Multiple Dczlytno.exe 100% cpu FRST LOGS

Clemintine · October 28, 2014

Just got my computer running great a few days ago. (com sur. prob.) now its doing a similar thing, but now it says Dczlytno.exe from Google Chrome. Just like last time malwarebytes makes the computer crash while its infected. Here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by heather (administrator) on HEATHER-PC on 27-10-2014 22:37:30
Running from G:\
Loaded Profile: heather (Available profiles: heather)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wondershare) C:\Program Files (x86)\Aimersoft\DVD Studio Pack\VideoConverter\Update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe
(Google Inc.) C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\Dczlytno.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-10] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-10] (Lenovo)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. )
HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. )
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-10] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2013-03-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-19] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1250407604-4015208075-2797906648-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1250407604-4015208075-2797906648-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-1250407604-4015208075-2797906648-1000\...\Run: [uevmgjtfj] => regsvr32.exe /s "C:\Users\heather\AppData\Local\THQ\uevmgjtfj.dll" <===== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avast&type=iedef
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {033F6043-4A7B-4EC7-94B3-F0CB40474BBE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS474
SearchScopes: HKCU - {AEA4BDF3-D922-4A12-B18E-437E7734F485} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120521,17118,0,18,0
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - No Name - !{338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
Toolbar: HKLM-x32 - No Name - !{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - No File
Toolbar: HKLM-x32 - No Name - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKLM-x32 - No Name - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Feeding%20Frenzy%202/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Feeding%20Frenzy%202/Images/armhelper.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @ei.MyWebFace_5a.com/Plugin -> C:\Program Files (x86)\MyWebFace_5aEI\Installr\1.bin\NP5aEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\heather\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\heather\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\heather\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\heather\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\heather\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: facebook.com/fbDesktopPlugin -> C:\Users\heather\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\heather\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\heather\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-10]
FF HKLM-x32\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\heather\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-03-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-18]
FF HKCU\...\Firefox\Extensions: [auto-update@mozilla.org] - C:\Users\heather\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaUpdate

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\heather\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\heather\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Facebook Desktop) - C:\Users\heather\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-17]
CHR Extension: (avast! Online Security) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-18]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-03-07]
CHR Extension: (Google Wallet) - C:\Users\heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-05]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2013-03-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-05] (AVAST Software)
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-04] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-09] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-05] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-09-13] (Disc Soft Ltd)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-05-04] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-09-07] ()
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U2 nvUpdatusService; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 19:04 - 2014-10-27 19:07 - 00000000 ____D () C:\Users\heather\Documents\doom ps1
2014-10-27 19:00 - 2014-10-27 19:00 - 199017040 _____ () C:\Users\heather\Downloads\Doom.7z
2014-10-27 15:11 - 2014-10-27 15:11 - 390873994 _____ () C:\Users\heather\Downloads\Driver 2 (Disc 1) (v1.1).7z
2014-10-27 13:45 - 2014-10-27 13:46 - 00000000 ____D () C:\Users\heather\AppData\Local\WinZip
2014-10-27 13:45 - 2014-10-27 13:46 - 00000000 ____D () C:\ProgramData\WinZip
2014-10-27 13:45 - 2014-10-27 13:45 - 00002287 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-10-27 13:45 - 2014-10-27 13:45 - 00002281 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-10-27 13:45 - 2014-10-27 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-10-27 13:45 - 2014-10-27 13:45 - 00000000 ____D () C:\Program Files\WinZip
2014-10-27 13:44 - 2014-10-27 13:44 - 00000000 ____D () C:\Program Files\File Association Helper
2014-10-27 00:11 - 2014-10-27 00:11 - 458881388 _____ () C:\Users\heather\Documents\Tekken 3.7z
2014-10-26 17:58 - 2014-10-26 17:58 - 59818056 _____ () C:\Users\heather\Desktop\THE BEG.wav
2014-10-26 17:53 - 2014-10-26 17:53 - 59146312 _____ () C:\Users\heather\Desktop\THE END.wav
2014-10-25 11:17 - 2014-10-25 11:17 - 00000709 _____ () C:\DelFix.txt
2014-10-25 08:34 - 2014-10-25 08:34 - 00000000 ____D () C:\windows\ERUNT
2014-10-25 08:18 - 2014-10-25 11:17 - 00000000 ____D () C:\AdwCleaner
2014-10-25 08:10 - 2014-10-25 08:10 - 00026394 _____ () C:\Users\heather\Downloads\Tetris.zip
2014-10-25 08:07 - 2014-10-25 08:07 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-25 00:04 - 2014-10-25 11:12 - 00000000 ____D () C:\windows\erdnt
2014-10-24 17:15 - 2014-10-24 17:15 - 00002776 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-10-24 14:52 - 2014-10-26 21:35 - 00000000 ____D () C:\Users\heather\AppData\Local\CrashDumps
2014-10-24 14:22 - 2014-10-24 14:37 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-24 14:22 - 2014-10-24 14:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-24 14:12 - 2014-10-27 22:37 - 00000000 ____D () C:\FRST
2014-10-24 10:58 - 2014-10-24 10:59 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-23 18:28 - 2014-10-23 18:28 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core1cfef1910e70a47.job
2014-10-23 18:15 - 2014-10-23 18:15 - 00694174 _____ () C:\Users\heather\Documents\cc_20141023_181450.reg
2014-10-23 18:02 - 2014-10-23 18:02 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-23 18:02 - 2014-10-23 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-23 18:01 - 2014-10-23 18:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-23 13:59 - 2014-10-23 13:59 - 00000000 ____D () C:\SUPERDelete
2014-10-23 13:38 - 2014-10-23 13:38 - 00000000 ____D () C:\Users\heather\AppData\Roaming\SUPERAntiSpyware.com
2014-10-23 13:38 - 2014-10-23 13:38 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-22 17:56 - 2014-10-22 17:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 01:07 - 2014-10-21 01:07 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfecf542b9e938.job
2014-10-20 15:36 - 2014-10-20 15:36 - 00000000 ____D () C:\Program Files (x86)\Toontrack
2014-10-19 19:48 - 2014-10-19 19:48 - 127443044 _____ () C:\Users\heather\Desktop\Spirit of Destiny track 1.wav
2014-10-18 08:34 - 2014-10-18 08:34 - 00001413 _____ () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-18 08:04 - 2014-10-18 08:05 - 00000397 _____ () C:\Users\heather\Desktop\mitch song lyrics.txt
2014-10-10 23:11 - 2014-10-10 23:12 - 09223924 _____ () C:\Users\heather\Desktop\get on pre vid.wmv
2014-10-10 22:26 - 2014-10-10 22:26 - 22519852 _____ () C:\Users\heather\Desktop\get on preview.wav
2014-10-08 19:08 - 2014-04-07 09:45 - 00000000 ____D () C:\Users\heather\Desktop\New folder
2014-09-29 17:29 - 2014-09-29 17:30 - 08299585 _____ () C:\Users\heather\Desktop\This music pre vid.wmv
2014-09-29 17:03 - 2014-09-29 17:03 - 00754809 _____ () C:\Users\heather\Desktop\This music.wma
2014-09-29 08:46 - 2014-09-29 08:46 - 01100480 _____ () C:\windows\Minidump\092914-55754-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-27 22:36 - 2009-07-14 00:13 - 00780196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-27 22:35 - 2012-02-10 21:06 - 01571529 _____ () C:\windows\WindowsUpdate.log
2014-10-27 22:34 - 2012-02-10 21:44 - 03957647 _____ () C:\FaceProv.log
2014-10-27 22:31 - 2012-02-10 21:44 - 00000000 ____D () C:\ProgramData\VeriFace
2014-10-27 22:30 - 2012-02-10 21:58 - 00485208 _____ () C:\windows\system32\fastboot.set
2014-10-27 22:30 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-27 22:30 - 2009-07-13 23:51 - 00222965 _____ () C:\windows\setupact.log
2014-10-27 22:21 - 2010-11-20 22:47 - 00318454 _____ () C:\windows\PFRO.log
2014-10-27 22:06 - 2012-02-10 21:54 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 21:50 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 21:50 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 21:40 - 2012-07-31 03:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 21:39 - 2012-04-16 11:22 - 00000936 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000UA.job
2014-10-27 21:39 - 2012-04-16 11:22 - 00000914 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core.job
2014-10-27 21:32 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-27 21:21 - 2013-09-03 13:11 - 00000000 ____D () C:\Users\heather\AppData\Local\THQ
2014-10-27 14:09 - 2009-07-14 00:08 - 00032566 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-10-26 19:00 - 2012-03-10 05:46 - 00000000 ____D () C:\Users\heather\Documents\My Recordings
2014-10-26 18:01 - 2014-09-11 15:35 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Audacity
2014-10-26 11:15 - 2013-03-08 16:36 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-10-26 11:12 - 2012-03-09 05:49 - 00000000 ____D () C:\Users\heather
2014-10-26 11:11 - 2013-08-17 23:40 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-10-26 11:11 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-10-25 19:16 - 2013-08-17 23:40 - 00000000 ____D () C:\Users\heather\AppData\Roaming\DAEMON Tools Lite
2014-10-25 13:13 - 2012-03-09 05:52 - 00000000 ____D () C:\Users\heather\AppData\Local\Deployment
2014-10-25 10:01 - 2012-05-28 03:10 - 00000000 ___RD () C:\Users\heather\Desktop\desktop games
2014-10-25 08:25 - 2012-07-30 18:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-25 07:40 - 2012-07-31 03:51 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-10-25 07:40 - 2012-07-31 03:51 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-10-25 07:40 - 2012-07-30 19:31 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-25 07:25 - 2012-03-09 05:52 - 00000000 ____D () C:\Users\heather\AppData\Local\Apps\2.0
2014-10-25 07:25 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-10-25 07:21 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-10-25 01:42 - 2009-07-13 21:34 - 78381056 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-10-25 01:42 - 2009-07-13 21:34 - 24903680 _____ () C:\windows\system32\config\SYSTEM.bak
2014-10-25 01:42 - 2009-07-13 21:34 - 00524288 _____ () C:\windows\system32\config\DEFAULT.bak
2014-10-25 01:42 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-10-25 01:42 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-10-25 00:44 - 2012-02-10 21:47 - 00000000 ____D () C:\ProgramData\Temp
2014-10-24 23:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-24 17:13 - 2012-03-09 06:16 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-10-24 16:55 - 2012-10-30 18:09 - 00000000 ____D () C:\ProgramData\Solidshield
2014-10-24 13:06 - 2012-03-30 09:42 - 00000000 ____D () C:\ProgramData\InstallMate
2014-10-24 12:01 - 2014-05-18 11:36 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-24 12:01 - 2013-06-27 11:15 - 00000000 ____D () C:\Program Files\Adobe
2014-10-24 12:01 - 2012-02-10 21:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-24 12:00 - 2012-02-10 21:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-24 10:21 - 2014-01-18 16:06 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-10-24 10:13 - 2012-03-09 05:51 - 00000000 ____D () C:\Users\heather\AppData\Local\BioExcess
2014-10-24 10:13 - 2012-03-09 05:49 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-10-23 19:13 - 2012-02-10 21:55 - 00000000 ____D () C:\Program Files\Google
2014-10-23 19:13 - 2012-02-10 21:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-23 18:50 - 2012-02-10 21:46 - 00000000 __HDC () C:\ProgramData\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
2014-10-23 18:43 - 2013-12-09 13:45 - 00000000 ____D () C:\windows\SysWOW64\FSIM2013Unin
2014-10-23 18:43 - 2013-12-09 13:45 - 00000000 ____D () C:\Games
2014-10-23 18:38 - 2012-06-28 15:26 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-23 18:28 - 2014-06-21 02:08 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core.job
2014-10-23 18:19 - 2012-03-09 05:52 - 00000000 ____D () C:\Users\heather\AppData\Local\Google
2014-10-23 18:19 - 2012-02-10 21:54 - 00000000 ____D () C:\ProgramData\Google
2014-10-23 17:37 - 2013-08-26 21:46 - 00000000 ____D () C:\Users\heather\Desktop\WinRAR
2014-10-23 13:23 - 2014-06-25 18:07 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Forest 1.0
2014-10-23 13:23 - 2014-01-18 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-10-23 13:23 - 2013-11-02 19:14 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-10-23 13:23 - 2013-03-16 22:22 - 00000000 ____D () C:\Users\heather\AppData\Roaming\ProgrammStarter
2014-10-22 19:25 - 2012-07-30 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Softendo.com
2014-10-22 19:24 - 2014-09-23 21:30 - 00000000 ____D () C:\Users\heather\Desktop\The Stomping Land
2014-10-22 19:24 - 2013-12-08 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Performance Simulations
2014-10-22 19:24 - 2013-12-08 15:48 - 00000000 ____D () C:\Program Files (x86)\Performance Simulations
2014-10-22 19:24 - 2012-11-03 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake 4
2014-10-22 19:24 - 2012-05-04 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com
2014-10-22 19:24 - 2012-05-04 10:01 - 00000000 ____D () C:\Program Files (x86)\MyRealGames.com
2014-10-22 19:24 - 2012-02-10 21:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-22 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\zh-HK
2014-10-22 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\tr-TR
2014-10-22 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\zh-HK
2014-10-22 19:24 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\tr-TR
2014-10-22 16:54 - 2012-07-30 19:23 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softendo.com
2014-10-22 16:46 - 2013-09-03 13:01 - 00000000 ____D () C:\Program Files (x86)\Black_Box
2014-10-22 16:46 - 2013-08-17 23:42 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2014-10-22 16:46 - 2012-05-04 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameTop.com
2014-10-22 16:45 - 2013-12-28 14:53 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-10-22 16:42 - 2012-10-30 18:17 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-10-22 06:42 - 2014-09-15 15:30 - 01204925 _____ () C:\Users\heather\Downloads\Oxium Keygen.zip
2014-10-21 23:31 - 2014-09-13 15:16 - 00000000 ____D () C:\Users\heather\Desktop\Spectrasonics Stylus RMX 1.5 + 1.7 + 1.9.5 + keygen WORKING 100%
2014-10-21 17:21 - 2014-06-21 21:55 - 00000000 ____D () C:\Program Files (x86)\Free mp3 Wma Converter
2014-10-21 14:03 - 2013-09-18 21:33 - 00000000 ____D () C:\Users\heather\AppData\Roaming\vlc
2014-10-21 01:07 - 2014-06-14 05:45 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf87bdc6c113a2.job
2014-10-20 15:36 - 2012-03-09 07:16 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-10-18 08:34 - 2012-03-09 05:51 - 00001447 _____ () C:\Users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-18 08:28 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-17 20:56 - 2013-03-02 15:39 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Real
2014-10-09 14:37 - 2012-05-24 18:24 - 00000000 ____D () C:\Users\heather\AppData\Roaming\Mozilla
2014-10-08 19:08 - 2014-07-18 22:06 - 00000000 ____D () C:\Users\heather\Desktop\AUDIO SAMPLES
2014-10-02 15:53 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-09-29 17:09 - 2014-09-13 04:18 - 00001841 _____ () C:\Users\heather\Desktop\DAEMON Tools Lite.lnk
2014-09-29 08:46 - 2013-03-07 16:51 - 00000000 ____D () C:\windows\Minidump
2014-09-29 08:46 - 2009-07-13 23:45 - 04919392 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-29 08:45 - 2013-03-07 16:51 - 521129794 _____ () C:\windows\MEMORY.DMP

Some content of TEMP:
====================
C:\Users\heather\AppData\Local\Temp\jrgqrym.dll
C:\Users\heather\AppData\Local\Temp\Quarantine.exe
C:\Users\heather\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 02:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by heather at 2014-10-27 22:38:20
Running from G:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.00.07.04.30 - Selectsoft Publishing)
2002 Games (HKLM-x32\...\2002 Games) (Version: 1.00.07.02.13 - Selectsoft Publishing)
3D Flash Animator 4.9.8.7 (HKLM-x32\...\3D Flash Animator 4.9.8.7) (Version: - )
3D Sniper (HKLM-x32\...\3D Sniper_is1) (Version: - My Real Games Ltd)
A Bug's Life Action Game (HKLM-x32\...\A Bug's Life) (Version: - )
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Acid Rack 2.0k (HKLM-x32\...\{F97A2162-FE63-4288-8273-CCA4CCFCA488}_is1) (Version: - acid.milch&honig)
Acoustica Effects Pack (HKLM-x32\...\Acoustica Effects Pack) (Version: 3.0 - Acoustica, Inc)
Acoustica Mixcraft 5 (HKLM-x32\...\Acoustica Mixcraft 5) (Version: - Acoustica)
Activision® (x32 Version: 1.00.0000 - Activision) Hidden
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Aimersoft Audio Converter(Build 2.2.0.37) (HKLM-x32\...\Aimersoft Audio Converter_is1) (Version: - Aimersoft Software)
Aimersoft DVD Copy(Build 2.0.0.16) (HKLM-x32\...\Aimersoft DVD Copy_is1) (Version: - Aimersoft Software)
Aimersoft DVD Creator(Build 2.1.1.0) (HKLM-x32\...\Aimersoft DVD Creator_is1) (Version: - Aimersoft Software)
Aimersoft DVD Ripper(Build 2.2.0.27) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version: - Aimersoft Software)
Aimersoft DVD Studio Pack(Build 2.2.0.19) (HKLM-x32\...\Aimersoft DVD Studio Pack_is1) (Version: - Aimersoft Software)
Aimersoft Video Converter(Build 2.2.0.19) (HKLM-x32\...\Aimersoft Video Converter_is1) (Version: - Aimersoft Software)
Antares Harmony Engine VST RTAS v1.0 (HKLM-x32\...\Antares Harmony Engine VST RTAS_is1) (Version: - Team AiR 2007)
Application Verifier x64 External Package (Version: 8.59.29722 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audio Editor (HKLM-x32\...\{92d20dfc-766e-4253-a530-2d6053787683}_is1) (Version: - )
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - AVAST Software)
AVS Document Converter 2.2.3 (HKLM-x32\...\AVS Document Converter_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Battlefield 2 (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games)
Bejeweled Blitz (HKLM-x32\...\Bejeweled Blitz) (Version: - PopCap Games)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Best Games Hits 3 (HKLM-x32\...\Best Game Hits 3) (Version: 1.00.09.07.10 - Selectsoft Publishing)
Bettys Beer Bar (HKLM-x32\...\Bettys Beer Bar_is1) (Version: - My Real Games Ltd)
Bigfoot 4x4 Challenge (HKLM-x32\...\Bigfoot 4x4 Challenge_is1) (Version: - My Real Games Ltd)
Biker Vs Zombies (HKLM-x32\...\Biker Vs Zombies_is1) (Version: - My Real Games Ltd)
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bitsonic Gnat 1.3 (HKLM-x32\...\{84770ED7-BAF6-4E12-B1D5-AF26645389C8}_is1) (Version: 2.2 - Bitsonic LP)
Bitsonic Keyzone 1.3 (HKLM-x32\...\{84770ED7-BAF6-4E12-B1D5-EZ15645389C8}_is1) (Version: 2.2 - Bitsonic LP)
BitterSweetV3_Native+HDX (HKLM\...\{7A6F9238-7404-4584-B417-5F25542F5D4E}) (Version: 3.2.21.32395 - Flux:: sound and picture development)
Blur (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bomber Mario (HKLM-x32\...\Bomber Mario_is1) (Version: 1.0 - Media Contact LLC)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
BW Shooter (HKLM-x32\...\BW Shooter_is1) (Version: - My Real Games Ltd)
Call of Duty® 4 - Modern Warfare (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare (x32 Version: 1.00.0000 - Activision) Hidden
Camel Audio Alchemy (HKLM-x32\...\Camel Audio Alchemy) (Version: 1.25.0 - Camel Audio)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
City Car Driving 1.2.2 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: - Forward Development)
City Racing (HKLM-x32\...\City Racing_is1) (Version: 1.0 - Media Contact LLC)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2109.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 Content Pack Premium (HKLM-x32\...\InstallShield_{0219CB86-A833-4581-8FF1-78F303F93AC3}) (Version: 12 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.4203 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
daHornet Version 1.34 (HKLM-x32\...\daHornet VSTi V1.34_is1) (Version: - )
Deckadance 2 (HKLM-x32\...\Deckadance 2) (Version: 2.0 - Image-Line)
DiRT 3 (HKLM-x32\...\GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}) (Version: 1.0.0000.130 - Codemasters)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
Doom Game (HKLM-x32\...\Doom Game) (Version: - )
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.4.0.0 - Ubisoft)
Driving Speed 2.0 (HKLM-x32\...\Driving Speed 2_is1) (Version: - WheelSpin Studios)
Drug Lord 2 (HKLM-x32\...\Drug Lord 2) (Version: - )
Dynasty of Egypt (HKLM-x32\...\Dynasty of Egypt) (Version: 1.00.08.09.03 - Selectsoft Publishing)
Easy Driver Pro (HKLM-x32\...\{CF3F8324-A037-4286-BB70-6BAD18068286}) (Version: 7 - Easy Driver Pro)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
Extreme Velocity - The Drag Strip (HKLM-x32\...\Extreme Velocity - The Drag Strip) (Version: 2.7.0.0 - KABloom Interactive)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0 - Toontrack)
Façade (HKLM-x32\...\{339C3693-8554-4A25-A664-E0B74D2DFA04}) (Version: 1.0.3 - Procedural Arts)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Feeding Frenzy 2 (HKLM-x32\...\Feeding Frenzy 2) (Version: - Spintop Media, Inc)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Firebird v2.1 (HKLM-x32\...\Tone2 Firebird_is1) (Version: - Tone2)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version: - Image-Line)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Lab Inc.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version: - YoYo Games Ltd.)
Ghost Recon Phantoms - NA (HKCU\...\fc418bf9b18f76aa) (Version: 1.36.2797.1 - Ubisoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hard Time (HKLM-x32\...\Hard Time) (Version: - MDickie)
Hard Truck Apocalypse (HKLM-x32\...\Hard Truck Apocalypse_is1) (Version: 1.0 - )
IL Autogun (HKLM-x32\...\IL Autogun) (Version: - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Jewels of the Nile (HKLM-x32\...\Jewels of the Nile) (Version: 1.00.08.08.27 - Selectsoft Publishing)
JFK Reloaded 1.1 (HKLM-x32\...\JFK Reloaded) (Version: 1.1 - JFK Reloaded)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
King Solomon's Lost Mines (HKLM-x32\...\King Solomon's Lost Mines) (Version: 1.00.07.05.01 - Selectsoft Publishing)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Mahjong City (HKLM-x32\...\Mahjong City_is1) (Version: - My Real Games Ltd)
Mario Sunshine (HKLM-x32\...\Mario Sunshine) (Version: - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
minimoog-v Original 2.5.3 (HKLM-x32\...\minimoogv2_5_is1) (Version: 2.5.3 - Arturia)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.2 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.2 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM-x32\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
My Game Long Name (HKLM\...\UDK-4fcc5506-bb46-4fcb-8dbd-34edcfe4a7a3) (Version: - Epic Games, Inc.)
Naruto Dating Sim (HKLM-x32\...\Naruto Dating Sim) (Version: - )
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Kontakt 5 (Version: 5.3.1.37 - Native Instruments) Hidden
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: - Native Instruments)
Native Instruments Kontakt Factory Selection (Version: 1.2.0.004 - Native Instruments) Hidden
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - )
NewBlue Free Effects for Windows (HKLM-x32\...\NewBlue Free Effects for Windows) (Version: 1.4 - NewBlue)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials II for PowerDirector (HKLM\...\NewBlue Video Essentials II for Cyberlink) (Version: 3.0 - NewBlue)
NewBlue Video Essentials III for PowerDirector (HKLM\...\NewBlue Video Essentials III for Cyberlink) (Version: 3.0 - NewBlue)
Noisebud Burt (HKLM-x32\...\Noisebud Burt1.0) (Version: 1.0 - Noisebud)
Nuclear Bike 2 (HKLM-x32\...\Nuclear Bike 2_is1) (Version: - My Real Games Ltd)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Operation Anti-Terror (HKLM-x32\...\Operation Anti-Terror_is1) (Version: - My Real Games Ltd)
Operation Neptune! (HKLM-x32\...\Onwin32.exe) (Version: - )
Oxium (HKLM\...\Oxium_is1) (Version: 1.5.0 - XILS-lab)
PAP 4.0 (HKLM-x32\...\PAP 4.0_is1) (Version: - )
PAP project files (HKLM-x32\...\PAP project files_is1) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Pirates of the Caribbean - At Worlds End (HKLM-x32\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios)
Pivot Stickfigure Animator version 2.2.7 (HKLM-x32\...\Pivot Stickfigure Animator_is1) (Version: 2.2.7 - )
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Proteus VX (HKLM-x32\...\Proteus VX) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quadro Racing (HKLM-x32\...\Quadro Racing_is1) (Version: 1.0 - Media Contact LLC)
Quake 4 (HKLM-x32\...\InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}) (Version: 1.0 - Activision)
Quake 4 (x32 Version: 1.0 - Activision) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
RayBlaster v1.0.1 (HKLM-x32\...\Tone2 RayBlaster_is1) (Version: 1.0.1 - Tone2)
Real Bowling (HKLM-x32\...\RealBowling_is1) (Version: 1.0 - Media Contact LLC)
Real Checkers (HKLM-x32\...\RealCheckers_is1) (Version: 1.0 - Media Contact LLC)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - )
Saurus v1.1 (HKLM-x32\...\Tone2 Saurus_is1) (Version: - Tone2)
SDK Debuggers (x32 Version: 8.59.29746 - Microsoft Corporation) Hidden
SHIFT 2 UNLEASHED™ (HKLM-x32\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
shortcircuit (HKLM-x32\...\shortcircuit) (Version: - )
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sonic Charge Cyclone (HKLM-x32\...\Sonic Charge Cyclone) (Version: 1.0.0.5 - NuEdge Development)
Soundbytes HurdyGurdy (remove only) (HKLM-x32\...\Soundbytes HurdyGurdy) (Version: - )
Soundbytes Obbo (remove only) (HKLM-x32\...\Soundbytes Obbo) (Version: - )
Star Wars Republic Commando (HKLM-x32\...\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}) (Version: 1.0 - LucasArts)
Steinberg VST Classics 1 64bit (HKLM\...\{AA322103-FC2B-4D86-BA6C-67D4DDB4209C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Straightline Acceleration Simulator demo version 1.11 (HKLM-x32\...\Straightline Acceleration Simulator demo_is1) (Version: - )
Street Legal Racing Redline (HKLM-x32\...\Street Legal Racing Redline) (Version: - )
Super Mario Bros Rambo (HKLM-x32\...\Super Mario Bros Rambo) (Version: - )
Superbike Racers (HKLM-x32\...\Superbike Racers_is1) (Version: - My Real Games Ltd)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.20 (HKLM-x32\...\Sylenth1_is1) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 0.63.05 - )
SynthMaster 2.5 VST/VSTi version 2.5.3.109 (HKLM-x32\...\{724D6BD0-88D0-4354-A124-6EE4D36E9EF2}_is1) (Version: 2.5.3.109 - KV331 Audio)
SynthMasterBE VSTi Software Synthesizer Plug-In version 1.0.4.3 (HKLM-x32\...\{A36908E4-B69B-413A-9A2B-4B2E063D1720}_is1) (Version: 1.0.4.3 - KV331 Audio)
TA RECsoprano VST (HKLM-x32\...\{E07F457C-AF29-428C-987A-51ED8011F9C9}_is1) (Version: 1.2 - Tek'it Audio)
Tarzan Action Game (HKLM-x32\...\Tarzan Action Game) (Version: - )
The Forest 1.0 (HKLM-x32\...\The Forest 1.0) (Version: 1.0 - Cat-A-Cat)
TubeOhm Alpha-Ray (HKLM-x32\...\TUBEOHM Alpha-Ray-4free_is1) (Version: - )
TubeOhm Pure-PoneV1_6 (HKLM-x32\...\TUBEOHM Pure-Pone V1.6_is1) (Version: - )
TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3000.138 - TuneUp Software) Hidden
TX16Wx Software Sampler 2 (x86) (HKLM-x32\...\{ED1DB329-7835-45AB-B2F5-5ED98742C992}) (Version: 2.301.3337.706 - CWITEC)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UVI Workstation 2.5.4 (HKLM-x32\...\UVI Workstation_is1) (Version: 2.5.4 - UVI)
UVI Workstation x64 2.5.4 (HKLM\...\UVI Workstation x64_is1) (Version: 2.5.4 - UVI)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Virtual Vegas Slots Bonus (HKLM-x32\...\Virtual Vegas Slots Bonus) (Version: 1.00.07.10.10 - Selectsoft Publishing)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: - NCH Software)
Web Launcher (HKCU\...\fc3ac04dc8eedef7) (Version: 1.0.0.20 - ShowMyPC)
Windows App Certification Kit Native Components (Version: 8.59.29736 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (x32 Version: 8.59.29750 - Microsoft Corporation) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
Windows Software Development Kit (x32 Version: 8.59.29750 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.59.25584 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.29750 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.29699 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.29699 - Microsoft Corporation) Hidden
Windows Software Development Kit Redistributables (x32 Version: 8.59.29750 - Microsoft Corporation) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Wrecked (HKLM-x32\...\Wrecked) (Version: - MDickie)
Zelda Forever (HKLM-x32\...\Zelda Forever) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

25-10-2014 16:12:43 ComboFix created restore point
26-10-2014 04:11:08 Installed EZXDfh
26-10-2014 04:21:27 Restore Operation
26-10-2014 13:29:27 Windows Update
26-10-2014 15:35:48 Installed EZXClaustrophobic
26-10-2014 15:47:44 Installed EZXPercussion
26-10-2014 15:53:52 Installed EZXNashville
26-10-2014 15:58:39 Installed EZXVintage
26-10-2014 16:01:11 Installed EZXTwisted
26-10-2014 16:06:17 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-25 07:21 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001EB43B-94DD-4B08-BA1C-F6E008A90A49} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-05] (AVAST Software)
Task: {02D546AC-A4BB-4C31-AECB-B6D90705D39F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {057D2D3A-F0AF-4EEC-814A-7872EB064A27} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0D605B40-705A-467A-B2E0-284CF95FF9B7} - System32\Tasks\{E297ACC0-5469-4C37-92B5-3D8A5805FDE5} => C:\Program Files (x86)\The Museum of Broken Memories\Museum.exe
Task: {1825E4E9-CEC4-44E8-B594-5863D4AC4925} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000UA => C:\Users\heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.)
Task: {184B92F8-E59D-478E-868A-EBBA547DC406} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core => C:\Users\heather\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-28] (Facebook Inc.)
Task: {3AEF4275-2589-4996-948D-357D57546F64} - System32\Tasks\{091D693A-EC70-44A6-AE57-3416C6D280A4} => C:\Program Files (x86)\GT Interactive\Driver\Config.exe
Task: {3F819A27-0457-4EEC-BD4A-584C9FC55039} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {42597B33-E697-4FAB-A8BF-A15117C8F2BC} - System32\Tasks\{5CCA2357-5511-45F6-8254-239ECDC44B19} => C:\Program Files (x86)\Buka\Hard Truck Apocalypse\hta.exe [2006-01-19] (Targem)
Task: {594A9F41-B1A0-4407-94A7-8E3A34F4819D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-25] (Adobe Systems Incorporated)
Task: {5D2F6AA8-E0DE-4ED4-A010-B7B780568415} - System32\Tasks\{D870FFE9-7ED8-48D0-B6FD-9837CD7E6D4C} => C:\Program Files (x86)\The Museum of Broken Memories\Museum.exe
Task: {64D111DF-244F-46A0-98CE-CCA01A0AD2D3} - System32\Tasks\{7A7ED84C-1CE5-4146-831D-1E62472A384D} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {64EE2293-CCD3-4308-AD15-38275C74266A} - System32\Tasks\{19A4A435-063E-4889-8707-46E6EA00A13D} => C:\Users\heather\Desktop\lsl1vga\install.exe
Task: {667AAE90-F6D9-460B-AAC0-C3FBFD044D51} - System32\Tasks\{24702079-6A21-42C1-8D4A-84FC9A81ED04} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {6724F2CC-EB0E-4774-9131-6255DEEC6FF4} - System32\Tasks\{4EC425C9-7A7C-4F21-BF41-F5108A30F125} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {7F5D8F24-87FC-4B44-A280-1AF1DEDB7665} - System32\Tasks\{1947DC9F-0FC6-4B2C-ABD7-5F819E26186E} => C:\Program Files (x86)\The Museum of Broken Memories\Museum.exe
Task: {8AD177DA-DF30-4545-80B7-21225D08193C} - System32\Tasks\{D73B8353-6FEE-4328-916E-862E35DEF1AA} => C:\Users\heather\Desktop\lsl1vga\install.exe
Task: {908B84DC-3320-4AE3-8CF6-7DBFEDD5AC1B} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {AC714EEC-3861-4158-ACA1-98892C65D1DA} - System32\Tasks\{445710F0-9903-4D02-9E20-3DEA9101E9EE} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {ADA3898E-AAB8-410C-A892-18F080D649CB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {BE61D6D8-F3E1-434C-8032-BFDED5CE11E5} - System32\Tasks\{90902D3D-EC99-424B-ADB6-DF2DB9B3D692} => C:\Users\heather\Desktop\lsl1vga\install.exe
Task: {BF62BA32-5D08-4926-8C37-8E1A2C108F1B} - System32\Tasks\{BF87E85A-86A9-4154-B833-8C52F01F9739} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {C00789FD-8BC2-4972-9DE4-B038192D4D02} - System32\Tasks\{F37E5C45-8B67-4CD4-B755-97C113653BE1} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {DA56A7BC-3A76-48D2-A536-C9C50106DEA4} - System32\Tasks\{16EE0E2B-9AEC-49AE-A376-46ADBD5E3520} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {DF07C2CB-B615-417B-A82E-646FD22292D4} - System32\Tasks\{B8285E05-ACBD-4405-BED2-4F1B49B939B4} => C:\Users\heather\Downloads\leisure.suit.larry1.vga\INSTALL.EXE
Task: {E19C05F0-65B1-4F37-8D4A-389EF5B51691} - System32\Tasks\{A6EACC40-C14C-4E7D-8A39-305EE5B3FFD5} => C:\Program Files (x86)\Hasbro Interactive\Classic Games\ClassicBoard.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AdobeAAMUpdater-1.0-heather-PC-heather.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core.job => C:\Users\heather\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000UA.job => C:\Users\heather\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf87bdc6c113a2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cfecf542b9e938.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core.job => C:\Users\heather\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1250407604-4015208075-2797906648-1000Core1cfef1910e70a47.job => C:\Users\heather\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PDR12.exe_20140518_100612_0481.job => C:\Program Files\CyberLink\PowerDirector12\PDR12.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1250407604-4015208075-2797906648-1000.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\ReclaimerResumeInstall_heather.job => C:\Users\heather\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2012-02-10 21:44 - 2012-02-10 21:44 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2012-06-28 15:26 - 2005-03-12 00:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2008-12-19 22:20 - 2012-02-10 21:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 22:20 - 2012-02-10 21:56 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2013-11-02 20:50 - 2014-05-09 21:23 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2014-05-18 10:05 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-04-15 00:28 - 2011-03-25 04:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-27 15:59 - 2014-10-27 15:59 - 02898432 _____ () C:\Program Files\AVAST Software\Avast\defs\14102702\algo.dll
2012-02-10 21:44 - 2012-02-10 21:44 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2014-01-18 16:06 - 2014-01-18 16:06 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-27 21:23 - 2014-10-27 21:23 - 00718152 _____ () C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\36.0.1985.143\libglesv2.dll
2014-10-27 21:23 - 2014-10-27 21:23 - 00126280 _____ () C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\36.0.1985.143\libegl.dll
2014-10-27 21:23 - 2014-10-27 21:23 - 08537928 _____ () C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\36.0.1985.143\pdf.dll
2014-10-27 21:23 - 2014-10-27 21:23 - 00353096 _____ () C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-27 21:23 - 2014-10-27 21:23 - 01732936 _____ () C:\Users\heather\AppData\LocalLow\SKS\Rtkwudoetvns\Imrnwhfvwf\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: eventlog => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-1250407604-4015208075-2797906648-500 - Administrator - Disabled)
Guest (S-1-5-21-1250407604-4015208075-2797906648-501 - Limited - Disabled)
heather (S-1-5-21-1250407604-4015208075-2797906648-1000 - Administrator - Enabled) => C:\Users\heather
HomeGroupUser$ (S-1-5-21-1250407604-4015208075-2797906648-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2014 10:31:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:30:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 10:27:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:22:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 09:42:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 09:41:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 02:10:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 02:09:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/26/2014 09:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16540, time stamp: 0x5309896b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1ad4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (10/27/2014 10:31:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.

Error: (10/27/2014 10:30:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The EgisTec Service Help service failed to start due to the following error:
%%1053

Error: (10/27/2014 10:30:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the EgisTec Service Help service to connect.

Error: (10/27/2014 10:26:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/27/2014 10:26:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/27/2014 10:26:31 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\System32\bcmihvsrv64.dll
Error Code: 21

Error: (10/27/2014 10:26:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/27/2014 10:26:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/27/2014 10:26:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswVmm
BPntDrv
discache
EgisTecFF
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6

Error: (10/27/2014 10:26:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/27/2014 10:31:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:30:26 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 10:27:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:22:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 10:22:09 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 09:42:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 09:41:32 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/27/2014 02:10:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/27/2014 02:09:44 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error: (10/26/2014 09:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165405309896bntdll.dll6.1.7601.18247521ea8e7c0000374000ce7531ad401cff1811ecf368dC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\windows\SysWOW64\ntdll.dlleed01ef6-5d81-11e4-8a94-f0def1c7f0aa

CodeIntegrity Errors:
===================================
Date: 2014-10-25 01:39:27.205
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-25 01:39:27.112
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 4010.14 MB
Available physical RAM: 2180.98 MB
Total Pagefile: 8018.46 MB
Available Pagefile: 5954.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:158.75 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.77 GB) NTFS
Drive g: () (Removable) (Total:14.9 GB) (Free:8.81 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5576202C)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Clemintine · October 28, 2014

i uninstalled google chrome and restarted and the prob. seems to be fixed now, but let me know if you see that I still need a fix... thanks guys

Maniac · October 29, 2014

Hello Clemintine! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Yes, definitely should clean your system.

Please generate a new fresh FRST log and post it here.

AdvancedSetup · January 3, 2015

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Multiple Dczlytno.exe 100% cpu FRST LOGS

Recommended Posts

Clemintine

Link to post

Share on other sites

Clemintine

Link to post

Share on other sites

Maniac

Link to post

Share on other sites

AdvancedSetup

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information