ComboFix 15-01-08.01 - Mason 01/10/2015 5:55.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16327.11169 [GMT 11:00] Running from: c:\users\Mason\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\ntuser.pol c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\oYy.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\oYy.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Mason\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\background.html c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\content.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\lsdb.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\manifest.json c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\biijdgbmlemjofbmnajmdomeabiconmm\2.14\oYy.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\background.html c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\content.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\lsdb.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\manifest.json c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\newtab.html c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kmelojcmgikahfdipmbgkkoienfjkmcp\2.1\tdQZQM8nN.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\background.html c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\content.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\lsdb.js c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\manifest.json c:\users\Mason\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\197\XzZE.js c:\users\Mason\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage c:\users\Mason\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Mason\AppData\Roaming\SpeedRunnersLog.txt H:\install.exe . . ((((((((((((((((((((((((( Files Created from 2014-12-09 to 2015-01-09 ))))))))))))))))))))))))))))))) . . 2015-01-09 18:58 . 2015-01-09 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-01-09 17:44 . 2015-01-09 17:44 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-01-09 17:44 . 2015-01-09 17:44 -------- d-----w- c:\programdata\RogueKiller 2015-01-09 16:08 . 2015-01-09 18:13 -------- d-----w- C:\FRST 2015-01-07 19:30 . 2015-01-07 19:30 -------- d-----w- C:\NPE 2015-01-07 19:29 . 2015-01-07 19:34 -------- d-----w- c:\users\Mason\AppData\Local\NPE 2015-01-07 18:32 . 2015-01-07 18:53 -------- d-----w- c:\windows\system32\drivers\NISx64\1506000.020 2015-01-07 18:11 . 2015-01-07 18:11 -------- d-----w- c:\windows\ERUNT 2015-01-07 18:05 . 2015-01-08 09:17 -------- d-----w- C:\AdwCleaner 2015-01-07 16:54 . 2015-01-07 16:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2015-01-07 16:53 . 2015-01-07 16:53 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2015-01-07 16:53 . 2015-01-07 16:53 -------- d-----w- c:\program files\Common Files\Symantec Shared 2015-01-07 16:52 . 2015-01-07 16:52 -------- d-----w- c:\program files (x86)\Norton Internet Security 2015-01-07 16:52 . 2015-01-07 16:52 -------- d-----w- c:\program files (x86)\NortonInstaller 2015-01-07 16:17 . 2015-01-07 16:17 -------- d-----w- c:\users\Mason\AppData\Local\Deployment 2015-01-07 16:17 . 2015-01-07 16:17 -------- d-----w- c:\users\Mason\AppData\Local\Apps 2015-01-07 16:05 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9115D02A-CD43-43AF-BBA4-3AE28D8B748A}\mpengine.dll 2015-01-07 07:51 . 2015-01-07 07:51 -------- d-----w- c:\users\Mason\AppData\Roaming\NekoWorks 2015-01-07 04:53 . 2015-01-07 04:53 4 ----a-w- c:\users\Mason\AppData\Roaming\appdataFr2.bin 2015-01-05 17:55 . 2015-01-07 16:00 -------- d-----w- c:\programdata\null 2014-12-30 02:20 . 2015-01-07 16:00 -------- d-----w- c:\users\Mason\AppData\Roaming\Factorio 2014-12-30 02:10 . 2014-12-30 02:10 -------- d-----w- c:\programdata\ATI 2014-12-30 01:10 . 2014-12-30 01:10 -------- d-----w- c:\program files (x86)\AMD AVT 2014-12-30 01:10 . 2014-12-30 01:10 -------- d-----w- c:\program files (x86)\AMD 2014-12-28 07:59 . 2014-12-28 08:34 -------- d-----w- c:\users\Mason\AppData\Roaming\ArcaneWorlds 2014-12-20 18:22 . 2014-12-20 18:25 -------- d-----w- c:\users\Mason\AppData\Local\ftblauncher 2014-12-20 18:22 . 2014-12-20 18:22 -------- d-----w- c:\users\Mason\AppData\Roaming\ftblauncher 2014-12-19 02:52 . 2014-12-19 02:52 -------- d-----w- c:\users\Mason\AppData\Roaming\TownOfSalem 2014-12-18 13:47 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2014-12-18 13:47 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2014-12-16 12:47 . 2014-12-16 12:53 -------- d-----w- c:\users\Mason\AppData\Roaming\com.kintogames.bitDungeonII 2014-12-11 06:54 . 2014-12-18 21:56 -------- d-----w- c:\users\Mason\AppData\Roaming\Dungeonmans 2014-12-10 20:19 . 2014-12-10 20:19 -------- d-----w- c:\windows\system32\appraiser . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-01-09 18:14 . 2014-11-12 15:48 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp 2015-01-09 18:14 . 2014-04-22 08:16 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys 2015-01-09 18:13 . 2014-04-22 08:27 65536 ----a-w- c:\windows\system32\spu_storage.bin 2014-12-10 07:26 . 2014-04-22 10:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-12-10 07:26 . 2014-04-22 10:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-12-10 07:26 . 2014-04-29 22:30 3981488 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-12-06 05:28 . 2014-09-01 06:27 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-12-04 02:50 . 2014-12-10 12:00 413184 ----a-w- c:\windows\system32\generaltel.dll 2014-12-04 02:50 . 2014-12-10 12:00 741376 ----a-w- c:\windows\system32\invagent.dll 2014-12-04 02:50 . 2014-12-10 12:00 396800 ----a-w- c:\windows\system32\devinv.dll 2014-12-04 02:50 . 2014-12-10 12:00 830976 ----a-w- c:\windows\system32\appraiser.dll 2014-12-04 02:50 . 2014-12-10 12:00 227328 ----a-w- c:\windows\system32\aepdu.dll 2014-12-04 02:50 . 2014-12-10 12:00 192000 ----a-w- c:\windows\system32\aepic.dll 2014-12-04 02:44 . 2014-12-10 12:00 1083392 ----a-w- c:\windows\system32\aeinv.dll 2014-12-01 23:28 . 2014-12-10 12:00 1232040 ----a-w- c:\windows\system32\aitstatic.exe 2014-11-27 05:40 . 2014-04-23 00:28 112710672 ----a-w- c:\windows\system32\MRT.exe 2014-11-27 01:43 . 2014-12-10 12:00 389296 ----a-w- c:\windows\system32\iedkcs32.dll 2014-11-24 03:04 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-11-22 03:13 . 2014-12-10 12:00 25059840 ----a-w- c:\windows\system32\mshtml.dll 2014-11-22 03:06 . 2014-12-10 12:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2014-11-22 03:06 . 2014-12-10 12:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2014-11-22 02:50 . 2014-12-10 12:00 66560 ----a-w- c:\windows\system32\iesetup.dll 2014-11-22 02:50 . 2014-12-10 12:00 580096 ----a-w- c:\windows\system32\vbscript.dll 2014-11-22 02:49 . 2014-12-10 12:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2014-11-22 02:49 . 2014-12-10 12:00 2885120 ----a-w- c:\windows\system32\iertutil.dll 2014-11-22 02:48 . 2014-12-10 12:00 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-11-22 02:41 . 2014-12-10 12:00 54784 ----a-w- c:\windows\system32\jsproxy.dll 2014-11-22 02:40 . 2014-12-10 12:00 34304 ----a-w- c:\windows\system32\iernonce.dll 2014-11-22 02:37 . 2014-12-10 12:00 633856 ----a-w- c:\windows\system32\ieui.dll 2014-11-22 02:35 . 2014-12-10 12:00 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2014-11-22 02:34 . 2014-12-10 12:00 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2014-11-22 02:34 . 2014-12-10 12:00 6039552 ----a-w- c:\windows\system32\jscript9.dll 2014-11-22 02:26 . 2014-12-10 12:00 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2014-11-22 02:22 . 2014-12-10 12:00 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2014-11-22 02:20 . 2014-12-10 12:00 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2014-11-22 02:14 . 2014-12-10 12:00 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-11-22 02:09 . 2014-12-10 12:00 199680 ----a-w- c:\windows\system32\msrating.dll 2014-11-22 02:08 . 2014-12-10 12:00 92160 ----a-w- c:\windows\system32\mshtmled.dll 2014-11-22 02:07 . 2014-12-10 12:00 501248 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-11-22 02:07 . 2014-12-10 12:00 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2014-11-22 02:06 . 2014-12-10 12:00 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2014-11-22 02:05 . 2014-12-10 12:00 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-11-22 02:05 . 2014-12-10 12:00 316928 ----a-w- c:\windows\system32\dxtrans.dll 2014-11-22 01:54 . 2014-12-10 12:00 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2014-11-22 01:49 . 2014-12-10 12:00 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2014-11-22 01:49 . 2014-12-10 12:00 800768 ----a-w- c:\windows\system32\msfeeds.dll 2014-11-22 01:47 . 2014-12-10 12:00 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-11-22 01:46 . 2014-12-10 12:00 2125312 ----a-w- c:\windows\system32\inetcpl.cpl 2014-11-22 01:43 . 2014-12-10 12:00 14412800 ----a-w- c:\windows\system32\ieframe.dll 2014-11-22 01:40 . 2014-12-10 12:00 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-11-22 01:29 . 2014-12-10 12:00 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll 2014-11-22 01:28 . 2014-12-10 12:00 2358272 ----a-w- c:\windows\system32\wininet.dll 2014-11-22 01:22 . 2014-12-10 12:00 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2014-11-22 01:21 . 2014-12-10 12:00 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-11-22 01:15 . 2014-12-10 12:00 1548288 ----a-w- c:\windows\system32\urlmon.dll 2014-11-22 01:03 . 2014-12-10 12:00 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2014-11-22 01:00 . 2014-12-10 12:00 1888256 ----a-w- c:\windows\SysWow64\wininet.dll 2014-11-21 02:44 . 2014-11-21 02:44 128384 ----a-w- c:\windows\system32\amdhcp64.dll 2014-11-21 02:44 . 2014-11-21 02:44 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll 2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\atimpc64.dll 2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2014-11-21 02:44 . 2013-12-06 22:04 144328 ----a-w- c:\windows\system32\atiuxp64.dll 2014-11-21 02:44 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2014-11-21 02:44 . 2013-10-08 04:34 118096 ----a-w- c:\windows\system32\atiu9p64.dll 2014-11-21 02:44 . 2013-10-08 04:34 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2014-11-21 02:44 . 2013-10-08 04:34 1348928 ----a-w- c:\windows\system32\aticfx64.dll 2014-11-21 02:44 . 2013-10-08 04:34 1127496 ----a-w- c:\windows\SysWow64\aticfx32.dll 2014-11-21 02:44 . 2013-12-06 22:00 11076784 ----a-w- c:\windows\system32\atidxx64.dll 2014-11-21 02:44 . 2014-09-15 22:31 9401480 ----a-w- c:\windows\SysWow64\atidxx32.dll 2014-11-21 02:43 . 2013-10-08 04:34 7558816 ----a-w- c:\windows\SysWow64\atiumdva.dll 2014-11-21 02:43 . 2013-10-08 04:34 7077776 ----a-w- c:\windows\SysWow64\atiumdag.dll 2014-11-21 02:43 . 2013-10-08 04:33 8379720 ----a-w- c:\windows\system32\atiumd6a.dll 2014-11-21 02:43 . 2013-10-08 04:33 8369408 ----a-w- c:\windows\system32\atiumd64.dll 2014-11-21 02:41 . 2014-11-21 02:41 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys 2014-11-21 02:40 . 2014-11-21 02:40 18959360 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2014-11-21 02:33 . 2014-11-21 02:33 235008 ----a-w- c:\windows\system32\clinfo.exe 2014-11-21 02:33 . 2014-11-21 02:33 98816 ----a-w- c:\windows\system32\OpenVideo64.dll 2014-11-21 02:33 . 2014-11-21 02:33 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2014-11-21 02:33 . 2014-11-21 02:33 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2014-11-21 02:33 . 2014-11-21 02:33 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll 2014-11-21 02:33 . 2014-11-21 02:33 47899136 ----a-w- c:\windows\system32\amdocl64.dll 2014-11-21 02:32 . 2014-11-21 02:32 40987136 ----a-w- c:\windows\SysWow64\amdocl.dll 2014-11-21 02:31 . 2014-11-21 02:31 65024 ----a-w- c:\windows\system32\OpenCL.dll 2014-11-21 02:31 . 2014-11-21 02:31 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll 2014-11-21 02:29 . 2014-11-21 02:29 7915520 ----a-w- c:\windows\system32\amdhsasc64.dll 2014-11-21 02:29 . 2014-11-21 02:29 6375936 ----a-w- c:\windows\SysWow64\amdhsasc.dll 2014-11-21 02:24 . 2014-11-21 02:24 28354560 ----a-w- c:\windows\system32\atio6axx.dll 2014-11-21 02:19 . 2014-11-21 02:19 23621632 ----a-w- c:\windows\SysWow64\atioglxx.dll 2014-11-21 02:19 . 2014-11-21 02:19 49664 ----a-w- c:\windows\system32\amdmmcl6.dll 2014-11-21 02:19 . 2014-11-21 02:19 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll 2014-11-21 02:18 . 2014-11-21 02:18 127488 ----a-w- c:\windows\system32\mantle64.dll 2014-11-21 02:18 . 2014-11-21 02:18 113664 ----a-w- c:\windows\SysWow64\mantle32.dll 2014-11-21 02:18 . 2014-11-21 02:18 5837312 ----a-w- c:\windows\system32\amdmantle64.dll 2014-11-21 02:17 . 2014-11-21 02:17 367104 ----a-w- c:\windows\system32\atiapfxx.exe 2014-11-21 02:17 . 2014-11-21 02:17 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2014-11-21 02:17 . 2014-11-21 02:17 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2014-11-21 02:16 . 2014-11-21 02:16 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2014-11-21 02:16 . 2014-11-21 02:16 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent"="c:\users\Mason\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-12-11 1381208] "Akamai NetSession Interface"="c:\users\Mason\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280] "puush"="c:\program files (x86)\puush\puush.exe" [2014-11-17 567880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848] "Super-Charger"="c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe" [2013-03-08 506864] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-07-21 3816784] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-14 157480] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-10-15 2694320] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-12-08 55568] "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-10 332016] Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2013-5-7 554496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 cpuz134;cpuz134;c:\users\Mason\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Mason\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 ipadtst;ipadtst;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys;c:\program files (x86)\MSI\Super-Charger\ipadtst_64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 asstor64;asstor64;c:\windows\system32\DRIVERS\asstor64.sys;c:\windows\SYSNATIVE\DRIVERS\asstor64.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [x] S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150107.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150107.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 amdacpksd;ACP Kernel Service Driver;c:\windows\system32\drivers\amdacpksd.sys;c:\windows\SYSNATIVE\drivers\amdacpksd.sys [x] S2 amdacpusrsvc;ACP User Service;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe;c:\program files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x] S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x] S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x] S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NTIOLIB_1_0_3 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-01-07 16:18 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-22 07:26] . 2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07 16:17] . 2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-07 16:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2014-09-26 03:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2014-09-26 03:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2014-09-26 03:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-27 7191768] "MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-04-23 34432] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-10-13 557768] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{430007CC-0FAE-4F6D-90A4-387DB11A7009}: NameServer = 61.9.134.49 61.9.194.49 FF - ProfilePath - c:\users\Mason\AppData\Roaming\Mozilla\Firefox\Profiles\5rvyed00.default\ FF - prefs.js: keyword.URL - hxxps://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=242154&p= . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exe AddRemove-Pixillion - c:\program files (x86)\NCH Software\Pixillion\pixillion.exe AddRemove-Steam App 233250 - g:\steam\steam.exe AddRemove-Steam App 252770 - e:\steam\steam.exe AddRemove-Steam App 265810 - g:\steam\steam.exe AddRemove-Steam App 289130 - g:\steam\steam.exe AddRemove-Steam App 49520 - g:\steam\steam.exe AddRemove-{36BA0E82-2B7D-79E6-9AC9-572294FDA2BB} - c:\programdata\takeshop\1VmxNFKPXCn3XD.exe AddRemove-{6824985F-31D5-9CBE-1EB7-3D7ECDC6356E} - c:\programdata\ccopunok\R4ddgJpY5vr4k0.exe AddRemove-{B81F9CCF-7FCD-416F-893F-5EAA65087A58} - c:\programdata\7save\6xqgaT2jwj3HwC.exe AddRemove-{D238A788-39B6-B97D-A5BA-13FE8E34E03C} - c:\programdata\takesave\p608Ri9rBgNbkg.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-01-10 06:00:18 ComboFix-quarantined-files.txt 2015-01-09 19:00 . Pre-Run: 89,749,798,912 bytes free Post-Run: 89,326,608,384 bytes free . - - End Of File - - FBAA50CEC142C843BEDB6BF15ED75BB7 A36C5E4F47E84449FF07ED3517B43A31