Jump to content

need help with Poweliks aftermath


Recommended Posts

Hi. Long story short, I got infected with Powliks.  I used the Malwarebytes anti-rootkit tool, and it seems to have removed Poweliks.  However, I keep getting an error message "An error has occured on a script in this page."  I tell it to stop running the script, and it opens an empty Java window.  I saw on another thread this is a byproduct of the Rootkit tool.  Can someone please help me get rid of it?  Happy Holidays and thanks so much!

 

FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2014
Ran by bad ben (administrator) on BADBEN-PC on 27-12-2014 18:46:14
Running from C:\Users\bad ben\Desktop
Loaded Profile: bad ben (Available profiles: bad ben)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\AMD\OverDrive\AODAssist.exe
(Ralink Technology, Corp.) C:\Program Files\Edimax\Common\RaRegistry.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\bad ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Edimax Technology Co., Ltd.) C:\Program Files\Edimax\Common\RaUI.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\bad ben\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ATICustomerCare] => C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1778064 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AmazonGSDownloaderTray] => C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [326144 2009-10-23] (Amazon.com)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Run: [spotify Web Helper] => C:\Users\bad ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-09] (Spotify Ltd)
HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Run: [GoogleChromeAutoLaunch_57E0FE490EFBD97AB531B8E47B5D725D] => C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files\Edimax\Common\RaUI.exe (Edimax Technology Co., Ltd.)
Startup: C:\Users\bad ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bad ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3492140453-1504728653-295436582-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3492140453-1504728653-295436582-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3492140453-1504728653-295436582-1001 -> DefaultScope {70F75848-4EEA-4C3F-89B7-075B5F4AB509} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3492140453-1504728653-295436582-1001 -> {0E7CDE97-A40B-4FD5-BF38-5024BD652AAA} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3492140453-1504728653-295436582-1001 -> {70F75848-4EEA-4C3F-89B7-075B5F4AB509} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3492140453-1504728653-295436582-1001 -> {FD5A9EE8-3EDA-4155-9EB6-BFBBB8AE04E6} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\bad ben\AppData\Roaming\Mozilla\Firefox\Profiles\m5emwupq.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Google
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3492140453-1504728653-295436582-1001: @tools.google.com/Google Update;version=3 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3492140453-1504728653-295436582-1001: @tools.google.com/Google Update;version=9 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3492140453-1504728653-295436582-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\bad ben\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3492140453-1504728653-295436582-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\bad ben\AppData\Roaming\Mozilla\Firefox\Profiles\m5emwupq.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Xmarks - C:\Users\bad ben\AppData\Roaming\Mozilla\Firefox\Profiles\m5emwupq.default\Extensions\foxmarks@kei.com [2013-08-09]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-03]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-09-04]
CHR Extension: (Tab Menu) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\galfofdpepkcahkfobimileafiobdplb [2012-02-27]
CHR Extension: (Kindle Cloud Reader) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-10-09]
CHR Extension: (Google Wallet) - C:\Users\bad ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\BADBEN~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]
CHR StartMenuInternet: Google Chrome - C:\Users\bad ben\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
S3 Futuremark SystemInfo Service; C:\Program Files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [137336 2013-02-17] (Futuremark Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RalinkRegistryWriter; C:\Program Files\Edimax\Common\RaRegistry.exe [185632 2009-12-17] (Ralink Technology, Corp.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-01-24] (Paramount Software UK Ltd)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Eval) 2012\RpcAgentSrv.exe [93848 2008-11-06] (SiSoftware) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [49248 2013-02-06] (Advanced Micro Devices)
R2 cpuz133; C:\Windows\system32\drivers\cpuz133_x32.sys [20968 2010-03-30] (Windows ® Win 7 DDK provider)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite (Eval) 2012\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
R0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
S3 catchme; \??\C:\Users\BADBEN~1\AppData\Local\Temp\catchme.sys [X]
S3 cpuz130; \??\C:\Users\BADBEN~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x32.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x32.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 18:46 - 2014-12-27 18:46 - 00021147 _____ () C:\Users\bad ben\Desktop\FRST.txt
2014-12-27 18:34 - 2014-12-27 18:46 - 00000000 ____D () C:\FRST
2014-12-27 18:34 - 2014-12-27 18:35 - 00043071 _____ () C:\Users\bad ben\Downloads\Addition.txt
2014-12-27 18:34 - 2014-12-27 18:35 - 00035226 _____ () C:\Users\bad ben\Downloads\FRST.txt
2014-12-27 18:34 - 2014-12-27 18:34 - 01114624 _____ (Farbar) C:\Users\bad ben\Desktop\FRST.exe
2014-12-27 17:30 - 2014-12-27 18:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-27 17:28 - 2014-12-27 18:26 - 00000000 ____D () C:\Users\bad ben\Desktop\mbar
2014-12-27 17:25 - 2014-12-27 17:26 - 16448208 _____ (Malwarebytes Corp.) C:\Users\bad ben\Downloads\mbar-1.08.2.1001.exe
2014-12-24 13:33 - 2014-12-24 13:33 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\bad ben\Downloads\iExplore.exe
2014-12-24 13:30 - 2014-12-24 13:30 - 00018528 _____ () C:\ComboFix.txt
2014-12-24 13:13 - 2014-12-24 13:30 - 00000000 ____D () C:\Windows\erdnt
2014-12-24 13:13 - 2014-12-24 13:30 - 00000000 ____D () C:\Qoobox
2014-12-24 13:13 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-24 13:13 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-24 13:13 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-24 13:13 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-24 13:13 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-24 13:13 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-24 13:13 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-24 13:13 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-24 13:12 - 2014-12-24 13:12 - 05603465 ____R (Swearware) C:\Users\bad ben\Downloads\ComboFix.exe
2014-12-23 19:57 - 2014-12-23 19:58 - 00959152 _____ (Adobe Systems Incorporated) C:\Users\bad ben\Downloads\uninstall_flash_player.exe
2014-12-20 17:03 - 2014-12-21 11:21 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 11:18 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-13 17:16 - 2014-12-13 17:16 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 23:14 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-12 18:16 - 2014-12-03 23:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-12 18:16 - 2014-12-03 23:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-12 18:16 - 2014-12-01 18:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-12 18:16 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-12 18:16 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-12 18:16 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-12 18:16 - 2014-11-21 21:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-12 18:16 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-12 18:16 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-12 18:16 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-12 18:16 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-12 18:16 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-12 18:16 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-12 18:16 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-12 18:16 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-12 18:16 - 2014-11-21 20:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-12 18:16 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-12 18:16 - 2014-11-21 20:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-12 18:16 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-12 18:16 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-12 18:16 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-12 18:16 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-12 18:16 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-12 18:16 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-12 18:16 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-12 18:16 - 2014-11-21 20:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-12 18:16 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-12 18:16 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-12 18:16 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-12 18:16 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-12 18:16 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-12 18:16 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-12 18:16 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-12 18:16 - 2014-11-10 20:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-12 18:15 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-12 18:15 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-12 18:15 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-12 18:15 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-12 18:15 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-12 18:15 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-12 18:15 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-04 13:23 - 2014-12-04 13:23 - 00607448 _____ () C:\Users\bad ben\Downloads\[Michelle_Alexander]_The_New_Jim_Crow_Mass_Incarc(BookZZ.org).mobi
2014-12-04 13:23 - 2014-12-04 13:23 - 00443212 _____ () C:\Users\bad ben\Downloads\Michelle Alexander-The New Jim Crow_ Mass Incarceration in the Age of Colorblindness-The New Press (2010).epub
2014-12-04 13:16 - 2014-12-04 13:16 - 00440318 _____ () C:\Users\bad ben\Downloads\Michelle Alexander-The New Jim Crow_ Mass Incarceration in the Age of Colorblindness  -New Press, The (2010).epub
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-27 18:41 - 2011-05-31 20:04 - 00000000 ___RD () C:\Users\bad ben\Desktop\Dropbox
2014-12-27 18:41 - 2011-05-31 20:02 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\Dropbox
2014-12-27 18:28 - 2009-06-10 14:50 - 01493873 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 18:14 - 2009-07-13 23:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-27 18:14 - 2009-07-13 23:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-27 18:13 - 2009-06-10 14:51 - 00795794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 18:11 - 2014-07-28 17:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-27 18:11 - 2014-07-28 17:47 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-27 18:11 - 2011-03-24 18:29 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\EndNote
2014-12-27 18:11 - 2011-02-04 22:31 - 00000000 ____D () C:\Program Files\Steam
2014-12-27 18:10 - 2013-03-04 13:38 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-27 18:07 - 2012-09-14 12:55 - 01764614 _____ () C:\Windows\setupact.log
2014-12-27 18:07 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-27 18:06 - 2011-02-05 13:25 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001UA.job
2014-12-27 17:53 - 2013-03-04 13:38 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-27 17:52 - 2012-10-17 09:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-27 17:29 - 2011-02-05 13:25 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001Core.job
2014-12-27 15:18 - 2013-04-10 15:57 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\vlc
2014-12-26 21:15 - 2011-04-05 15:57 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\GoodSync
2014-12-26 18:22 - 2014-11-07 18:56 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\uTorrent
2014-12-25 14:02 - 2011-03-13 20:20 - 00007597 _____ () C:\Users\bad ben\AppData\Local\Resmon.ResmonCfg
2014-12-24 13:30 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-12-24 13:30 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-12-24 13:29 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-24 13:28 - 2012-10-11 10:00 - 00126442 _____ () C:\Windows\PFRO.log
2014-12-23 19:24 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-23 18:01 - 2014-10-16 19:50 - 00102990 _____ () C:\Users\bad ben\Desktop\grades 2014-15.egp
2014-12-23 17:33 - 2011-06-27 08:40 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-23 17:33 - 2011-03-12 21:09 - 00000000 ____D () C:\Program Files\Adobe
2014-12-22 13:08 - 2012-10-13 18:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-21 21:40 - 2011-03-13 19:55 - 00000000 ____D () C:\Users\bad ben\AppData\Local\Thunderbird
2014-12-21 10:23 - 2014-07-28 17:47 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-18 00:22 - 2014-10-13 21:49 - 07203104 _____ () C:\Users\bad ben\Desktop\DARKSII0000.sl2
2014-12-17 14:08 - 2013-10-20 11:04 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\Spotify
2014-12-17 13:01 - 2011-05-05 14:15 - 00000426 _____ () C:\Windows\BRWMARK.INI
2014-12-17 12:52 - 2013-10-20 11:05 - 00000000 ____D () C:\Users\bad ben\AppData\Local\Spotify
2014-12-14 21:48 - 2011-03-22 14:35 - 00000000 ____D () C:\Users\bad ben\AppData\Local\MediaMonkey
2014-12-14 14:51 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Registration
2014-12-13 22:39 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-13 17:16 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-13 17:16 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 23:14 - 2013-08-14 02:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 23:10 - 2010-11-30 00:38 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-12 19:52 - 2012-04-02 10:50 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-12 19:52 - 2011-05-17 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-12 18:13 - 2011-05-31 20:04 - 00001024 _____ () C:\Users\bad ben\Desktop\Dropbox.lnk
2014-12-12 18:13 - 2011-05-31 20:02 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-04 20:50 - 2011-03-12 21:09 - 00000000 ____D () C:\Users\bad ben\AppData\Local\Adobe
2014-12-04 13:26 - 2012-09-21 19:48 - 00000000 ____D () C:\Users\bad ben\AppData\Roaming\SumatraPDF
 
Some content of TEMP:
====================
C:\Users\bad ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpby8nod.dll
C:\Users\bad ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptaf3pe.dll
C:\Users\bad ben\AppData\Local\Temp\sfamcc00001.dll
C:\Users\bad ben\AppData\Local\Temp\sfareca00001.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-25 00:49
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2014
Ran by bad ben at 2014-12-27 18:46:33
Running from C:\Users\bad ben\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
3DMark 11 (HKLM\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.5 - Futuremark Corporation)
7-Zip 4.65 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Amazon Games & Software Downloader (HKLM\...\Amazon Games & Software Downloader_is1) (Version: 2.0.2.0 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{15971B11-14DA-873C-1ACD-188603C38889}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM\...\{973620A0-7EA9-4D9D-95B7-349B78664AC7}) (Version: 4.2.6.0638 - Advanced Micro Devices, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
BioShock 2 (Version: 1.0.0003.131 - Take-Two Interactive Software) Hidden
BioShock 2 (Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BioShock Infinite (HKLM\...\Steam App 8870) (Version:  - Irrational Games)
CamStudio OSS Desktop Recorder (HKLM\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.400.0 - THQ Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlCenter (HKLM\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 1.0.230 - MSI)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.54 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CrystalDiskInfo 6.1.1 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.1.1 - Crystal Dew World)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Diablo III (HKLM\...\Diablo III) (Version: 1.0.5.12811 - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Easy Grade Pro (HKLM\...\{B1B99F39-0A1C-4790-A0C8-73537CF8CEDB}) (Version: 4.0.3 - Orbis Software)
Edimax Wireless LAN (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.6.0 - Edimax)
EndNote X1 (HKLM\...\{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}) (Version: 11.0.0.2571 - Thomson ResearchSoft)
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
eSupport UndeletePlus 3.0.2.1214 (HKLM\...\eSupport UndeletePlus_is1) (Version:  - Copyright © 2011 eSupport.com • All Rights Reserved)
Fraps (HKLM\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
GameFly (HKLM\...\GameFly) (Version: 1.2.361 - GameFly, Inc.)
GameSpy Comrade (HKLM\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.6.7.7 - Siber Systems)
Google Chrome (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
ISI ResearchSoft - Export Helper (HKLM\...\ISI ResearchSoft - Export Helper) (Version:  - )
Java 7 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.110 - Oracle)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6444 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaMonkey 3.2 (HKLM\...\MediaMonkey_is1) (Version: 3.2 - Ventis Media Inc.)
Metro: Last Light (HKLM\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{D4CFC5F3-481C-40AA-9944-E7E4E732136C}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 en-US) (HKLM\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
Mp3tag v2.46a (HKLM\...\Mp3tag) (Version: v2.46a - Florian Heidenreich)
NVIDIA PhysX (HKLM\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PandoraRecovery (Remove Only) (HKLM\...\PandoraRecovery) (Version:  - )
PCMark 7 (HKLM\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
pdfsam (HKLM\...\pdfsam) (Version: 2.2.1 - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
PerformanceTest v7.0 (HKLM\...\PerformanceTest 7_is1) (Version: 7.0 - Passmark Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
SiSoftware Sandra Lite (Eval) 2012 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1) (Version: 18.10.2012.1 - SiSoftware)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3492140453-1504728653-295436582-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM\...\StarCraft II) (Version: 1.4.3.21029 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.1.1 - Krzysztof Kowalczyk)
System Requirements Lab CYRI (HKLM\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Tomb Raider (HKLM\...\Steam App 203160) (Version:  - Crystal Dynamics)
TreeSize Free V2.3.3 (HKLM\...\TreeSize Free_is1) (Version:  - JAM Software)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Video Thumbnails Maker by Scorp (remove only) (HKLM\...\Video Thumbnails Maker) (Version:  - )
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebM Media Foundation Components (HKLM\...\webmmf) (Version: 1.0.1.1 - WebM Project)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1F74E844-9468-D082-1278-05EE85889A47} No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {41A48EE0-9468-D082-B61E-D5B085889A47} No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bad ben\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> C:\Windows\system32\ieframe.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3492140453-1504728653-295436582-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\bad ben\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
25-12-2014 13:41:32 Windows Update
27-12-2014 18:04:58 Malwarebytes Anti-Rootkit Restore Point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-12-24 13:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1DD3841D-835B-4D58-9561-B9CCE847E1C5} - System32\Tasks\GoodSync - backup => C:\Program Files\Siber Systems\GoodSync\GoodSync.exe [2011-03-25] ()
Task: {29CB45EC-38C1-49A2-B72C-6ECC519E4F30} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {4EA8A4CE-BC4E-4A0B-B484-629CEC0E57F1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-12] (Adobe Systems Incorporated)
Task: {52F5A26C-0C1A-4328-82C4-6B81197AC064} - System32\Tasks\{9D162656-9BB8-4DE0-9E19-92333FA4B9CB} => pcalua.exe -a "H:\My Documents\Downloads\setup-pdf.exe" -d "H:\My Documents\Downloads"
Task: {60EACACE-0508-4D9C-810E-C14794F2ED1F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001Core => C:\Users\bad ben\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {8CE0C4FF-A879-44FA-ADB4-F54235C092E0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-04] (Google Inc.)
Task: {AF2D1599-60B4-4DB4-A232-88ED0B5EFD46} - System32\Tasks\{A399DE73-1B1D-48B0-8767-2ACA05DA8917} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {B79363A3-0DA3-4C3A-84CE-1F5C7D2A7485} - System32\Tasks\{A0B32187-B573-4B7C-A013-7E756B7F5195} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.179&LastError=404
Task: {BA7EA27F-9B1A-4367-B27E-68C248F011BD} - System32\Tasks\{8A6515A5-8475-4C01-944A-E9329D3F7B39} => pcalua.exe -a "C:\Users\bad ben\AppData\Roaming\uTorrent\uTorrent.exe" -c /UNINSTALL
Task: {CE330F77-BD9E-4684-9348-F3238B620290} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-08-22] (Piriform Ltd)
Task: {DA7ED413-71A6-4777-9175-5A131C4A5C91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001UA => C:\Users\bad ben\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {F9EEDDC4-406C-4B62-8E47-375C3FB66653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-04] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001Core.job => C:\Users\bad ben\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492140453-1504728653-295436582-1001UA.job => C:\Users\bad ben\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-10 11:43 - 2011-02-28 17:37 - 00180624 _____ () C:\Windows\System32\Primomonnt.dll
2013-03-28 21:29 - 2013-03-28 21:29 - 00200192 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:49 - 2012-09-23 12:49 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-09-23 12:49 - 2012-09-23 12:49 - 00573440 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-03-28 21:29 - 2013-03-28 21:29 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-02-06 02:26 - 2013-02-06 02:26 - 00137096 _____ () C:\Program Files\AMD\OverDrive\AODAssist.exe
2013-02-06 02:26 - 2013-02-06 02:26 - 00579456 _____ () C:\Program Files\AMD\OverDrive\Device.dll
2013-02-06 02:26 - 2013-02-06 02:26 - 03860352 _____ () C:\Program Files\AMD\OverDrive\Platform.dll
2013-02-06 02:26 - 2013-02-06 02:26 - 01587072 _____ () C:\Program Files\AMD\OverDrive\QtCore4.dll
2013-02-06 02:26 - 2013-02-06 02:26 - 06440832 _____ () C:\Program Files\AMD\OverDrive\QtGui4.dll
2013-02-06 02:26 - 2013-02-06 02:26 - 00362368 _____ () C:\Program Files\AMD\OverDrive\QtXml4.dll
2013-03-28 21:29 - 2013-03-28 21:29 - 00095232 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-06-03 16:07 - 2009-07-20 11:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2011-10-12 09:31 - 2009-12-11 16:16 - 00918816 _____ () C:\Program Files\Edimax\Common\RaWLAPI.dll
2014-12-09 20:07 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-09 20:07 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-09 20:07 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 20:07 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\bad ben\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-27 18:10 - 2014-12-27 18:10 - 00043008 _____ () c:\Users\bad ben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpby8nod.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\bad ben\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\bad ben\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\bad ben\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-24 13:29 - 2014-12-27 18:10 - 00172032 _____ () C:\Users\bad ben\AppData\Local\Temp\sfareca00001.dll
2014-12-24 13:29 - 2014-12-27 18:10 - 00192512 _____ () C:\Users\bad ben\AppData\Local\Temp\sfamcc00001.dll
2014-12-09 20:07 - 2014-12-05 20:50 - 14913352 _____ () C:\Users\bad ben\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\bad ben\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\bad ben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3492140453-1504728653-295436582-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3492140453-1504728653-295436582-1004 - Limited - Enabled)
bad ben (S-1-5-21-3492140453-1504728653-295436582-1001 - Administrator - Enabled) => C:\Users\bad ben
Guest (S-1-5-21-3492140453-1504728653-295436582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3492140453-1504728653-295436582-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: ATA Channel 0
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ATA Channel 1
Description: IDE Channel
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Service: atapi
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2014 06:04:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6df8d845-d064-420a-a04d-ba6e737ffd1a}
 
Error: (12/27/2014 05:59:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3088
 
Start Time: 01d02228b4dfa6ef
 
Termination Time: 234
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/27/2014 05:59:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1018
 
Start Time: 01d022283db488c9
 
Termination Time: 111
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/27/2014 05:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 33d4
 
Start Time: 01d0222716960b0b
 
Termination Time: 216
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (12/27/2014 04:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc292
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00120dbf
Faulting process id: 0x3168
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/27/2014 00:55:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 00:54:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/27/2014 00:54:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (12/26/2014 11:17:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/26/2014 11:16:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (12/27/2014 06:11:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/27/2014 06:07:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/27/2014 05:53:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}
 
Error: (12/27/2014 05:40:28 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/27/2014 04:59:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/27/2014 02:22:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/27/2014 02:21:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (12/26/2014 02:48:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (12/25/2014 01:22:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}
 
Error: (12/25/2014 07:09:39 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2014 06:04:58 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6df8d845-d064-420a-a04d-ba6e737ffd1a}
 
Error: (12/27/2014 05:59:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17496308801d02228b4dfa6ef234C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (12/27/2014 05:59:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17496101801d022283db488c9111C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (12/27/2014 05:55:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1749633d401d0222716960b0b216C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (12/27/2014 04:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc292MSHTML.dll11.0.9600.17496546ff2f9c00000fd00120dbf316801d0221abc48a16dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllfcb24804-8e0e-11e4-9991-4061860bd7be
 
Error: (12/27/2014 00:55:05 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\ati technologies\ATI.ACE\core-static\SLSTaskbar64.exe
 
Error: (12/27/2014 00:54:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite (eval) 2012\wnt500x64\RpcSandraSrv.exe
 
Error: (12/27/2014 00:54:50 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8
 
Error: (12/26/2014 11:17:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\ati technologies\ATI.ACE\core-static\SLSTaskbar64.exe
 
Error: (12/26/2014 11:16:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite (eval) 2012\wnt500x64\RpcSandraSrv.exe
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom II X4 965 Processor
Percentage of memory in use: 94%
Total physical RAM: 3326.24 MB
Available physical RAM: 186.27 MB
Total Pagefile: 6650.77 MB
Available Pagefile: 2326.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.47 GB) (Free:48.09 GB) NTFS
Drive g: (less crucial) (Fixed) (Total:596.17 GB) (Free:15.67 GB) NTFS
Drive h: (DAILY BACK) (Removable) (Total:3.74 GB) (Free:1.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 2F1F2F1E)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=42)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 00250CCC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 962D962D)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Yes, it is gone :)
 
 
 
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)
 
 

Recommended reading:

 
 
icon_exclaim.gifMUST READ - security tips:

icon_exclaim.gifMUST READ - general maintenance:

The Importance of Software Updating:

 

 
In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.
 
Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

Recommended additional software:

 
 
icon_arrow.gifTFC - to clean unneeded temporary files.
icon_arrow.gifMalwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gifMalwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gifMcShield - to prevent infections spread by removable media.
icon_arrow.gifUnchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gifAdblock - to surf the web without annoying ads! 
 
 

Post-cleanup procedures:

 

 
Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report. You do not need to attach it.

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning. 
 
 
 


My help is free for everybody.

If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation: 
btn_donateCC_LG.gif

 

Thank you!

 
 
Stay safe,
TwinHeadedEagle   :)

Link to post
Share on other sites

Thanks so much!  Have a beer on me!

 

One last point -- there is a way to get your tabs back, in case anyone else is dumb like me and asks you about their deleted tabs.  You navigate to the Chrome "Default" folder, right click, and hit "restore to previous version."  It might not work for everyone, but it worked for me.  

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.