Jump to content

Horrible dllhost.exe*32 Issue

chives

By chives
in Resolved Malware Removal Logs

 Share

Recommended Posts

chives

chives

Posted
Posted

Hi, I've been having a problem with dllhost.exe*32 starting tens of instances and restarting every few minutes after I have ended the correct process tree. This seems to need a personal fix, and it is an urgent matter for me to get my computer fixed ASAP, so any help would be extremely kind. 
Thank you for reading this and maybe helping out!

Here are the FRST scans of my computer. If anything else is needed, I'll be happy to oblige.
FRST.txt
Addition.txt

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

You have been compromised by the Poweliks infection. Consider the following warning please:

warning.gif Backdoor warning!

Unfortunately your machine seems to be heavy compromised by a Backdoor Trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files. My advice for this moment:

  • Disconnect this machine from the internet.
  • Change your online passwords from a well-known clean computer (not this one!).
  • It would be also wise to inform financial institutions about your situation - see here.

Many experts believe that the best action should be reformat and reinstall, but I think that we can still be able to clean this one and return it to its normal funcionality (with no security guarantee afterwards, as this is a very severe type of infection).

  • If you plan to rather reinstall your system, let me know if I could provide any help during that procedure.
  • If you wish to omit the reinstallation, just please proceed with the next steps directed.

I believe that we can kill this nasty bad guy thumbsup.gif

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Please post your logs, don't attach them. Attachments make my work harder. Use multiple posts if necessary.

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    > XP users click run after receipt of Windows Security Warning - Open File.

    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted

Sorry about that!
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Will (administrator) on SANIC on 17-10-2014 06:27:49
Running from C:\Users\Will\Desktop
Loaded Profile: Will (Available profiles: Will)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hi-Rez Studios) H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Broadcom Corporation.) C:\Program Files\ASUS\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) H:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-1065900218-815454683-988220776-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-09] (Valve Corporation)
HKU\S-1-5-21-1065900218-815454683-988220776-1000\...\Run: [spotify Web Helper] => C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-04] (Spotify Ltd)
HKU\S-1-5-21-1065900218-815454683-988220776-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Lsa: [Notification Packages] scecli C:\Program Files\ASUS\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ASUS\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> H:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCD78CB52FC62CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\7ck22wgb.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Will\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Will\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-06-06]
CHR Extension: (Google Docs) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
CHR Extension: (Google Drive) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (AdBlock) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-06]
CHR Extension: (avast! Online Security) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-06-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-06-06]
CHR Extension: (Adventure Time - Finn, Jake and BMO) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\klmgldhndejkhjokapdbmcldedofhabl [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]
CHR Extension: (Canvas Rider) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2013-06-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
R2 btwdins; C:\Program Files\ASUS\Bluetooth Software\btwdins.exe [1005944 2012-12-06] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-06-18] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
U2 HiPatchService; H:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2013-04-23] (Hi-Rez Studios) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)
S3 DAUpdaterSvc; H:\Program Files (x86)\SteamLibrary\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-24] (Broadcom Corporation.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\H:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 05:58 - 2014-10-17 05:58 - 00027449 _____ () C:\ComboFix.txt
2014-10-17 05:51 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-17 05:51 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-17 05:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-17 05:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-17 05:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-17 05:51 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-17 05:51 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-17 05:51 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-17 05:48 - 2014-10-17 05:58 - 00000000 ____D () C:\Qoobox
2014-10-17 05:48 - 2014-10-17 05:57 - 00000000 ____D () C:\Windows\erdnt
2014-10-17 05:47 - 2014-10-17 05:47 - 05583559 ____R (Swearware) C:\Users\Will\Desktop\ComboFix.exe
2014-10-17 05:18 - 2014-10-17 05:18 - 00044736 _____ () C:\Users\Will\Desktop\Addition.txt
2014-10-17 05:17 - 2014-10-17 06:27 - 00020467 _____ () C:\Users\Will\Desktop\FRST.txt
2014-10-17 05:08 - 2014-10-17 01:59 - 02112000 _____ (Farbar) C:\Users\Will\Desktop\FRST64.exe
2014-10-17 04:38 - 2014-10-17 04:39 - 00002032 _____ () C:\Users\Will\Desktop\Rkill.txt
2014-10-17 04:38 - 2014-10-17 04:37 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Will\Desktop\rkill.com
2014-10-17 04:34 - 2014-10-17 04:34 - 00003408 ____N () C:\bootsqm.dat
2014-10-17 04:33 - 2014-10-17 04:33 - 00000000 ____D () C:\found.000
2014-10-17 04:15 - 2014-10-17 05:38 - 00000000 ____D () C:\AdwCleaner
2014-10-17 04:12 - 2014-10-17 04:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-17 02:57 - 2007-06-04 02:10 - 00000660 _____ () C:\Users\Will\Desktop\InstallTakeOwnership.reg
2014-10-17 02:57 - 2007-05-07 00:05 - 00000250 _____ () C:\Users\Will\Desktop\RemoveTakeOwnership.reg
2014-10-17 02:00 - 2014-10-17 02:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-17 01:59 - 2014-10-17 06:27 - 00000000 ____D () C:\FRST
2014-10-17 00:18 - 2014-10-17 03:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-17 00:18 - 2014-10-17 00:18 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-17 00:18 - 2014-10-17 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-17 00:18 - 2014-10-17 00:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-17 00:18 - 2014-10-17 00:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-17 00:18 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-17 00:18 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-17 00:18 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-17 00:08 - 2014-10-17 00:32 - 00000000 ____D () C:\Users\Will\Desktop\Parts4and5
2014-10-17 00:08 - 2014-10-17 00:08 - 00000000 ____D () C:\Users\Will\AppData\OICE_15_974FA576_32C1D314_1284
2014-10-16 18:05 - 2014-10-16 18:05 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Oracle
2014-10-16 03:02 - 2014-10-16 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 00:49 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 00:49 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 00:49 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 00:49 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 00:49 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 00:49 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 00:49 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 00:49 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 00:49 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 00:49 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 00:49 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 00:49 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 00:49 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 00:49 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 00:49 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 00:49 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 00:49 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 00:49 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 00:49 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 00:49 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 00:49 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 00:49 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 00:49 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 00:49 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 00:49 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 00:49 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 00:49 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 00:49 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 00:49 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 00:49 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 00:49 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 00:49 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 00:49 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 00:49 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 00:49 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 00:49 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 00:49 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 00:49 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 00:49 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 00:49 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 00:49 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 00:49 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 00:49 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 00:49 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 00:49 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 00:49 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 00:49 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 00:49 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 00:49 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 00:49 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 00:49 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 00:49 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 00:49 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 00:49 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 00:49 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 00:49 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 00:49 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 00:49 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 00:48 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 00:48 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 00:48 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 00:48 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 00:48 - 2014-07-16 22:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 00:48 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 00:48 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 00:48 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 00:48 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 00:48 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 00:48 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 00:48 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 00:48 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 00:48 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 00:48 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 00:48 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-16 00:48 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-16 00:48 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-16 00:48 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-16 00:48 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-16 00:48 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-16 00:48 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-16 00:48 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-10 05:53 - 2014-10-10 05:53 - 00000493 _____ () C:\Users\Will\Desktop\MCNP+Visualization+Instructions.txt
2014-10-06 03:37 - 2014-10-14 23:47 - 00053412 _____ () C:\Users\Will\Desktop\Project_1.EES
2014-10-06 02:47 - 2014-10-15 00:14 - 00045950 _____ () C:\Users\Will\Desktop\Project1_DATA.xlsx
2014-10-05 11:14 - 2014-10-06 02:46 - 00001625 _____ () C:\Users\Will\Desktop\Project1_DATA.csv
2014-09-28 03:11 - 2014-09-28 03:11 - 00000821 _____ () C:\Users\Will\Desktop\Mumble.lnk
2014-09-26 08:08 - 2014-09-26 08:08 - 00000000 ____D () C:\Users\Will\Documents\OneNote Notebooks
2014-09-24 00:25 - 2014-09-24 00:25 - 00000000 ____D () C:\Windows\MicroShield 9
2014-09-24 00:25 - 2014-09-24 00:25 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grove Software
2014-09-24 00:25 - 2014-09-24 00:25 - 00000000 ____D () C:\Program Files (x86)\MicroShield 9
2014-09-19 23:51 - 2014-09-19 23:51 - 00002377 _____ () C:\Users\Will\Documents\MumbleAutomaticCertificateBackup.p12
2014-09-19 23:46 - 2014-10-05 15:46 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Mumble
2014-09-19 23:42 - 2014-09-19 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-09-19 22:54 - 2014-09-19 22:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-19 22:54 - 2014-09-19 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-19 22:08 - 2014-09-19 22:08 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-19 22:08 - 2014-09-13 16:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-19 22:07 - 2014-09-17 00:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-09-19 22:07 - 2014-09-17 00:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-19 22:07 - 2014-09-13 19:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-19 22:07 - 2014-09-13 19:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-19 21:13 - 2014-09-04 15:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-09-19 21:13 - 2014-09-04 15:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-09-17 18:22 - 2014-09-17 18:22 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EES
2014-09-17 18:22 - 2014-09-17 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EES
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 06:27 - 2014-06-03 18:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000UA.job
2014-10-17 06:27 - 2013-12-12 13:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 06:06 - 2013-06-06 17:14 - 01837028 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 05:58 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-17 05:57 - 2014-01-10 00:52 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sanic-Will Sanic
2014-10-17 05:57 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 05:52 - 2009-07-14 00:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 05:52 - 2009-07-14 00:45 - 00020480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 05:51 - 2013-06-06 18:23 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-17 05:51 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 05:47 - 2013-12-28 21:00 - 00007664 _____ () C:\Users\Will\AppData\Local\Resmon.ResmonCfg
2014-10-17 05:45 - 2014-07-20 00:39 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-17 05:45 - 2013-06-06 17:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-17 05:45 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 05:45 - 2009-07-14 00:51 - 00163780 _____ () C:\Windows\setupact.log
2014-10-17 05:38 - 2010-11-20 23:47 - 00805778 _____ () C:\Windows\PFRO.log
2014-10-17 04:44 - 2014-07-20 00:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 04:36 - 2013-06-11 13:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-17 03:27 - 2014-03-18 17:32 - 00003584 ___SH () C:\Users\Will\Thumbs.db
2014-10-17 00:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PLA
2014-10-16 23:59 - 2013-06-06 17:56 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Skype
2014-10-16 23:25 - 2013-12-06 12:00 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-16 23:25 - 2013-11-20 02:03 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-16 23:22 - 2013-11-20 02:03 - 00281688 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-16 23:19 - 2014-07-21 16:59 - 00000000 ____D () C:\Users\Will\Documents\Euro Truck Simulator 2
2014-10-16 18:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 18:10 - 2014-06-03 18:58 - 00002422 _____ () C:\Users\Will\Desktop\Google Chrome Canary.lnk
2014-10-16 18:05 - 2013-10-17 10:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 17:51 - 2009-07-14 00:45 - 00437848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 03:02 - 2013-08-01 07:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:00 - 2013-06-07 20:27 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 18:29 - 2014-06-03 18:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000Core.job
2014-10-14 14:21 - 2013-09-01 19:37 - 00000000 ____D () C:\Users\Will\Desktop\Syl-HW
2014-10-14 12:26 - 2014-05-18 21:08 - 00000000 ____D () C:\Users\Will\Documents\MATLAB
2014-10-10 18:30 - 2013-10-21 02:38 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Audacity
2014-10-06 20:39 - 2014-05-20 16:42 - 00000000 ____D () C:\Users\Will\AppData\Local\Microsoft Help
2014-09-25 13:11 - 2013-06-06 23:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-24 12:21 - 2013-12-12 13:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 12:21 - 2013-06-06 17:26 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 12:21 - 2013-06-06 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-22 21:54 - 2009-07-14 01:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-19 22:54 - 2014-03-21 09:40 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-19 22:54 - 2013-06-06 17:56 - 00000000 ____D () C:\ProgramData\Skype
2014-09-19 22:08 - 2013-10-09 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 22:08 - 2013-06-06 17:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 21:14 - 2013-06-06 17:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-17 00:51 - 2014-01-22 18:54 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
 
Files to move or delete:
====================
C:\Users\Will\mcnp_env.bat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 18:38
 
==================== End Of Log ============================
Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014

Ran by Will at 2014-10-17 06:28:04

Running from C:\Users\Will\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome (HKLM-x32\...\Steam App 15560) (Version:  - Dejobaan Games, LLC)

Abyss Odyssey (HKLM-x32\...\Steam App 255070) (Version:  - ACE Team)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)

Antichamber (HKLM\...\UDK-5fe3d2e2-3981-4df6-9f08-d633d3d66103) (Version:  - Epic Games, Inc.)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)

ASUS Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - ASUS)

Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)

Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

Bad Hotel (HKLM-x32\...\Steam App 231720) (Version:  - Lucky Frame)

Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)

BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)

Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)

BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap Games Inc)

Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)

CDisplayEx 1.9.7 (HKLM\...\CDisplayEx_is1) (Version:  - cdisplayex.com)

Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)

Computer-Aided Thermodynamic Tables 3 (HKLM-x32\...\Catt3) (Version:  - )

Costume Quest (HKLM-x32\...\Steam App 115100) (Version:  - Double Fine Productions)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)

Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)

DEFCON (HKLM-x32\...\Steam App 1520) (Version:  - Introversion Software)

Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)

DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)

Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)

Divekick (HKLM-x32\...\Steam App 244730) (Version:  - Iron Galaxy Studios)

DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version:  - Ninja Theory)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)

EES - Engineering Equation Solver (HKLM-x32\...\EES - Engineering Equation Solver) (Version: 9.6 - F-Chart Software)

Eets (HKLM-x32\...\Steam App 6100) (Version:  - Klei Entertainment)

Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)

Evoland (HKLM-x32\...\Steam App 233470) (Version:  - Shiro Games)

Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)

F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )

Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)

Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)

FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)

Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version:  - Mode 7)

FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)

Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)

GOG.com Beyond Good and Evil (HKLM\...\{de495fd2-006f-494f-8a94-467eabd400ce}.sdb) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)

Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 40.0.2191.0 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Gratuitous Space Battles (HKLM-x32\...\Steam App 41800) (Version:  - Positech Games)

Gratuitous Tank Battles (HKLM-x32\...\Steam App 205530) (Version:  - Positech Games)

Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)

Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)

Hack, Slash, Loot (HKLM-x32\...\Steam App 207430) (Version:  - David Williamson)

Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)

Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)

Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)

Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)

iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )

Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version:  - NetherRealm Studios)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Jack Lumber (HKLM-x32\...\Steam App 220900) (Version:  - Owlchemy Labs)

Joe Danger 2: The Movie (HKLM-x32\...\Steam App 242110) (Version:  - Hello Games)

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)

Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)

LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )

La-Mulana (HKLM-x32\...\Steam App 230700) (Version:  - NIGORO)

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)

LEGO Batman 2 (HKLM-x32\...\Steam App 213330) (Version:  - TT Games)

Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)

Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version:  - Klei Entertainment)

MATLAB R2013a (HKLM\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)

Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)

Megabyte Punch 1.0 (HKLM-x32\...\Megabyte Punch 1.0) (Version: 1.0 - Cat-A-Cat)

METAL GEAR RISING: REVENGEANCE (HKLM-x32\...\Steam App 235460) (Version:  - PlatinumGames)

Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)

Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)

Miasmata (HKLM-x32\...\Steam App 223510) (Version:  - )

MicroShield 9 (HKLM-x32\...\MicroShield 9) (Version: 9.07 - Grove Software)

Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden

Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)

Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

mirkes.de Tiny Hexer (HKLM-x32\...\{CC399A03-4695-432E-AE6E-BB450DDE5248}_is1) (Version: 1.8 - markus stephany)

Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

MurGee Auto Mouse Click 1.0 (HKLM-x32\...\{22300F72-8BFC-4BCA-881A-2D2234979FBB}_is1) (Version: 1.0 - MurGee.com)

MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)

Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)

Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140806.90000 - Square Enix Ltd)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA Control Panel 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden

Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Oil Rush (HKLM-x32\...\Steam App 200390) (Version:  - )

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)

Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)

Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )

Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)

PixelJunk Eden (HKLM-x32\...\Steam App 105800) (Version:  - Q-Games, Ltd.)

Poke (HKLM-x32\...\{FC9F924E-9472-45F1-980D-8267E47AA054}) (Version: 2.0.1 - CodeFromThe70s.org)

PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)

Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)

Psychonauts (HKLM-x32\...\Steam App 3830) (Version:  - Double Fine Productions)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)

Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.1.59.0 - Razer Inc.)

Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)

Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)

Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)

Retro City Rampage™ (HKLM-x32\...\Steam App 204630) (Version:  - Vblank Entertainment, Inc.)

Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)

Rochard (HKLM-x32\...\Steam App 107800) (Version:  - Recoil Games)

Rock of Ages (HKLM-x32\...\Steam App 22230) (Version:  - ACE Team)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)

Rogue Warrior (HKLM-x32\...\Steam App 22310) (Version:  - Rebellion)

RollerCoaster Tycoon 2 Triple Thrill Pack (HKLM-x32\...\GOGPACKRCT2_is1) (Version: 2.0.0.6 - GOG.com)

Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)

S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)

Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)

Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version:  - Mommy's Best Games)

Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version:  - Croteam)

Shank (HKLM-x32\...\Steam App 6120) (Version:  - Klei Entertainment)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version:  - Croteam)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

Snuggle Truck (HKLM-x32\...\Steam App 111100) (Version:  - Owlchemy Labs)

Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)

Speccy (HKLM\...\Speccy) (Version: 1.23 - Piriform)

Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )

Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)

State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Strike Suit Zero: Director's Cut (HKLM-x32\...\Steam App 288370) (Version:  - Born Ready Games)

Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)

Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)

System Requirements Lab (Test) (HKLM-x32\...\{9BFD3F1F-E5FD-4358-988F-FC9A9446286D}) (Version: 6.0.3.0 - Husdawg, LLC)

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)

The Basement Collection (HKLM-x32\...\Steam App 214790) (Version:  - Edmund McMillen, Tyler Glaiel)

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Typing of The Dead: Overkill (HKLM-x32\...\Steam App 246580) (Version:  - Modern Dream)

The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)

Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - )

Tixati (HKLM-x32\...\tixati) (Version:  - )

Toki Tori (HKLM-x32\...\Steam App 38700) (Version:  - Two Tribes)

Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)

Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)

Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)

Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)

Uplay (HKLM-x32\...\Uplay) (Version: 4.0 - Ubisoft)

Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)

User's Guides (HKLM\...\{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}) (Version: 1.20.0000 - Logitech)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

VVVVVV (HKLM-x32\...\Steam App 70300) (Version:  - Terry Cavanagh)

Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

WinRAR 5.00 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.5 - win.rar GmbH)

Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)

XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1065900218-815454683-988220776-1000_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Will\AppData\Local\Google\Chrome SxS\Application\40.0.2191.0\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1065900218-815454683-988220776-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1065900218-815454683-988220776-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1065900218-815454683-988220776-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Will\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

17-10-2014 08:11:51 Removed Java 7 Update 71

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 22:34 - 2014-10-17 05:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {14470464-EA40-4D23-8EE2-6C93BA512A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {196402C8-2E21-4321-BA1E-5A5B6BBE6316} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)

Task: {5652EEAF-10F5-49DA-931D-9F69670665AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {740E8FE7-5CBD-4482-A04B-247F022C2CDA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sanic-Will Sanic => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)

Task: {86766A23-F2D2-407C-8AAB-7B1380BDA81C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000UA => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)

Task: {B2543C6B-10A6-43F3-B19C-3B4D73EAA5AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000Core => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)

Task: {C1365A65-04F0-4220-B61F-B37FDD19AE00} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)

Task: {D66E8A03-F227-4643-9812-27ACDD5C83D5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)

Task: {D6EDFBDE-D477-4183-821B-759DA2B55C81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-20] (Google Inc.)

Task: {DFDBBFD5-3C0B-4A55-A6F4-FD1AFD3F3E97} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-29] (Microsoft Corporation)

Task: {E85CD1E4-7058-457E-96DA-1F07BAD095AE} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe

Task: {EB57AAFE-8FFD-4D28-B35C-7049794B1CBF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000Core.job => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1065900218-815454683-988220776-1000UA.job => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-06-06 17:26 - 2014-09-13 17:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-03-20 13:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-11-20 02:03 - 2013-12-21 23:01 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-08-29 01:08 - 2014-09-25 12:12 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2014-08-06 11:20 - 2014-08-06 11:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-10-16 17:52 - 2014-10-16 17:52 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101601\algo.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-13 18:24 - 2014-09-25 12:11 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2014-08-06 11:20 - 2014-08-06 11:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-16 18:18 - 2014-10-16 18:18 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll

2013-06-06 17:32 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-08-29 01:08 - 2014-09-25 12:12 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2014-09-24 22:46 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll

2014-09-24 22:46 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll

2014-09-24 22:46 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll

2014-09-24 22:46 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll

2014-09-24 22:46 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1065900218-815454683-988220776-500 - Administrator - Disabled)

Guest (S-1-5-21-1065900218-815454683-988220776-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1065900218-815454683-988220776-1002 - Limited - Enabled)

Will (S-1-5-21-1065900218-815454683-988220776-1000 - Administrator - Enabled) => C:\Users\Will

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1244561

 

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1244561

 

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1237556

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1237556

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5133

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5133

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:06:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4103

 

 

System errors:

=============

Error: (10/17/2014 06:26:56 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (10/17/2014 05:57:03 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (10/17/2014 05:56:33 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

Error: (10/17/2014 05:54:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (10/17/2014 05:46:18 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/17/2014 04:50:37 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/17/2014 04:35:20 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/17/2014 04:34:47 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:30:52 AM on ‎10/‎17/‎2014 was unexpected.

 

Error: (10/17/2014 04:20:58 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (10/17/2014 04:20:24 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:19:19 AM on ‎10/‎17/‎2014 was unexpected.

 

 

Microsoft Office Sessions:

=========================

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1244561

 

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1244561

 

Error: (10/17/2014 06:27:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1237556

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1237556

 

Error: (10/17/2014 06:26:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5133

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5133

 

Error: (10/17/2014 06:06:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (10/17/2014 06:06:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4103

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-10-17 05:56:33.677

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-10-17 05:56:33.621

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-3570K CPU @ 3.40GHz

Percentage of memory in use: 17%

Total physical RAM: 8141.63 MB

Available physical RAM: 6740.96 MB

Total Pagefile: 16281.43 MB

Available Pagefile: 13707.69 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:19.76 GB) NTFS

Drive h: (New Volume) (Fixed) (Total:931.51 GB) (Free:206.86 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 712F2397)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 66CDD2C0)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

No worries :)



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.

To perform the scan:

  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!

Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/17/2014
Scan Time: 6:36:36 AM
Logfile: MalwareBytesLog.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.17.02
Rootkit Database: v2014.10.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Will
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327122
Time Elapsed: 3 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)







ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bf0135be898ec14a9387d55b3b1af3f8
# engine=20646
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-17 06:29:42
# local_time=2014-10-17 02:29:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 177026272 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165070832 0 0
# scanned=5968
# found=0
# cleaned=0
# scan_time=196
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bf0135be898ec14a9387d55b3b1af3f8
# engine=20646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-17 06:52:19
# local_time=2014-10-17 02:52:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 177027629 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 165072189 0 0
# scanned=22934
# found=2
# cleaned=0
# scan_time=932
sh=B20B0BD8E5CDD280C5DC922FFD896DF50D208CB7 ft=1 fh=59ddf8c2c6946d84 vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=bf0135be898ec14a9387d55b3b1af3f8
# engine=20646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-17 12:56:56
# local_time=2014-10-17 08:56:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 0 177049506 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 165094066 0 0
# scanned=826570
# found=5
# cleaned=0
# scan_time=7954
sh=B20B0BD8E5CDD280C5DC922FFD896DF50D208CB7 ft=1 fh=59ddf8c2c6946d84 vn="a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat"
sh=9885328E24C1A20ADB8C20C29DA8DCC001953387 ft=1 fh=5463d3a99fbd52e3 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="H:\Downloads\FreeVideoToMP3Converter.exe"
sh=D22C1F17C1E011B17C629720891D5F941DD11CFF ft=1 fh=62fb8a81edf1092f vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="H:\Downloads\PowerISO5-x64.exe"
sh=B727D2434A9F8CB574E764D318E8E2DFC754E711 ft=1 fh=05a6130f7208080d vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="H:\Downloads\VLCv213.exe"
Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Manually delete these:

H:\Downloads\FreeVideoToMP3Converter.exe

H:\Downloads\PowerISO5-x64.exe

H:\Downloads\VLCv213.exe

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.
Please include the content of that document.
Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Google Chrome 37.0.2062.120  

 Google Chrome 37.0.2062.124  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Ok, apparently there are some more settings broken.

FarbarServiceScanner.png Scan with Farbar Service Scanner

Download Farbar Service Scanner by Farbar and save it to your desktop.

  • Right-click on FarbarServiceScanner.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure all of the options are checked!
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
Please include that log in your next reply.
Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted
Farbar Service Scanner Version: 21-07-2014

Ran by Will (administrator) on 17-10-2014 at 11:38:35

Running from "C:\Users\Will\Desktop"

Microsoft Windows 7 Ultimate  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.89  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Google Chrome 37.0.2062.120  

 Google Chrome 37.0.2062.124  

````````Process Check: objlist.exe by Laurent````````  

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 27% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

Good. Mind the big red info about HDD defragmentation.

51a5ce45263de-delfix.png Clean with DelFix

Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.

Link to post
Share on other sites
chives

chives

Posted
  • Author
Posted

I saw that message, haha. I do have an SSD so it isn't a problem. :)
 

# DelFix v10.8 - Logfile created 17/10/2014 at 11:53:27
# Updated 29/07/2014 by Xplode
# Username : Will - SANIC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.3.0.0.40_17.10.2014_01.58.07_log.txt
Deleted : C:\Users\Will\Desktop\Addition.txt
Deleted : C:\Users\Will\Desktop\ComboFix.exe
Deleted : C:\Users\Will\Desktop\Fixlog.txt
Deleted : C:\Users\Will\Desktop\FRST.txt
Deleted : C:\Users\Will\Desktop\FRST64.exe
Deleted : C:\Users\Will\Desktop\FSS.exe
Deleted : C:\Users\Will\Desktop\FSS.txt
Deleted : C:\Users\Will\Desktop\rkill.com
Deleted : C:\Users\Will\Desktop\Rkill.txt
Deleted : C:\Users\Will\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
 
~ Cleaning system restore ...
 
Deleted : RP #295 [Removed Java 7 Update 71 | 10/17/2014 08:11:51]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########
Link to post
Share on other sites
Naathim

Naathim

Posted
Posted

So it's time to farewell! Your machine appears to be clean :)

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:

icon_exclaim.gifMUST READ - security tips: Computer Security - a short guide to staying safer online.

icon_exclaim.gifMUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:

icon_arrow.gifTFC - to clean unneeded temporary files.

icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

icon_arrow.gifMcShield - to prevent infections spread by removable media.

icon_arrow.gifCryptoPrevent - to secure yourself from very severe CryptoLocker infection.

icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.

Minion-Bye-smaller.jpg

Stay safe,

Naat :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.