\QuickScan
2014-10-02 06:34 . 2014-10-03 02:50    --------    d-----w-    c:\users\Ant\AppData\Local\CrashDumps
2014-10-02 06:33 . 2014-10-02 06:33    --------    d-----w-    c:\programdata\AVG2012
2014-10-02 06:20 . 2014-10-02 07:07    --------    d-----w-    c:\program files\Common Files\Bitdefender
2014-10-02 02:41 . 2014-10-02 02:41    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-10-02 02:41 . 2014-10-02 02:41    --------    d-----w-    c:\programdata\RogueKiller
2014-10-02 01:51 . 2014-10-03 01:53    --------    d-----w-    C:\FRST
2014-09-30 09:53 . 2014-09-30 09:53    --------    d-----w-    c:\windows\ERUNT
2014-09-30 09:38 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-09-30 09:36 . 2014-10-03 02:50    --------    d-----w-    C:\AdwCleaner
2014-09-26 23:05 . 2014-09-26 23:07    --------    d-----w-    c:\program files (x86)\TABLET
2014-09-24 11:21 . 2014-09-24 11:21    --------    d-----w-    C:\found.000
2014-09-24 07:42 . 2014-09-24 07:43    --------    d-----w-    c:\program files (x86)\Microsoft LifeCam
2014-09-24 07:42 . 2014-09-24 07:42    --------    d-----w-    c:\program files\Microsoft LifeCam
2014-09-23 09:00 . 2014-09-23 09:00    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\c5a502e859860ee097d5bf360b820cf1\WMP xMPG Codec Pack.exe
2014-09-23 09:00 . 2014-09-23 09:00    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\bba637deb5abc56a942e1c137d078c9f\WMP xMPG Codec Pack.exe
2014-09-22 02:21 . 2014-09-26 23:05    --------    d-----w-    c:\windows\SysWow64\TabletPmt
2014-09-21 20:07 . 2014-09-21 20:07    --------    d-----w-    c:\users\Ant\AppData\Roaming\NVIDIA
2014-09-21 10:44 . 2014-09-13 20:13    613696    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-09-21 10:43 . 2014-09-13 21:53    3529872    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-21 10:43 . 2014-09-13 21:53    934216    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-21 10:43 . 2014-09-13 21:53    62608    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-21 10:43 . 2014-09-13 21:53    6890696    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-21 10:43 . 2014-09-13 21:53    385168    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-21 10:43 . 2014-09-11 15:37    3961833    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-09-21 10:42 . 2014-09-13 23:48    73872    ----a-w-    c:\windows\system32\OpenCL.dll
2014-09-21 10:42 . 2014-09-13 23:48    60560    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-09-21 06:58 . 2014-09-21 06:58    --------    d-----w-    c:\users\Ant\AppData\Local\LogMeIn
2014-09-21 06:58 . 2014-09-21 06:58    --------    d-----w-    c:\programdata\LogMeIn
2014-09-21 03:16 . 2014-09-21 03:16    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe
2014-09-21 02:17 . 2014-09-21 02:17    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fce7c884809a8be7683847ce23160259\MathMagic Personal Edition.exe
2014-09-21 02:16 . 2014-09-21 02:16    12582912    ----a-w-    c:\programdata\Microsoft\Secure\Icons\CachedIcons\data\fd1d770eae128471eaf90474121fb853\WMP x264 Codec Pack.exe
2014-09-19 07:27 . 2014-09-19 07:27    --------    d-----w-    c:\programdata\Poser Pro
2014-09-19 07:26 . 2014-09-19 07:26    --------    d-----w-    c:\users\Ant\AppData\Roaming\Poser Pro
2014-09-18 22:17 . 2014-09-18 22:17    --------    d-----w-    c:\users\Ant\AppData\Local\Ufmedia
2014-09-18 22:07 . 2014-09-25 23:23    --------    d-----w-    c:\users\Ant\AppData\Local\IPsoft
2014-09-18 08:16 . 2014-09-19 01:49    --------    d-----w-    c:\users\Ant\AppData\Local\FurryBall4
2014-09-15 04:30 . 2014-09-15 04:30    152    --sh--r-    c:\windows\ICSET50.BIN
2014-09-15 04:29 . 2014-09-15 04:29    --------    d-----w-    c:\programdata\Reallusion
2014-09-15 04:24 . 2014-09-15 04:24    --------    d-----w-    c:\program files (x86)\Reallusion
2014-09-14 20:51 . 2014-09-14 20:51    2498560    ----a-w-    c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-09-13 03:25 . 2014-09-13 07:25    --------    d-----w-    c:\users\Ant\AppData\Local\AVG Web TuneUp
2014-09-13 03:25 . 2014-09-13 03:24    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-09-13 03:24 . 2014-09-13 03:25    --------    d-----w-    c:\programdata\AVG Web TuneUp
2014-09-13 03:24 . 2014-09-13 03:24    --------    d-----w-    c:\program files (x86)\AVG Web TuneUp
2014-09-12 09:17 . 2014-09-12 10:35    --------    d-----w-    c:\users\Ant\AppData\Roaming\Synthesia
2014-09-11 19:29 . 2014-09-11 19:33    --------    d-----w-    c:\program files (x86)\eMedia Piano and Keyboard Method
2014-09-11 19:12 . 2014-09-11 19:12    --------    d-----w-    c:\programdata\QuickTime
2014-09-11 10:54 . 2014-09-29 00:22    --------    d-----w-    c:\program files (x86)\Clownfish
2014-09-10 22:09 . 2014-09-10 22:09    --------    d-----w-    c:\programdata\FLEXnet
2014-09-10 21:59 . 2014-09-10 21:59    --------    d-----w-    c:\program files\Common Files\Macrovision Shared
2014-09-10 21:47 . 2014-09-10 22:26    --------    d-----w-    c:\users\Ant\AppData\Local\Autodesk
2014-09-10 21:46 . 2014-09-10 22:00    --------    d-----w-    c:\program files\Common Files\Autodesk Shared
2014-09-10 21:46 . 2014-09-10 21:59    --------    d-----w-    c:\program files (x86)\Common Files\Autodesk Shared
2014-09-10 21:34 . 2014-09-15 02:54    --------    d-----w-    c:\users\Ant\AppData\Roaming\Autodesk
2014-09-10 21:34 . 2014-09-10 22:25    --------    d-----w-    c:\programdata\Autodesk
2014-09-09 01:14 . 2014-09-09 01:14    --------    d-----w-    c:\program files\Plogue
2014-09-04 12:50 . 2014-09-04 12:50    188304    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-01 09:08 . 2014-06-29 10:04    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2014-10-01 09:08 . 2012-12-08 19:06    348928    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2014-10-01 09:07 . 2012-12-08 18:41    297088    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2014-09-24 07:53 . 2012-03-31 04:01    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 07:53 . 2011-07-15 03:43    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 18:01 . 2010-08-03 17:45    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-28 21:57 . 2010-06-24 17:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-19 03:14 . 2014-08-19 03:14    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-30 02:34 . 2013-10-21 06:05    32320    ----a-w-    c:\windows\system32\drivers\FNETTBOH_305.SYS
2007-04-09 14:32 . 2009-11-17 18:15    828542    ----a-w-    c:\program files (x86)\free MP3 by eMusic.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll" [2014-06-02 1583384]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Ant\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-25 21646944]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-09-24 1323776]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender 2015\bdwtxag.exe" [2014-10-02 815088]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-20 5199984]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-09-24 5019360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"FaxCenterServer"="c:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2013-12-22 477064]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"WTClient"="WTClient.exe" [2014-03-10 32768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LoopBe1 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe1\loopBeMon.exe [2011-4-9 273024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-14057114-1929341420-811863276-1000\Scripts\Logoff\0\0]
"Script"=c:\program files\Bitdefender\Bitdefender 2015\support.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite^Registry: HKCU:RUN]
2010-04-01 09:16    357696    ----a-w-    c:\program files (x86)\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater3.1.0;vToolbarUpdater3.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys;c:\windows\SYSNATIVE\drivers\dalwdm.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys;c:\windows\SYSNATIVE\DRIVERS\leafnets.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8187B.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys;c:\windows\SYSNATIVE\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys;c:\windows\SYSNATIVE\DRIVERS\NBVolUp.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 DAZContentManagementService;DAZ Content Management Service;f:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe ;f:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe  [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2015\updatesrv.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 01:29    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:53]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 03:09]
.
2014-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-03 03:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-09-14 20:51    3140096    ----a-w-    c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2014-10-02 08:35    206352    ----a-w-    c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2350880]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2015\bdagent.exe" [2014-10-02 1597376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ant\AppData\Roaming\Mozilla\Firefox\Profiles\zn2mznam.default-1401590938101\
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-14057114-1929341420-811863276-1000\Software\SecuROM\License information*]
"datasecu"=hex:26,61,99,24,3e,01,af,b4,37,c3,97,b6,1c,0c,d3,cd,3f,8b,b1,24,f1,
   2e,4e,28,78,b7,1e,c1,c5,d9,0f,0c,8a,6c,7f,89,0e,38,e6,83,95,5a,90,13,44,96,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-04  05:59:06
ComboFix-quarantined-files.txt  2014-10-04 10:59
ComboFix2.txt  2014-10-04 03:17
ComboFix3.txt  2014-10-03 16:54
.
Pre-Run: 57,552,654,336 bytes free
Post-Run: 57,455,874,048 bytes free
.
- - End Of File - - 270B7E0576F666AA37321BB90425D4C5
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Here is the Eset scan log:

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\Sendori.Library.dll.vir    a variant of MSIL/Adware.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sk.Enabler\uninstall.exe.vir    a variant of Win32/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir    Win32/SProtector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Ant\AppData\Local\Babylon\Setup\Setup.exe.vir    Win32/Toolbar.Babylon potentially unwanted application
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Documents and Settings\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
 

 

Also since running all those tools and cleaning my pc then when I start it up it takes longer than usual to load the windows logon screen and it also takes longer to load everything when it boots into windows. My pc still runs fine and everything but it just takes longer than usual to load everything when it first boots up, any ideas what would cause that?

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dllC:\Documents and Settings\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll    C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    C:\Users\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll   C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Save and post that log,

 

Next,

 

Download and run this:

http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

That will remove Combofix and associated folders...
 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted…

 

Re-Boot when complete...

 

Let me know if those steps complete ok, also is the system still sluggish to boot/load?

 

Kevin..

Link to post
Share on other sites

Here is the Otm log:

 

All processes killed
========== FILES ==========
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll moved successfully.
File/Folder C:\Documents and Settings\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll not found.
File/Folder C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll not found.
File/Folder C:\Users\All Users\Application Data\Microsoft\Secure\Icons\IconsCacheHelper.dll not found.
File/Folder C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Ant
->Temp folder emptied: 1656 bytes
->Temporary Internet Files folder emptied: 6339328 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 246273120 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2306 bytes
 
User: Anyone
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4177731 bytes
%systemroot%\System32 .tmp files removed: 214448 bytes
%systemroot%\System32 (64bit) .tmp files removed: 301888 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6019704 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 251.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 10062014_194021

Files moved on Reboot...
C:\Users\Ant\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\master108661 moved successfully.
File C:\Windows\temp\~bd7A08.tmp not found!

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

tweak1.jpg

 

From the main GUI do the following:

 

 

Select Tab 5 and Create System Restore Point

 

 

tweak4.jpg

 

Select Start Repairs tab => Click the Start

 

 

tweak5.jpg

 

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

 

 

tweak6.jpg

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

 

tweak7.jpg

 

 

Let me see that log, do we see any improvement?

Link to post
Share on other sites

Here is the Windows repair log:

 

Tweaking.com - Windows Repair v2.9.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: LAMBDA
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Ant
Current Profile SID: S-1-5-21-14057114-1929341420-811863276-1000
Current Profile Classes: S-1-5-21-14057114-1929341420-811863276-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Ant\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:27:05

Process Count: 82
Commit Total: 2.22 GB
Commit Limit: 8.00 GB
Commit Peak: 3.39 GB
Handle Count: 23662
Kernel Total: 375.07 MB
Kernel Paged: 310.96 MB
Kernel Non Paged: 64.10 MB
System Cache: 1.40 GB
Thread Count: 1080
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 1.90 GB(47.4604%)
Memory Avail.: 2.10 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4.00 GB
Memory Used: 1.61 GB(40.1832%)
Memory Avail.: 2.39 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (10/7/2014 5:40:55 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 114
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (10/7/2014 5:41:03 AM)
   Running Repair Under Current User Account
   Done (10/7/2014 5:41:36 AM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/7/2014 5:41:36 AM)
   Running Repair Under System Account
   Done (10/7/2014 5:46:40 AM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (10/7/2014 5:46:40 AM)
   Running Repair Under System Account
   Done (10/7/2014 5:48:09 AM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (10/7/2014 5:48:09 AM)
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (10/7/2014 6:17:15 AM)

02 - Reset File Permissions: F:
   F: & Sub Folders
   Start (10/7/2014 6:17:15 AM)
   Trying To Run Repair As Trusted Installer.
   This Repair Is Hidden By Windows Itself.
   You Can See The Repair Working In The Task Manager.
   Running Repair As Trusted Installer
   Done (10/7/2014 6:23:33 AM)

02 - Reset File Permissions: All Profiles
   C:\Users & Sub Folders
   Start (10/7/2014 6:23:33 AM)
   Running Repair Under System Account
   Done (10/7/2014 6:29:41 AM)

02 - Reset File Permissions: Current Profile
   C:\Users\Ant & Sub Folders
   Start (10/7/2014 6:29:41 AM)
   Running Repair Under System Account
   Done (10/7/2014 6:32:05 AM)

02 - Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (10/7/2014 6:32:05 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:32:08 AM)

03 - Reset Service Permissions
   Start (10/7/2014 6:32:08 AM)
   Running Repair Under System Account
   Done (10/7/2014 6:32:44 AM)

04 - Register System Files
   Start (10/7/2014 6:32:44 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:33:39 AM)

05 - Repair WMI
   Start (10/7/2014 6:33:39 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Bitdefender Antivirus Exported.

   Exporting AntiSpyware Info...
   Bitdefender Antispyware Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   Bitdefender Firewall Exported.

   Running Repair Under Current User Account
   Done (10/7/2014 6:37:22 AM)

06 - Repair Windows Firewall
   Start (10/7/2014 6:37:22 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:38:00 AM)

07 - Repair Internet Explorer
   Start (10/7/2014 6:38:00 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:38:48 AM)

08 - Repair MDAC/MS Jet
   Start (10/7/2014 6:38:48 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:39:07 AM)

09 - Repair Hosts File
   Start (10/7/2014 6:39:07 AM)
   Running Repair Under System Account
   Done (10/7/2014 6:39:08 AM)

10 - Remove Policies Set By Infections
   Start (10/7/2014 6:39:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:39:11 AM)

11 - Repair Start Menu Icons Removed By Infections
   Start (10/7/2014 6:39:11 AM)
   Running Repair Under System Account
   Done (10/7/2014 6:39:12 AM)

12 - Repair Icons
   Start (10/7/2014 6:39:12 AM)
   Running Repair Under Current User Account
   Done (10/7/2014 6:39:13 AM)

13 - Repair Winsock & DNS Cache
   Start (10/7/2014 6:39:13 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:39:40 AM)

15 - Repair Proxy Settings
   Start (10/7/2014 6:39:40 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:39:42 AM)

17 - Repair Windows Updates
   Start (10/7/2014 6:39:42 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (10/7/2014 6:40:10 AM)

18 - Repair CD/DVD Missing/Not Working
   Start (10/7/2014 6:40:10 AM)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (10/7/2014 6:40:10 AM)

19 - Repair Volume Shadow Copy Service
   Start (10/7/2014 6:40:10 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:36 AM)

21 - Repair MSI (Windows Installer)
   Start (10/7/2014 6:40:36 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:49 AM)

23.01 - Repair bat Association
   Start (10/7/2014 6:40:50 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:52 AM)

23.02 - Repair cmd Association
   Start (10/7/2014 6:40:52 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:54 AM)

23.03 - Repair com Association
   Start (10/7/2014 6:40:54 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:56 AM)

23.04 - Repair Directory Association
   Start (10/7/2014 6:40:56 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:40:58 AM)

23.05 - Repair Drive Association
   Start (10/7/2014 6:40:58 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:00 AM)

23.06 - Repair exe Association
   Start (10/7/2014 6:41:01 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:03 AM)

23.07 - Repair Folder Association
   Start (10/7/2014 6:41:03 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:05 AM)

23.08 - Repair inf Association
   Start (10/7/2014 6:41:05 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:07 AM)

23.09 - Repair lnk (Shortcuts) Association
   Start (10/7/2014 6:41:07 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:09 AM)

23.10 - Repair msc Association
   Start (10/7/2014 6:41:09 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:12 AM)

23.11 - Repair reg Association
   Start (10/7/2014 6:41:12 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:14 AM)

23.12 - Repair scr Association
   Start (10/7/2014 6:41:14 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:16 AM)

24 - Repair Windows Safe Mode
   Start (10/7/2014 6:41:16 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:18 AM)

25 - Repair Print Spooler
   Start (10/7/2014 6:41:18 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:33 AM)

26 - Restore Important Windows Services
   Start (10/7/2014 6:41:33 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:42 AM)

27 - Set Windows Services To Default Startup
   Start (10/7/2014 6:41:42 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:55 AM)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (10/7/2014 6:41:55 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/7/2014 6:41:57 AM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (10/7/2014 6:41:57 AM)
   Total Repair Time: 01:01:07


...YOU MUST RESTART YOUR SYSTEM...
 

My pc is still slower at system startup, is there anything else I can do?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.