Jump to content

Malwarebytes won't open & Chameleon doesn't work. What now?


kzuki

Recommended Posts

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014

Ran by Karric (administrator) on KARRIC-HP on 15-10-2014 10:01:31

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Loaded Profiles: Karric &  (Available profiles: Karric)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Akamai Technologies, Inc.) C:\Users\Karric\AppData\Local\Akamai\netsession_win.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

(IObit) C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(MalwareBytes) C:\Users\Karric\Desktop\Chameleon\Windows\iexplore.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Users\Karric\Documents\Virus-TOOLS prevention\mjhf65yj.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Karric\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)

HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

HKU\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe [847536 2014-05-13] (Adobe Systems Incorporated)

Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * bootdelete

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe


SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.


SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default

FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Karric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default\Extensions\ascsurfingprotection@iobit.com [2013-11-28]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-25]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

 

Chrome: 

=======

CHR Profile: C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2014-08-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (Skype Click to Call) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-21]

CHR Extension: (Google Wallet) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

CHR Extension: (Recently Closed Tabs) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2014-10-06]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR StartMenuInternet: Google Chrome - C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)

S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-28] (BitRaider, LLC)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]

S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4100400 2011-05-08] (INCA Internet Co., Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-24] ()

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S4 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)

S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)

S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)

S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-07] (BitRaider)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

S3 dump_wmimmc; No ImagePath

S3 EagleX64; No ImagePath

S3 hitmanpro37; C:\Windows\SysWOW64\drivers\hitmanpro37.sys [30616 2014-10-11] ()

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2013-08-17] ()

S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.) [File not signed]

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 X6va003; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 clwvd; system32\DRIVERS\clwvd.sys [X]

S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

U3 pwdcapob; \??\C:\Users\Karric\AppData\Local\Temp\pwdcapob.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-15 10:00 - 2014-10-15 10:00 - 02110464 _____ (Farbar) C:\Users\Karric\Downloads\FRST64.exe

2014-10-15 09:56 - 2014-10-15 09:56 - 00003551 _____ () C:\Users\Karric\Desktop\GMER Log 10-15-2014.log

2014-10-15 09:46 - 2014-10-15 09:46 - 00000323 _____ () C:\Users\Karric\Desktop\Home made tootpaste.txt

2014-10-12 23:39 - 2014-10-12 23:39 - 00001425 _____ () C:\Users\Karric\Desktop\JRT.txt

2014-10-12 23:20 - 2014-10-12 23:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Karric\Desktop\rkill.exe

2014-10-12 23:19 - 2014-10-12 23:19 - 00000905 _____ () C:\Users\Karric\Desktop\ERUNT.lnk

2014-10-12 23:19 - 2014-10-12 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-10-12 23:19 - 2014-10-12 23:19 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-10-12 23:15 - 2014-10-12 23:21 - 00002772 _____ () C:\Users\Karric\Desktop\Rkill.txt

2014-10-12 22:18 - 2014-10-12 23:05 - 00000000 ____D () C:\Users\Karric\Desktop\mbar

2014-10-11 23:34 - 2014-10-11 23:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\SysWOW64\bootdelete.exe

2014-10-11 23:34 - 2014-10-11 23:34 - 00000162 _____ () C:\Windows\SysWOW64\bootdelete.lst

2014-10-11 22:57 - 2014-10-11 23:34 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys

2014-10-11 22:56 - 2014-10-11 22:56 - 00000000 ____D () C:\Program Files (x86)\HitmanPro

2014-10-11 22:10 - 2014-06-03 15:08 - 00000000 ____D () C:\Users\Karric\Desktop\Chameleon

2014-10-10 11:00 - 2014-10-10 11:00 - 644419510 _____ () C:\Users\Karric\Desktop\Fair Tax Presentation to Rotary.mov

2014-10-07 15:35 - 2014-10-07 15:38 - 134168722 _____ () C:\Users\Karric\Desktop\Airplane Graveyard Vs Pro Freerunners- THE TAKEOVER.mp4

2014-10-07 14:04 - 2014-10-07 14:04 - 36134067 _____ () C:\Users\Karric\Desktop\Fairtax Final VO.zip

2014-10-07 14:03 - 2014-10-10 09:41 - 00000000 ____D () C:\Users\Karric\Desktop\Fair tax

2014-10-07 13:56 - 2014-10-07 13:57 - 77586613 _____ () C:\Users\Karric\Desktop\Micheal Guthrie - New Heights Promo 2014.mp4

2014-10-07 13:54 - 2014-10-07 13:55 - 35138315 _____ () C:\Users\Karric\Desktop\Michael Guthrie- Foot Prints (BMCC).mp4

2014-10-06 13:00 - 2014-10-06 13:00 - 00000526 _____ () C:\Users\Karric\Documents\Uninstall STAR WARS The Old Republic.log

2014-10-06 12:53 - 2014-10-06 12:53 - 00000000 ____D () C:\Users\Karric\AppData\Local\Zoom

2014-10-06 12:45 - 2014-10-06 12:57 - 00000000 ____D () C:\Users\Karric\Desktop\Karric Data & goals

2014-09-25 14:28 - 2014-10-09 09:22 - 00000000 ____D () C:\Users\Karric\Desktop\Parkour - Stunt HAT- WFPF

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-15 10:02 - 2014-05-29 10:05 - 00000000 ____D () C:\FRST

2014-10-15 10:01 - 2014-06-03 00:08 - 00000000 ____D () C:\Users\Karric\Documents\Virus-TOOLS prevention

2014-10-15 09:57 - 2011-08-31 18:35 - 00000000 ____D () C:\Users\Karric\AppData\Local\CrashDumps

2014-10-15 09:29 - 2011-08-31 16:31 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

2014-10-15 09:16 - 2013-03-22 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-15 08:53 - 2011-09-26 17:50 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

2014-10-15 08:45 - 2011-09-26 17:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

2014-10-15 08:44 - 2014-04-02 11:46 - 00812013 _____ () C:\Windows\WindowsUpdate.log

2014-10-14 23:40 - 2014-02-06 13:21 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarric

2014-10-14 23:40 - 2014-02-06 13:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForKarric.job

2014-10-14 23:29 - 2011-08-31 16:31 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

2014-10-14 21:45 - 2011-08-31 16:26 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8726CEAA-7A79-42D7-8D23-747826B95982}

2014-10-14 16:35 - 2014-07-03 11:52 - 00000000 ___RD () C:\Users\Karric\Desktop\ME

2014-10-14 16:28 - 2009-07-14 01:13 - 00005636 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-14 04:52 - 2014-06-03 10:25 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-14 04:52 - 2014-06-02 10:58 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-14 04:52 - 2014-06-02 10:58 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-13 11:10 - 2012-09-11 08:01 - 00000000 ___RD () C:\Users\Karric\Desktop\New Cool Pix!

2014-10-12 23:19 - 2014-06-10 12:11 - 00000000 ____D () C:\Windows\erdnt

2014-10-12 23:05 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-10-12 22:35 - 2014-05-30 15:19 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-11 22:09 - 2014-05-28 11:06 - 00000000 ____D () C:\AdwCleaner

2014-10-09 14:30 - 2012-09-13 00:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Mozilla

2014-10-06 15:45 - 2014-07-01 14:40 - 00000312 _____ () C:\Users\Karric\Desktop\Tampa Rides.txt

2014-10-06 13:01 - 2013-06-09 05:49 - 00000000 ____D () C:\ProgramData\NexonUS

2014-10-06 13:00 - 2011-09-03 15:28 - 00000000 ____D () C:\Program Files (x86)\NCH Software

2014-10-06 12:57 - 2012-09-11 07:57 - 00000000 ___RD () C:\Users\Karric\Desktop\All extra folders

2014-10-06 12:53 - 2014-06-11 12:09 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Zoom

2014-10-06 12:01 - 2011-09-04 03:27 - 00000000 ___RD () C:\Users\Karric\Desktop\Vids n edits

2014-09-30 00:39 - 2013-01-01 02:48 - 00000000 ____D () C:\Users\Karric\AppData\Local\PMB Files

2014-09-30 00:16 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-30 00:16 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-30 00:07 - 2012-06-19 11:52 - 00000000 ____D () C:\ProgramData\VMware

2014-09-30 00:05 - 2014-06-12 00:02 - 00000784 _____ () C:\Windows\setupact.log

2014-09-30 00:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-30 00:01 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss

2014-09-29 11:19 - 2012-03-12 10:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Audacity

2014-09-29 11:18 - 2011-12-05 19:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound

2014-09-28 20:38 - 2014-05-28 12:15 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster

2014-09-28 20:38 - 2012-06-30 02:04 - 00000000 ___RD () C:\Users\Karric\Dropbox

2014-09-28 20:38 - 2012-06-30 02:02 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Dropbox

2014-09-28 20:33 - 2009-07-14 00:45 - 05096064 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-28 20:32 - 2014-06-12 00:12 - 00012710 _____ () C:\Windows\PFRO.log

2014-09-24 23:10 - 2012-06-02 22:35 - 00002370 _____ () C:\Users\Karric\Desktop\Google Chrome.lnk

2014-09-24 13:41 - 2012-06-21 14:56 - 00000132 _____ () C:\Users\Karric\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-09-24 13:39 - 2011-08-31 16:24 - 00169288 _____ () C:\Users\Karric\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-19 16:22 - 2014-09-09 16:34 - 00010969 _____ () C:\Users\Karric\Desktop\Karric's Schedule.xlsx

ZeroAccess:

C:\Users\Karric\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

Files to move or delete:

====================

C:\ProgramData\ghjwbvfr.fee

C:\ProgramData\jwo9ifa.fee

C:\ProgramData\rjod1wljw7t.fee

C:\Users\Karric\jagex_cl_runescape_LIVE.dat

C:\Users\Karric\jagex_cl_runescape_LIVE1.dat

C:\Users\Karric\jagex_cl_speccollect_LIVE.dat

C:\Users\Karric\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Karric\AppData\Local\Temp\4843824b80d9fb0259696bfb0b22a7a2.dll

C:\Users\Karric\AppData\Local\Temp\9ede8e7a9b9e414435cf68ad4886fe03.dll

C:\Users\Karric\AppData\Local\Temp\aacdec.exe

C:\Users\Karric\AppData\Local\Temp\avgnt.exe

C:\Users\Karric\AppData\Local\Temp\DEL765E.EXE

C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxa9wqe.dll

C:\Users\Karric\AppData\Local\Temp\ffmpeg11.exe

C:\Users\Karric\AppData\Local\Temp\NGM.exe

C:\Users\Karric\AppData\Local\Temp\NGMDll.dll

C:\Users\Karric\AppData\Local\Temp\NGMResource.dll

C:\Users\Karric\AppData\Local\Temp\oggenc.exe

C:\Users\Karric\AppData\Local\Temp\vpsetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-06 00:45

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014

Ran by Karric at 2014-10-15 10:03:15

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adobe After Effects CS5 (HKLM-x32\...\{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}) (Version: 10 - Adobe Systems Incorporated)

Adobe After Effects CS5 Third Party Content (HKLM-x32\...\{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}) (Version: 10 - Adobe Systems Incorporated)

Adobe After Effects CS5 Third Party Royalty Content (HKLM-x32\...\{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}) (Version: 10 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)

Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.0.6 - IObit)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)

Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)

Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)

Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )

APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.3.3.560517 - )

Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)

AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)

Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)

Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )

Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)

GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)

HashTab 1.14 for x32 (HKLM-x32\...\HashTab) (Version: 1.14 for x32 - Cody Batt)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden

HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)

HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)

HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6327.0 - IDT)

IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1083 - IObit)

Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)

Magic Bullet Looks Vegas (HKLM-x32\...\Magic Bullet Looks Vegas) (Version:  - )

Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{B96F0F49-0609-461E-AC7A-6DA12B104F55}) (Version: 11.3.1 - Red Giant Software)

Magic Bullet Suite 64-bit (Version: 11.3.1 - Red Giant Software) Hidden

MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)

MAGIX Screenshare (HKLM-x32\...\{DFDD2913-557D-4EB5-8745-47749E521760}) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)

Native Instruments Kontakt 5 (Version: 5.2.1.6382 - Native Instruments) Hidden

Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)

Native Instruments Kontakt Factory Selection (Version: 1.2.0.004 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden

NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)

NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)

Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )

NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )

NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)

NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)

NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)

NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)

Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)

NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)

Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.1 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

SFPack (HKLM-x32\...\Megota Software SFPack Uninstall) (Version:  - )

Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.2.10 - PcWinTech.com)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.7 - IObit)

Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.2) (Version: 2.0.2 - Sparkol)

Sparkol VideoScribe (x32 Version: 2.0.2 - Sparkol) Hidden

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

Tone2 Gladiator VSTi v2.2 (HKLM-x32\...\Tone2 Gladiator VSTi_is1) (Version:  - )

tools-windows (x32 Version: 8.1.4.11056 - VMware, Inc.) Hidden

Trapcode Form (HKLM-x32\...\Trapcode Form) (Version:  - )

Trapcode Particular (HKLM-x32\...\InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}) (Version: 2.1.0 - Red Giant Software)

Trapcode Particular (Version: 2.1.0 - Red Giant Software) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vegas Pro 10.0 (64-bit) (HKLM\...\{7A92C561-A1D5-11E0-92E1-0013D3D69929}) (Version: 10.0.738 - Sony)

Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)

VMware Player (x32 Version: 3.0.1.11056 - VMware, Inc.) Hidden

WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)

Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

XAMPP 1.8.0 (HKLM-x32\...\xampp) (Version:  - )

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

05-10-2014 04:12:07 Scheduled Checkpoint

06-10-2014 16:57:13 Removed Steam

06-10-2014 17:00:49 Removed RoxioNow Player.

12-10-2014 02:50:58 Checkpoint by HitmanPro

15-10-2014 13:59:28 October 15, 2014 Yeaa

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-06-10 12:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {010B998F-5B42-4FE1-BE3B-FD416CBDCEDE} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)

Task: {24940D7C-2CFC-4AC4-8D7D-0830BB75F449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {30DAFDC4-EBE7-40BD-9199-10BE6AAFA226} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)

Task: {43355DC0-C0D7-4DBD-B267-C25DD3B0745C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)

Task: {5ADC74CF-4AD6-41F2-8F55-29B34445C37A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {7409856E-7C75-4876-A15C-31F6EE3C74F6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-08-03] ()

Task: {742516A2-320E-4DB2-AE8A-086D1CFBB566} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-11-11] (IObit)

Task: {8271F3C7-6AB2-467E-9C45-86CC615C5B2E} - System32\Tasks\ASC7_SkipUac_Karric => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-18] (IObit)

Task: {8C128C0D-4E81-4118-87EF-5F6F26455F95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)

Task: {AC6CF2A8-32F7-4264-9D8B-A8099B7070AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)

Task: {AD4A3D76-C92C-466F-8C79-7C34BB205208} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe

Task: {AF342588-D79C-46B8-B889-61EF4775FE12} - System32\Tasks\NCH Swift Sound\wavepadDowngrade => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-12-11] (NCH Software)

Task: {B2B337DB-D44B-493C-B656-A7A2F43EC111} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\WavePad.exe [2011-12-11] (NCH Software)

Task: {C96E062C-8F58-47A7-80A1-1D0340DD5E2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)

Task: {CC9D3E1D-D2E5-42C9-9D3A-3A1297E5AC9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)

Task: {D31E35F9-AA73-4D2B-9DCC-D89C5456FA3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)

Task: {D350302A-D736-4E57-B7D9-5B500A53E8CB} - \AutoKMS No Task File <==== ATTENTION

Task: {EE999B07-AE05-48A7-AA18-B3B627813036} - System32\Tasks\HPCeeScheduleForKarric => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForKarric.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-09-04 19:34 - 2012-03-24 13:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2011-08-31 19:12 - 2011-05-29 01:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll

2014-10-15 09:35 - 2014-10-15 09:35 - 00380416 _____ () C:\Users\Karric\Documents\Virus-TOOLS prevention\mjhf65yj.exe

2013-11-28 04:13 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll

2010-01-22 21:57 - 2010-01-22 21:57 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2010-01-22 21:56 - 2010-01-22 21:56 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll

2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll

2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll

2013-06-06 17:59 - 2013-06-06 17:59 - 00158744 _____ () C:\Program Files (x86)\Aeria Games\Ignite\AGAkamai.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 01098056 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 00174408 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 08577864 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 00331592 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 01660232 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

2014-06-10 14:25 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Karric\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 14891848 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AdvancedSystemCareService7 => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: BRSptSvc => 3

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: HP Health Check Service => 2

MSCONFIG\Services: HPClientSvc => 2

MSCONFIG\Services: hpCMSrv => 3

MSCONFIG\Services: HPDrvMntSvc.exe => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: HPWMISVC => 2

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: IconMan_R => 2

MSCONFIG\Services: LiveUpdateSvc => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: RoxioNow Service => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: ufad-ws60 => 3

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: VMAuthdService => 2

MSCONFIG\Services: VMUSBArbService => 2

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^jwo9ifa.lnk => C:\Windows\pss\jwo9ifa.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe

MSCONFIG\startupreg: BCSSync => "c:\program files (x86)\microsoft office\office14\bcssync.exe" /delayservices

MSCONFIG\startupreg: cFosSpeed => C:\Program Files\cFosSpeed\cFosSpeed.exe

MSCONFIG\startupreg: HP Quick Launch => 

MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MSCONFIG\startupreg: iTunesHelper => 

MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"

MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent

MSCONFIG\startupreg: XboxStat => 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-367337438-1720701193-187401372-500 - Administrator - Disabled)

Guest (S-1-5-21-367337438-1720701193-187401372-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-367337438-1720701193-187401372-1002 - Limited - Enabled)

Karric (S-1-5-21-367337438-1720701193-187401372-1000 - Administrator - Enabled) => C:\Users\Karric

__vmware_user__ (S-1-5-21-367337438-1720701193-187401372-1004 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: VMware Virtual Ethernet Adapter for VMnet1

Description: VMware Virtual Ethernet Adapter for VMnet1

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: VMnetAdapter

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: VMware Virtual Ethernet Adapter for VMnet8

Description: VMware Virtual Ethernet Adapter for VMnet8

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: VMnetAdapter

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/15/2014 09:57:36 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x2044

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (10/15/2014 09:57:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp: 0x4e1b6f92

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x00038dc9

Faulting process id: 0x240

Faulting application start time: 0xwinamp.exe0

Faulting application path: winamp.exe1

Faulting module path: winamp.exe2

Report Id: winamp.exe3

 

Error: (10/15/2014 00:13:20 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/14/2014 04:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp: 0x4e1b6f92

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x00038dc9

Faulting process id: 0x2584

Faulting application start time: 0xwinamp.exe0

Faulting application path: winamp.exe1

Faulting module path: winamp.exe2

Report Id: winamp.exe3

 

Error: (10/14/2014 04:27:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (10/14/2014 04:27:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (10/14/2014 06:32:14 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/14/2014 06:04:05 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/13/2014 01:56:40 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

Error: (10/13/2014 00:41:41 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-06-10 12:30:16.276

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-06-10 12:30:16.261

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:43:50.588

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:43:50.573

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:16:01.266

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:16:01.253

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-15 00:37:04.879

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-15 00:37:04.866

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-12 21:47:56.933

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-12 21:47:56.923

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 46%

Total physical RAM: 7989.86 MB

Available physical RAM: 4251.56 MB

Total Pagefile: 24372.05 MB

Available Pagefile: 19918 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:450.77 GB) (Free:90.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Kontakt Factory Selection) (CDROM) (Total:0.55 GB) (Free:0 GB) UDF

Drive g: (NFSMostWanted) (CDROM) (Total:2.18 GB) (Free:0 GB) CDFS

Drive h: (Oblivion) (CDROM) (Total:4.18 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1A001F58)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Karric [Administrator]

Mode : Scan -- Date : 10/15/2014  10:20:39

 

¤¤¤ Processes : 1 ¤¤¤

[suspicious.Path] iexplore.exe -- C:\Users\Karric\Desktop\Chameleon\Windows\iexplore.exe[7] -> Killed [DrvNtTerm]

 

¤¤¤ Registry : 89 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pwdcapob (\??\C:\Users\Karric\AppData\Local\Temp\pwdcapob.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdcapob (\??\C:\Users\Karric\AppData\Local\Temp\pwdcapob.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 (\??\C:\Windows\xhunter1.sys) -> Found

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-8\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-8\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-9\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-9\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-8\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-8\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-9\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-9\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-2\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-4\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-5\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-6\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-367337438-1720701193-187401372-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-7\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{243B2CE1-2F32-4E1B-8821-848E703CDF98} | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{243B2CE1-2F32-4E1B-8821-848E703CDF98} | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{243B2CE1-2F32-4E1B-8821-848E703CDF98} | DhcpNameServer : 65.32.5.111 65.32.5.112  -> Found

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 2 ¤¤¤

[ZeroAccess][Folder] Install -- C:\Users\Karric\AppData\Local\Google\Desktop\Install -> Found

[ZeroAccess][Folder] Install -- C:\Program Files (x86)\Google\Desktop\Install -> Found

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-60HXZT1 +++++

--- User ---

[MBR] d80b718d55edbcdfd1eff8c2d370a9a2

[bSP] ed0603ae47989b025894324073cd47e3 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 461585 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 945735680 | Size: 15051 MB

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/15/2014

Scan Time: 11:43:40 AM

Logfile: Malwarebytes log oct 15 2014.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.15.06

Rootkit Database: v2014.10.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Karric

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 361384

Time Elapsed: 37 min, 54 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 01

Ran by Karric (administrator) on KARRIC-HP on 15-10-2014 12:33:22

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Loaded Profiles: Karric (Available profiles: Karric)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe

(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\Sparkol\Sparkol VideoScribe\VideoScribeDesktop.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-23] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-02-15] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)

HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)

HKLM-x32\...\Run: [VMware hqtray] => C:\Program Files (x86)\VMware\VMware Player\hqtray.exe [64048 2010-01-22] (VMware, Inc.)

HKLM-x32\...\Run: [HP Quick Launch] => c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

Startup: C:\Users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * bootdelete

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe


SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope value is missing.


SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-04-18] (EasyBits Software Corp.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

 

FireFox:

========

FF ProfilePath: C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default

FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Karric\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Karric\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Karric\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default\Extensions\ascsurfingprotection@iobit.com [2013-11-28]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-25]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

 

Chrome: 

=======

CHR Profile: C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Assassin's Creed IV Black Flag) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\agibflpbghgmiinfaefgnldmfajdance [2014-08-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (Skype Click to Call) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-21]

CHR Extension: (Google Wallet) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

CHR Extension: (Recently Closed Tabs) - C:\Users\Karric\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc [2014-10-06]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR StartMenuInternet: Google Chrome - C:\Users\Karric\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-14] (Avira Operations GmbH & Co. KG)

S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)

S4 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-28] (BitRaider, LLC)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]

S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4100400 2011-05-08] (INCA Internet Co., Ltd.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-03-24] ()

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S4 ufad-ws60; C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe [191024 2009-10-12] (VMware, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2012-03-02] (LG Electronics Inc.)

S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2012-03-02] (LG Electronics Inc.)

S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2012-03-02] (LG Electronics Inc.)

S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2012-03-02] (LG Electronics Inc.)

S3 androidusb; C:\Windows\System32\Drivers\lgandadb.sys [31744 2010-08-02] (Google Inc)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-07] (BitRaider)

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()

S3 dump_wmimmc; No ImagePath

S3 EagleX64; No ImagePath

S3 hitmanpro37; C:\Windows\SysWOW64\drivers\hitmanpro37.sys [30616 2014-10-11] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-15] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2013-08-17] ()

S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4774 2012-03-06] (INCA Internet Co., Ltd.) [File not signed]

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()

R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 X6va003; No ImagePath

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 clwvd; system32\DRIVERS\clwvd.sys [X]

S3 wolf; \??\C:\AeriaGames\Wolfteam\avital\wolf64.sys [X]

S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-15 11:40 - 2014-10-15 11:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-15 11:40 - 2014-10-15 11:40 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-15 11:40 - 2014-10-15 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-15 11:40 - 2014-10-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-15 11:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-15 11:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-15 11:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-15 11:39 - 2014-10-15 11:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Karric\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-15 11:31 - 2014-10-15 11:31 - 00000138 _____ () C:\Users\Karric\Desktop\surveying for dpt 17 services.txt

2014-10-15 11:30 - 2014-10-15 11:30 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Karric\Downloads\mbam-clean-2.1.1.1001.exe

2014-10-15 10:15 - 2014-10-15 10:15 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-10-15 10:09 - 2014-10-15 10:10 - 18495064 _____ () C:\Users\Karric\Downloads\RogueKillerX64.exe

2014-10-15 10:00 - 2014-10-15 10:00 - 02110464 _____ (Farbar) C:\Users\Karric\Downloads\FRST64.exe

2014-10-15 09:56 - 2014-10-15 09:56 - 00003551 _____ () C:\Users\Karric\Desktop\GMER Log 10-15-2014.log

2014-10-15 09:46 - 2014-10-15 09:46 - 00000323 _____ () C:\Users\Karric\Desktop\Home made tootpaste.txt

2014-10-12 23:39 - 2014-10-12 23:39 - 00001425 _____ () C:\Users\Karric\Desktop\JRT.txt

2014-10-12 23:20 - 2014-10-12 23:14 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Karric\Desktop\rkill.exe

2014-10-12 23:19 - 2014-10-12 23:19 - 00000905 _____ () C:\Users\Karric\Desktop\ERUNT.lnk

2014-10-12 23:19 - 2014-10-12 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-10-12 23:19 - 2014-10-12 23:19 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-10-12 23:15 - 2014-10-12 23:21 - 00002772 _____ () C:\Users\Karric\Desktop\Rkill.txt

2014-10-12 22:18 - 2014-10-12 23:05 - 00000000 ____D () C:\Users\Karric\Desktop\mbar

2014-10-11 23:34 - 2014-10-11 23:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\SysWOW64\bootdelete.exe

2014-10-11 23:34 - 2014-10-11 23:34 - 00000162 _____ () C:\Windows\SysWOW64\bootdelete.lst

2014-10-11 22:57 - 2014-10-11 23:34 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys

2014-10-11 22:56 - 2014-10-11 22:56 - 00000000 ____D () C:\Program Files (x86)\HitmanPro

2014-10-11 22:10 - 2014-06-03 15:08 - 00000000 ____D () C:\Users\Karric\Desktop\Chameleon

2014-10-10 11:00 - 2014-10-10 11:00 - 644419510 _____ () C:\Users\Karric\Desktop\Fair Tax Presentation to Rotary.mov

2014-10-07 15:35 - 2014-10-07 15:38 - 134168722 _____ () C:\Users\Karric\Desktop\Airplane Graveyard Vs Pro Freerunners- THE TAKEOVER.mp4

2014-10-07 14:04 - 2014-10-07 14:04 - 36134067 _____ () C:\Users\Karric\Desktop\Fairtax Final VO.zip

2014-10-07 14:03 - 2014-10-15 11:50 - 00000000 ____D () C:\Users\Karric\Desktop\Fair tax

2014-10-07 13:56 - 2014-10-07 13:57 - 77586613 _____ () C:\Users\Karric\Desktop\Micheal Guthrie - New Heights Promo 2014.mp4

2014-10-07 13:54 - 2014-10-07 13:55 - 35138315 _____ () C:\Users\Karric\Desktop\Michael Guthrie- Foot Prints (BMCC).mp4

2014-10-06 13:00 - 2014-10-06 13:00 - 00000526 _____ () C:\Users\Karric\Documents\Uninstall STAR WARS The Old Republic.log

2014-10-06 12:53 - 2014-10-06 12:53 - 00000000 ____D () C:\Users\Karric\AppData\Local\Zoom

2014-10-06 12:45 - 2014-10-06 12:57 - 00000000 ____D () C:\Users\Karric\Desktop\Karric Data & goals

2014-09-25 14:28 - 2014-10-09 09:22 - 00000000 ____D () C:\Users\Karric\Desktop\Parkour - Stunt HAT- WFPF

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-10-15 12:33 - 2014-06-03 00:08 - 00000000 ____D () C:\Users\Karric\Documents\Virus-TOOLS prevention

2014-10-15 12:33 - 2014-05-29 10:05 - 00000000 ____D () C:\FRST

2014-10-15 12:29 - 2011-08-31 16:31 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

2014-10-15 12:16 - 2013-03-22 23:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-15 11:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-15 11:42 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-15 11:40 - 2012-06-04 00:47 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-15 11:39 - 2014-04-02 11:46 - 00815735 _____ () C:\Windows\WindowsUpdate.log

2014-10-15 11:34 - 2014-06-10 12:11 - 00000000 ____D () C:\Windows\erdnt

2014-10-15 11:34 - 2012-06-19 11:52 - 00000000 ____D () C:\ProgramData\VMware

2014-10-15 11:33 - 2014-06-12 00:02 - 00000840 _____ () C:\Windows\setupact.log

2014-10-15 11:33 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-15 11:32 - 2014-06-12 00:12 - 00129796 _____ () C:\Windows\PFRO.log

2014-10-15 11:13 - 2011-09-26 17:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

2014-10-15 09:57 - 2011-08-31 18:35 - 00000000 ____D () C:\Users\Karric\AppData\Local\CrashDumps

2014-10-15 08:53 - 2011-09-26 17:50 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

2014-10-14 23:40 - 2014-02-06 13:21 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForKarric

2014-10-14 23:40 - 2014-02-06 13:21 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForKarric.job

2014-10-14 23:29 - 2011-08-31 16:31 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

2014-10-14 21:45 - 2011-08-31 16:26 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8726CEAA-7A79-42D7-8D23-747826B95982}

2014-10-14 16:35 - 2014-07-03 11:52 - 00000000 ___RD () C:\Users\Karric\Desktop\ME

2014-10-14 16:28 - 2009-07-14 01:13 - 00005636 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-14 04:52 - 2014-06-03 10:25 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-10-14 04:52 - 2014-06-02 10:58 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-10-14 04:52 - 2014-06-02 10:58 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-10-13 11:10 - 2012-09-11 08:01 - 00000000 ___RD () C:\Users\Karric\Desktop\New Cool Pix!

2014-10-12 23:05 - 2014-06-02 11:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-10-11 22:09 - 2014-05-28 11:06 - 00000000 ____D () C:\AdwCleaner

2014-10-09 14:30 - 2012-09-13 00:57 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Mozilla

2014-10-06 15:45 - 2014-07-01 14:40 - 00000312 _____ () C:\Users\Karric\Desktop\Tampa Rides.txt

2014-10-06 13:01 - 2013-06-09 05:49 - 00000000 ____D () C:\ProgramData\NexonUS

2014-10-06 13:00 - 2011-09-03 15:28 - 00000000 ____D () C:\Program Files (x86)\NCH Software

2014-10-06 12:57 - 2012-09-11 07:57 - 00000000 ___RD () C:\Users\Karric\Desktop\All extra folders

2014-10-06 12:53 - 2014-06-11 12:09 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Zoom

2014-10-06 12:01 - 2011-09-04 03:27 - 00000000 ___RD () C:\Users\Karric\Desktop\Vids n edits

2014-09-30 00:39 - 2013-01-01 02:48 - 00000000 ____D () C:\Users\Karric\AppData\Local\PMB Files

2014-09-30 00:01 - 2014-05-28 15:42 - 00000000 ____D () C:\Windows\pss

2014-09-29 11:19 - 2012-03-12 10:39 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Audacity

2014-09-29 11:18 - 2011-12-05 19:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Swift Sound

2014-09-28 20:38 - 2014-05-28 12:15 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\DropboxMaster

2014-09-28 20:38 - 2012-06-30 02:04 - 00000000 ___RD () C:\Users\Karric\Dropbox

2014-09-28 20:38 - 2012-06-30 02:02 - 00000000 ____D () C:\Users\Karric\AppData\Roaming\Dropbox

2014-09-28 20:33 - 2009-07-14 00:45 - 05096064 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-24 23:10 - 2012-06-02 22:35 - 00002370 _____ () C:\Users\Karric\Desktop\Google Chrome.lnk

2014-09-24 13:41 - 2012-06-21 14:56 - 00000132 _____ () C:\Users\Karric\AppData\Roaming\Adobe PNG Format CS5 Prefs

2014-09-24 13:39 - 2011-08-31 16:24 - 00169288 _____ () C:\Users\Karric\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-19 16:22 - 2014-09-09 16:34 - 00010969 _____ () C:\Users\Karric\Desktop\Karric's Schedule.xlsx

ZeroAccess:

C:\Users\Karric\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install

 

Files to move or delete:

====================

C:\ProgramData\ghjwbvfr.fee

C:\ProgramData\jwo9ifa.fee

C:\ProgramData\rjod1wljw7t.fee

C:\Users\Karric\jagex_cl_runescape_LIVE.dat

C:\Users\Karric\jagex_cl_runescape_LIVE1.dat

C:\Users\Karric\jagex_cl_speccollect_LIVE.dat

C:\Users\Karric\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Karric\AppData\Local\Temp\4843824b80d9fb0259696bfb0b22a7a2.dll

C:\Users\Karric\AppData\Local\Temp\9ede8e7a9b9e414435cf68ad4886fe03.dll

C:\Users\Karric\AppData\Local\Temp\aacdec.exe

C:\Users\Karric\AppData\Local\Temp\avgnt.exe

C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxa9wqe.dll

C:\Users\Karric\AppData\Local\Temp\ffmpeg11.exe

C:\Users\Karric\AppData\Local\Temp\NGM.exe

C:\Users\Karric\AppData\Local\Temp\NGMDll.dll

C:\Users\Karric\AppData\Local\Temp\NGMResource.dll

C:\Users\Karric\AppData\Local\Temp\oggenc.exe

C:\Users\Karric\AppData\Local\Temp\vpsetup.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-06 00:45

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 01

Ran by Karric at 2014-10-15 12:32:15

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden

Adobe After Effects CS5 (HKLM-x32\...\{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}) (Version: 10 - Adobe Systems Incorporated)

Adobe After Effects CS5 Third Party Content (HKLM-x32\...\{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}) (Version: 10 - Adobe Systems Incorporated)

Adobe After Effects CS5 Third Party Royalty Content (HKLM-x32\...\{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}) (Version: 10 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)

Adobe Download Assistant (x32 Version: 1.0.6 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)

Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.0.6 - IObit)

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)

Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)

Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)

Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Alliance of Valiant Arms (HKLM-x32\...\Alliance of Valiant Arms) (Version:  - )

APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.3.3.560517 - )

Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)

Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)

AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)

AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.8.1 - BitRaider, LLC)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)

Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)

Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )

Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)

GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)

HashTab 1.14 for x32 (HKLM-x32\...\HashTab) (Version: 1.14 for x32 - Cody Batt)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden

HP On Screen Display (HKLM-x32\...\{B97A2DD1-46E5-41BB-95D9-3B971B66A498}) (Version: 1.1.1 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company)

HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)

HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{F8070C51-4B1D-430C-8BCF-19696368366F}) (Version: 4.0.110.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)

HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6327.0 - IDT)

IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1083 - IObit)

Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

K-Lite Codec Pack 10.1.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.1.5 - )

LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)

Magic Bullet Looks Vegas (HKLM-x32\...\Magic Bullet Looks Vegas) (Version:  - )

Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{B96F0F49-0609-461E-AC7A-6DA12B104F55}) (Version: 11.3.1 - Red Giant Software)

Magic Bullet Suite 64-bit (Version: 11.3.1 - Red Giant Software) Hidden

MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)

MAGIX Screenshare (HKLM-x32\...\{DFDD2913-557D-4EB5-8745-47749E521760}) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{5C375A31-ED71-4CA0-91E0-8FA47E72D56D}) (Version: 7.0.1.27 - MAGIX AG)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 15.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 15.0.1 (x86 en-US)) (Version: 15.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 15.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.2.1.6382 - Native Instruments)

Native Instruments Kontakt 5 (Version: 5.2.1.6382 - Native Instruments) Hidden

Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)

Native Instruments Kontakt Factory Selection (Version: 1.2.0.004 - Native Instruments) Hidden

Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)

Native Instruments Service Center (Version: 2.3.2.926 - Native Instruments) Hidden

NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)

NCsoft Launcher (HKLM-x32\...\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}) (Version: 1.5.19002 - NCsoft)

Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )

NewBlue Art Blends 2.0 for Vegas (HKLM-x32\...\NewBlue Art Blends 2.0 for Vegas) (Version:  - )

NewBlue Film Effects for Windows (HKLM-x32\...\NewBlue Film Effects for Windows) (Version: 1.4 - NewBlue)

NewBlue Motion Blends for Windows (HKLM-x32\...\NewBlue Motion Blends for Windows) (Version: 2.4 - NewBlue)

NewBlue Motion Effects for Windows (HKLM-x32\...\NewBlue Motion Effects for Windows) (Version: 2.4 - NewBlue)

NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 1.4 - NewBlue)

Noise Reduction Plug-In 2.0 (HKLM-x32\...\{847C6940-D852-11E2-81D2-F04DA23A5C58}) (Version: 2.0.596 - Sony)

NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)

Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version:  - )

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.1 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

SFPack (HKLM-x32\...\Megota Software SFPack Uninstall) (Version:  - )

Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.2.10 - PcWinTech.com)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

Smart Defrag 2 (HKLM-x32\...\Smart Defrag 2_is1) (Version: 2.7 - IObit)

Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.2) (Version: 2.0.2 - Sparkol)

Sparkol VideoScribe (x32 Version: 2.0.2 - Sparkol) Hidden

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)

Tone2 Gladiator VSTi v2.2 (HKLM-x32\...\Tone2 Gladiator VSTi_is1) (Version:  - )

tools-windows (x32 Version: 8.1.4.11056 - VMware, Inc.) Hidden

Trapcode Form (HKLM-x32\...\Trapcode Form) (Version:  - )

Trapcode Particular (HKLM-x32\...\InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}) (Version: 2.1.0 - Red Giant Software)

Trapcode Particular (Version: 2.1.0 - Red Giant Software) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vegas Pro 10.0 (64-bit) (HKLM\...\{7A92C561-A1D5-11E0-92E1-0013D3D69929}) (Version: 10.0.738 - Sony)

Vegas Pro 12.0 (64-bit) (HKLM\...\{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}) (Version: 12.0.394 - Sony)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

VMware Player (HKLM-x32\...\VMware_Player) (Version: 3.0.1.11056 - VMware, Inc)

VMware Player (x32 Version: 3.0.1.11056 - VMware, Inc.) Hidden

WavePad Sound Editor (HKLM-x32\...\WavePad) (Version:  - NCH Software)

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.621  - Nullsoft, Inc)

Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

XAMPP 1.8.0 (HKLM-x32\...\xampp) (Version:  - )

Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-367337438-1720701193-187401372-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karric\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

05-10-2014 04:12:07 Scheduled Checkpoint

06-10-2014 16:57:13 Removed Steam

06-10-2014 17:00:49 Removed RoxioNow Player.

12-10-2014 02:50:58 Checkpoint by HitmanPro

15-10-2014 13:59:28 October 15, 2014 Yeaa

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-06-10 12:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {010B998F-5B42-4FE1-BE3B-FD416CBDCEDE} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2012-09-06] (IObit)

Task: {24940D7C-2CFC-4AC4-8D7D-0830BB75F449} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {30DAFDC4-EBE7-40BD-9199-10BE6AAFA226} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)

Task: {43355DC0-C0D7-4DBD-B267-C25DD3B0745C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)

Task: {5ADC74CF-4AD6-41F2-8F55-29B34445C37A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)

Task: {7409856E-7C75-4876-A15C-31F6EE3C74F6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-08-03] ()

Task: {742516A2-320E-4DB2-AE8A-086D1CFBB566} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2013-11-11] (IObit)

Task: {8271F3C7-6AB2-467E-9C45-86CC615C5B2E} - System32\Tasks\ASC7_SkipUac_Karric => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-11-18] (IObit)

Task: {8C128C0D-4E81-4118-87EF-5F6F26455F95} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)

Task: {AC6CF2A8-32F7-4264-9D8B-A8099B7070AD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31] (Google Inc.)

Task: {AD4A3D76-C92C-466F-8C79-7C34BB205208} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe

Task: {AF342588-D79C-46B8-B889-61EF4775FE12} - System32\Tasks\NCH Swift Sound\wavepadDowngrade => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-12-11] (NCH Software)

Task: {B2B337DB-D44B-493C-B656-A7A2F43EC111} - System32\Tasks\NCH Swift Sound\wavepadShakeIcon => C:\Program Files (x86)\NCH Swift Sound\WavePad\WavePad.exe [2011-12-11] (NCH Software)

Task: {C96E062C-8F58-47A7-80A1-1D0340DD5E2E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)

Task: {CC9D3E1D-D2E5-42C9-9D3A-3A1297E5AC9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)

Task: {D31E35F9-AA73-4D2B-9DCC-D89C5456FA3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)

Task: {D350302A-D736-4E57-B7D9-5B500A53E8CB} - \AutoKMS No Task File <==== ATTENTION

Task: {EE999B07-AE05-48A7-AA18-B3B627813036} - System32\Tasks\HPCeeScheduleForKarric => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job => C:\Users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForKarric.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-09-04 19:34 - 2012-03-24 13:46 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-08-15 15:11 - 2014-08-15 15:11 - 00225280 _____ () C:\Program Files (x86)\Sparkol\Sparkol VideoScribe\VideoScribeDesktop.exe

2010-01-22 21:57 - 2010-01-22 21:57 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll

2010-01-22 21:56 - 2010-01-22 21:56 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Player\zlib1.dll

2014-06-10 14:25 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Karric\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 01098056 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 00174408 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 08577864 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 00331592 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 23:10 - 2014-09-23 00:06 - 01660232 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

2014-09-24 23:10 - 2014-09-23 00:07 - 14891848 _____ () C:\Users\Karric\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll

2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AdobeARMservice => 2

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3

MSCONFIG\Services: AdvancedSystemCareService7 => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: BRSptSvc => 3

MSCONFIG\Services: GamesAppService => 3

MSCONFIG\Services: HP Health Check Service => 2

MSCONFIG\Services: HPClientSvc => 2

MSCONFIG\Services: hpCMSrv => 3

MSCONFIG\Services: HPDrvMntSvc.exe => 2

MSCONFIG\Services: hpqwmiex => 3

MSCONFIG\Services: HPWMISVC => 2

MSCONFIG\Services: IAStorDataMgrSvc => 2

MSCONFIG\Services: IconMan_R => 2

MSCONFIG\Services: LiveUpdateSvc => 2

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: MBAMScheduler => 2

MSCONFIG\Services: MozillaMaintenance => 3

MSCONFIG\Services: RoxioNow Service => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: SwitchBoard => 3

MSCONFIG\Services: ufad-ws60 => 3

MSCONFIG\Services: UNS => 2

MSCONFIG\Services: VMAuthdService => 2

MSCONFIG\Services: VMUSBArbService => 2

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^jwo9ifa.lnk => C:\Windows\pss\jwo9ifa.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Karric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent

MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe

MSCONFIG\startupreg: BCSSync => "c:\program files (x86)\microsoft office\office14\bcssync.exe" /delayservices

MSCONFIG\startupreg: cFosSpeed => C:\Program Files\cFosSpeed\cFosSpeed.exe

MSCONFIG\startupreg: HP Quick Launch => 

MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

MSCONFIG\startupreg: iTunesHelper => 

MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"

MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

MSCONFIG\startupreg: Steam => "c:\program files (x86)\steam\steam.exe" -silent

MSCONFIG\startupreg: XboxStat => 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-367337438-1720701193-187401372-500 - Administrator - Disabled)

Guest (S-1-5-21-367337438-1720701193-187401372-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-367337438-1720701193-187401372-1002 - Limited - Enabled)

Karric (S-1-5-21-367337438-1720701193-187401372-1000 - Administrator - Enabled) => C:\Users\Karric

__vmware_user__ (S-1-5-21-367337438-1720701193-187401372-1004 - Limited - Enabled)

 

==================== Faulty Device Manager Devices =============

 

Name: VMware Virtual Ethernet Adapter for VMnet1

Description: VMware Virtual Ethernet Adapter for VMnet1

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: VMnetAdapter

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: VMware Virtual Ethernet Adapter for VMnet8

Description: VMware Virtual Ethernet Adapter for VMnet8

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: VMware, Inc.

Service: VMnetAdapter

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/15/2014 11:34:47 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (10/15/2014 09:57:36 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e

Exception code: 0x40000015

Fault offset: 0x0008d6fd

Faulting process id: 0x2044

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

 

Error: (10/15/2014 09:57:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp: 0x4e1b6f92

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x00038dc9

Faulting process id: 0x240

Faulting application start time: 0xwinamp.exe0

Faulting application path: winamp.exe1

Faulting module path: winamp.exe2

Report Id: winamp.exe3

 

Error: (10/15/2014 00:13:20 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/14/2014 04:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: winamp.exe, version: 5.6.2.3173, time stamp: 0x4e1b6f92

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x00038dc9

Faulting process id: 0x2584

Faulting application start time: 0xwinamp.exe0

Faulting application path: winamp.exe1

Faulting module path: winamp.exe2

Report Id: winamp.exe3

 

Error: (10/14/2014 04:27:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (10/14/2014 04:27:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (10/14/2014 06:32:14 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/14/2014 06:04:05 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (10/13/2014 01:56:40 PM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 

 

System errors:

=============

Error: (10/15/2014 11:34:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

 

Error: (10/15/2014 11:33:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 

%%2

 

Error: (10/15/2014 11:33:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMProtector service failed to start due to the following error: 

%%2

 

Error: (10/15/2014 11:31:26 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/15/2014 11:30:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 

%%5

 

Error: (10/15/2014 11:30:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 

%%5

 

Error: (10/15/2014 11:30:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 

%%5

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-06-10 12:30:16.276

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-06-10 12:30:16.261

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:43:50.588

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:43:50.573

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:16:01.266

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2012-03-24 12:16:01.253

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-15 00:37:04.879

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-15 00:37:04.866

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-12 21:47:56.933

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-10-12 21:47:56.923

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 40%

Total physical RAM: 7989.86 MB

Available physical RAM: 4786.99 MB

Total Pagefile: 24372.05 MB

Available Pagefile: 20640.54 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:450.77 GB) (Free:89.76 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (Kontakt Factory Selection) (CDROM) (Total:0.55 GB) (Free:0 GB) UDF

Drive g: (NFSMostWanted) (CDROM) (Total:2.18 GB) (Free:0 GB) CDFS

Drive h: (Oblivion) (CDROM) (Total:4.18 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1A001F58)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

You shouldn't install programs like this:

BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

 

http://www.systemlookup.com/CLSID/76027.html <------here's why

 

http://www.pcmag.com/article2/0,2817,2419549,00.asp

=======================================

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

=======================================

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg
  • Put a checkmark beside loaded modules.

    13040712472913819.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    tds2.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.




---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 01

Ran by Karric at 2014-10-15 13:41:54 Run:4

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Loaded Profiles: Karric (Available profiles: Karric)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

 

*****************

 

 

==== End of Fixlog ====

Link to post
Share on other sites

ComboFix 14-10-15.01 - Karric 10/15/2014  14:08:43.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7990.6137 [GMT -4:00]

Running from: c:\users\Karric\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Karric\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-09-15 to 2014-10-15  )))))))))))))))))))))))))))))))

.

.

2014-10-15 18:20 . 2014-10-15 18:20 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2014-10-15 18:20 . 2014-10-15 18:20 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-10-15 18:20 . 2014-10-15 18:20 -------- d-----w- c:\users\hedev\AppData\Local\temp

2014-10-15 18:20 . 2014-10-15 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-15 15:40 . 2014-10-15 18:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-15 15:40 . 2014-10-15 15:40 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

2014-10-15 15:40 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-15 15:40 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-15 15:40 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-10-15 14:15 . 2014-10-15 14:15 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-10-13 03:19 . 2014-10-13 03:19 -------- d-----w- c:\program files (x86)\ERUNT

2014-10-12 03:34 . 2014-10-12 03:34 12872 ----a-w- c:\windows\SysWow64\bootdelete.exe

2014-10-12 02:57 . 2014-10-12 03:34 30616 ----a-w- c:\windows\SysWow64\drivers\hitmanpro37.sys

2014-10-12 02:56 . 2014-10-12 02:56 -------- d-----w- c:\program files (x86)\HitmanPro

2014-10-06 16:53 . 2014-10-06 16:53 -------- d-----w- c:\users\Karric\AppData\Local\Zoom

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-14 08:52 . 2014-06-03 14:25 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys

2014-10-14 08:52 . 2014-06-02 14:58 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys

2014-10-14 08:52 . 2014-06-02 14:58 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2014-09-22 01:07 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 131248 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]

"HP Quick Launch"="c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe" [2010-11-09 586296]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]

.

c:\users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ    autocheck autochk *\0bootdelete

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys;c:\windows\SYSNATIVE\Drivers\lgandadb.sys [x]

R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]

R3 dump_wmimmc;dump_wmimmc; [x]

R3 EagleX64;EagleX64; [x]

R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

R3 wolf;wolf;c:\aeriagames\Wolfteam\avital\wolf64.sys;c:\aeriagames\Wolfteam\avital\wolf64.sys [x]

R3 X6va003;X6va003; [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]

R4 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]

R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]

R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]

R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

R4 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]

R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

R4 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

S3 NIWinCDEmu;ISO Mounter driver;c:\windows\system32\DRIVERS\NIWinCDEmu.sys;c:\windows\SYSNATIVE\DRIVERS\NIWinCDEmu.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-29 03:17]

.

2014-10-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

- c:\users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-26 06:08]

.

2014-10-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

- c:\users\Karric\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-26 06:08]

.

2014-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000Core.job

- c:\users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 20:31]

.

2014-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367337438-1720701193-187401372-1000UA.job

- c:\users\Karric\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 20:31]

.

2014-10-15 c:\windows\Tasks\HPCeeScheduleForKarric.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54 164016 ----a-w- c:\users\Karric\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-21 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-21 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-21 418328]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-02-15 1128448]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Karric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

FF - ProfilePath - c:\users\Karric\AppData\Roaming\Mozilla\Firefox\Profiles\rs5pcycc.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-21482505.sys

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f,

   be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:b8,4f,40,9f,10,ec,ce,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,e0,3a,83,d8,3b,ce,4b,b9,b3,de,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5c,e0,3a,83,d8,3b,ce,4b,b9,b3,de,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.13"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

.

**************************************************************************

.

Completion time: 2014-10-15  14:32:51 - machine was rebooted

ComboFix-quarantined-files.txt  2014-10-15 18:32

ComboFix2.txt  2014-06-10 16:50

.

Pre-Run: 101,608,652,800 bytes free

Post-Run: 101,425,152,000 bytes free

.

- - End Of File - - 3F41E94CCD8C1EF8BADE129CC0CC3872
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2014 01

Ran by Karric at 2014-10-15 14:35:09 Run:5

Running from C:\Users\Karric\Documents\Virus-TOOLS prevention

Loaded Profile: Karric (Available profiles: Karric)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

S3 dump_wmimmc; No ImagePath

S3 EagleX64; No ImagePath

S3 X6va003; No ImagePath

C:\Users\Karric\AppData\Local\Google\Desktop\Install

C:\Program Files (x86)\Google\Desktop\Install

C:\ProgramData\ghjwbvfr.fee

C:\ProgramData\jwo9ifa.fee

C:\ProgramData\rjod1wljw7t.fee

C:\Users\Karric\jagex_cl_runescape_LIVE.dat

C:\Users\Karric\jagex_cl_runescape_LIVE1.dat

C:\Users\Karric\jagex_cl_speccollect_LIVE.dat

C:\Users\Karric\random.dat

C:\Users\Karric\AppData\Local\Temp\4843824b80d9fb0259696bfb0b22a7a2.dll

C:\Users\Karric\AppData\Local\Temp\9ede8e7a9b9e414435cf68ad4886fe03.dll

C:\Users\Karric\AppData\Local\Temp\aacdec.exe

C:\Users\Karric\AppData\Local\Temp\avgnt.exe

C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxa9wqe.dll

C:\Users\Karric\AppData\Local\Temp\ffmpeg11.exe

C:\Users\Karric\AppData\Local\Temp\NGM.exe

C:\Users\Karric\AppData\Local\Temp\NGMDll.dll

C:\Users\Karric\AppData\Local\Temp\NGMResource.dll

C:\Users\Karric\AppData\Local\Temp\oggenc.exe

C:\Users\Karric\AppData\Local\Temp\vpsetup.exe

Task: {D350302A-D736-4E57-B7D9-5B500A53E8CB} - \AutoKMS No Task File <==== ATTENTION

*****************

 

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

C:\Program Files (x86)\IObit Apps Toolbar\FF not found.

dump_wmimmc => Service deleted successfully.

EagleX64 => Service deleted successfully.

X6va003 => Service deleted successfully.

C:\Users\Karric\AppData\Local\Google\Desktop\Install => Moved successfully.

C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

C:\ProgramData\ghjwbvfr.fee => Moved successfully.

C:\ProgramData\jwo9ifa.fee => Moved successfully.

C:\ProgramData\rjod1wljw7t.fee => Moved successfully.

C:\Users\Karric\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Karric\jagex_cl_runescape_LIVE1.dat => Moved successfully.

C:\Users\Karric\jagex_cl_speccollect_LIVE.dat => Moved successfully.

C:\Users\Karric\random.dat => Moved successfully.

"C:\Users\Karric\AppData\Local\Temp\4843824b80d9fb0259696bfb0b22a7a2.dll" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\9ede8e7a9b9e414435cf68ad4886fe03.dll" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\aacdec.exe" => File/Directory not found.

C:\Users\Karric\AppData\Local\Temp\avgnt.exe => Moved successfully.

"C:\Users\Karric\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxa9wqe.dll" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\ffmpeg11.exe" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\NGM.exe" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\NGMDll.dll" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\NGMResource.dll" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\oggenc.exe" => File/Directory not found.

"C:\Users\Karric\AppData\Local\Temp\vpsetup.exe" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D350302A-D736-4E57-B7D9-5B500A53E8CB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D350302A-D736-4E57-B7D9-5B500A53E8CB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/15/2014

Scan Time: 3:41:16 PM

Logfile: Mal.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.10.15.08

Rootkit Database: v2014.10.15.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Karric

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 364685

Time Elapsed: 39 min, 45 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Clean Good!

If there's no other problems........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.88  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Avira Desktop   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 60  

 Java 6 Update 31  

 Java version out of Date! 

 Adobe Reader 10.1.10 Adobe Reader out of Date!  

 Mozilla Firefox 15.0.1 Firefox out of Date!  

 Google Chrome 37.0.2062.120  

 Google Chrome 37.0.2062.124  

 Google Chrome plugins...  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


============================

Java™ 6 Update 31 <----pleaase uninstall if possible
Java 7 Update 60 <-----please update, should be Update 67
Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

If there's no update tab in Java, uninstall it and Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!!, McAfee Security Scan Plus or any other free "stuff".

=============================

Adobe Reader 10.1.10 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

============================

Mozilla Firefox 15.0.1 Firefox out of Date! <----please check for an update if available.

============================

A little clean up to do....

Please Uninstall ComboFix: (------->if you used it<-------)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.