Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possibly malicious site, help! [Solved]


  • This topic is locked This topic is locked

#1
terrorist96

terrorist96

    Member

  • Member
  • PipPip
  • 74 posts
*please someone help me, I'm scared to connect my computer to the Internet until this is resolved*

Hi
Someone tried to get me to click on a link to a site called
accountingnotes dot org forwardslash check dot php
(I purposefully wrote it out like that so no one tries to go to that page)
I didn't click it but then I got it sent to me embedded in a PM.
He then claimed he was downloading my hard drive, but I had already disconnected my computer from the Internet at that point. Can someone please tell me what that site is doing?
I'm on a secondary computer right now and am in the process of downloading OTL and all that other stuff, but in the meantime, can someone figure out if that site is malicious and if so, what it may have done to my computer?
Thanks
I'd also like to know if it is possible for any of my other devices to been infected by that site through the router.
Edit:
I ran MBAM and it didn't find anything in the quick scan but it did find two things in the full scan which I confirmed to be false positives and not related to this.

I also ran Microsoft Security Essentials and it didn't find anything.

I downloaded OTL via my secondary PC (the one I'm using right now), put it onto a flashdrive, put it on my main PC and ran a quick scan; here are the logs for that:

OTL logfile created on: 12/10/2013 9:46:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\QuickSilver\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.89 Gb Total Physical Memory | 8.59 Gb Available Physical Memory | 54.08% Memory free
31.78 Gb Paging File | 23.39 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 52.80 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 578.19 Gb Free Space | 82.76% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive H: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: QUICKSILVER-PC | User Name: QuickSilver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/10 19:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QuickSilver\Desktop\OTL.exe
PRC - [2013/12/05 22:41:41 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/04 10:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/12/04 10:19:31 | 013,464,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2013/12/04 10:10:28 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2013/12/03 22:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/29 10:46:44 | 000,064,008 | ---- | M] (Google) -- C:\Users\QuickSilver\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/10/22 17:38:50 | 001,103,712 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/22 17:29:22 | 000,394,592 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/10/22 17:29:20 | 014,229,344 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
PRC - [2013/06/06 18:22:00 | 001,280,120 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2013/06/06 18:22:00 | 000,614,008 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/20 18:47:04 | 000,368,600 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/03/20 18:47:00 | 000,169,432 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/03/06 14:08:42 | 000,291,128 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 22:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 22:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 22:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 22:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 22:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 22:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/27 18:26:21 | 000,181,760 | ---- | M] () -- C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1120.433.1_0\plugin\ace.dll
MOD - [2013/10/21 08:10:42 | 021,115,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libcef.dll
MOD - [2013/10/21 08:10:26 | 000,133,134 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
MOD - [2013/10/21 08:10:24 | 000,983,054 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
MOD - [2013/10/21 08:10:24 | 000,189,454 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 05:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/11 20:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/04 10:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/11/29 13:40:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/17 23:30:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/06 18:22:00 | 001,280,120 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/22 11:44:56 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/03/20 18:47:04 | 000,368,600 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/03/20 18:47:00 | 000,169,432 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/11/15 18:49:48 | 002,468,496 | R--- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/17 11:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/07/16 00:07:01 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/05/13 15:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/03/29 19:08:44 | 002,211,016 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2013/03/25 14:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/03/20 18:47:02 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/03/20 00:37:48 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/03/20 00:31:42 | 004,534,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/12/27 04:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/12/21 09:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/12/21 09:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/12/21 09:44:10 | 000,020,616 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/12/13 06:35:46 | 001,476,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2012/12/07 17:57:12 | 000,302,224 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/09/07 13:13:36 | 000,318,800 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 83 76 CC A1 7F CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {3738B479-1D1D-471A-8130-349DC2DB6E92}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{3738B479-1D1D-471A-8130-349DC2DB6E92}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.26
FF - prefs.js..extensions.enabledAddons: %7B73007fef-a6e0-47d3-b4e7-dfc116ed6f65%7D:1.1
FF - prefs.js..extensions.enabledAddons: dendzones%40captaincaveman.nl:1.5.4.3
FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418
FF - prefs.js..extensions.enabledAddons: NoiaScrollbars%40ArisT2_Noia4dev:1.2.1
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.4.0
FF - prefs.js..extensions.enabledAddons: 2.0%40disconnect.me:3.9.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\QuickSilver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\QuickSilver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/03 15:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Extensions
[2013/12/05 23:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions
[2013/08/19 01:37:07 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2013/11/26 13:39:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/05 23:36:29 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
[2013/11/26 01:24:02 | 001,041,005 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
[2013/10/22 00:32:31 | 000,083,310 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
[2013/12/02 22:47:06 | 000,061,106 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]_Noia4dev.xpi
[2013/10/30 21:37:31 | 000,095,335 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]_Noia4dev.xpi
[2013/10/25 20:54:33 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
[2013/11/15 14:39:45 | 000,290,572 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013/10/21 21:43:53 | 000,003,771 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
[2013/10/13 20:03:59 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/17 23:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/17 23:30:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://global.hannspree.net/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Docs = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0\
CHR - Extension: YouTube = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: HTTPS Everywhere = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.10.16_0\
CHR - Extension: Hola Better Internet = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.127_0\
CHR - Extension: Mailto: = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.26.0_0\
CHR - Extension: Disconnect Search = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk\1.4.0_0\
CHR - Extension: Referer Control = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin\0.47_0\
CHR - Extension: Disconnect = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.2_0\
CHR - Extension: Aero Trans Brushed Metal Theme = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjdfchjlhkgnfjblhclgaliiccalckf\1.21_0\
CHR - Extension: Hangouts = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1120.433.1_0\
CHR - Extension: Google Wallet = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pig Toolbox (Super Gestures) = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiplkfaidhjklglajdpfehoagkmlcakh\1.0.7.4_0\
CHR - Extension: Gmail = C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [NACAgentUI] C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FD73472-19DB-4033-9A31-BC4E5AF8DD37}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97160860-9289-4C5B-A498-AA305514E10A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (expstart.exe) - C:\Windows\expstart.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2280293e-10bb-11e3-b81a-6c71d99a238e}\Shell - "" = AutoRun
O33 - MountPoints2\{2280293e-10bb-11e3-b81a-6c71d99a238e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/10 21:46:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\QuickSilver\Desktop\OTL.exe
[2013/12/10 17:25:53 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/10 17:25:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/05 23:52:30 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2013/12/03 02:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/12/03 02:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/11/26 01:19:27 | 000,000,000 | ---D | C] -- C:\Users\QuickSilver\AppData\Roaming\MPC-HC
[2013/11/21 00:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013/11/17 23:29:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/13 01:09:05 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/11/13 01:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

========== Files - Modified Within 30 Days ==========

[2013/12/10 21:49:17 | 000,781,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/10 21:49:17 | 000,662,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/10 21:49:17 | 000,122,008 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/10 21:46:29 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/10 21:42:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA.job
[2013/12/10 21:23:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/10 21:00:00 | 000,060,042 | ---- | M] () -- C:\Users\QuickSilver\Network_Meter_Data.js
[2013/12/10 20:20:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/10 19:28:07 | 000,007,172 | ---- | M] () -- C:\Users\QuickSilver\IP_Log_Data.js
[2013/12/10 19:00:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QuickSilver\Desktop\OTL.exe
[2013/12/10 17:42:10 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 17:42:10 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/10 17:37:10 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/12/10 17:36:55 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/10 17:36:36 | 000,341,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 17:36:21 | 4207,362,046 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/10 17:35:08 | 000,000,027 | ---- | M] () -- C:\Users\QuickSilver\AppData\Roaming\Network Meter_Usage.ini
[2013/12/10 17:27:55 | 000,770,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/10 16:17:50 | 000,000,055 | ---- | M] () -- C:\Users\QuickSilver\AppData\Roaming\Battery Meter_Data.ini
[2013/12/10 15:55:39 | 877,500,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/10 15:41:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core.job
[2013/11/17 19:54:17 | 000,000,799 | ---- | M] () -- C:\Users\QuickSilver\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/13 14:44:09 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/13 14:44:07 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/13 14:42:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/12 23:27:00 | 000,002,283 | ---- | M] () -- C:\Users\QuickSilver\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/12/10 17:27:55 | 000,770,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/05 23:22:34 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2013/11/17 19:54:17 | 000,000,799 | ---- | C] () -- C:\Users\QuickSilver\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/11/13 14:44:09 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/13 14:44:07 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/13 01:09:02 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/11/13 01:08:57 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/10/16 20:41:25 | 000,007,172 | ---- | C] () -- C:\Users\QuickSilver\IP_Log_Data.js
[2013/08/25 22:48:50 | 000,000,055 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Battery Meter_Data.ini
[2013/08/14 17:19:09 | 000,003,584 | ---- | C] () -- C:\Users\QuickSilver\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/25 02:28:08 | 000,001,810 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\System Monitor II_CPU0_Settings.ini
[2013/07/21 15:08:52 | 000,007,616 | ---- | C] () -- C:\Users\QuickSilver\AppData\Local\Resmon.ResmonCfg
[2013/07/21 14:32:19 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2013/07/16 00:41:22 | 000,000,715 | ---- | C] () -- C:\Windows\SysWow64\Settings.ini
[2013/07/14 14:43:52 | 000,000,281 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\GPU MeterV2_Settings.ini
[2013/07/13 07:00:00 | 000,060,042 | ---- | C] () -- C:\Users\QuickSilver\Network_Meter_Data.js
[2013/07/13 06:56:02 | 000,000,430 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Weather Meter_Settings.ini
[2013/07/13 06:52:42 | 000,000,027 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Network Meter_Usage.ini
[2013/07/13 06:51:02 | 000,001,222 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Network Meter_Settings.ini
[2013/07/13 06:45:56 | 000,000,842 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Drives Meter_Settings.ini
[2013/07/13 06:43:07 | 000,000,624 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/07/13 06:39:28 | 000,000,261 | ---- | C] () -- C:\Users\QuickSilver\AppData\Roaming\Battery Meter_Settings.ini
[2013/07/13 04:01:19 | 019,586,560 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/07/13 04:01:19 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/07/13 04:01:19 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/07/13 03:53:08 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/07/13 03:53:08 | 000,036,864 | ---- | C] () -- C:\Windows\runSW.exe
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 00:23:59 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\DAEMON Tools Lite
[2013/07/24 00:34:13 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\IrfanView
[2013/11/26 01:19:27 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\MPC-HC
[2013/10/21 16:09:05 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\Opera Software
[2013/10/20 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\Oracle
[2013/10/04 23:44:56 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\Rainmeter
[2013/07/13 23:31:35 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\TeamViewer
[2013/11/20 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\QuickSilver\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >


EXTRAS:

OTL Extras logfile created on: 12/10/2013 9:46:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\QuickSilver\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.89 Gb Total Physical Memory | 8.59 Gb Available Physical Memory | 54.08% Memory free
31.78 Gb Paging File | 23.39 Gb Available in Paging File | 73.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 52.80 Gb Free Space | 44.28% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 578.19 Gb Free Space | 82.76% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.86 Gb Free Space | 100.00% Space Free | Partition Type: FAT
Drive H: | 7.60 Gb Total Space | 7.60 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: QUICKSILVER-PC | User Name: QuickSilver | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{47D67B7C-9F5F-43D7-B5A9-C1235966C804}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A637CF66-5FBE-44B6-BC74-BF683E36193E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E12DEA4-19B5-4C04-86DC-15130104CEDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0E93D718-3C91-437A-B9DF-8DAD657C80C5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{1B60077B-A035-42B2-8E53-1429B9A21275}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2674E03A-4D1F-4652-A190-50F6B5C30232}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{51556255-C241-4A25-97A2-0F8BACF9A757}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{544E037B-BBCC-4B5D-8C78-F08430CD0DF1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6270D268-225E-472E-BEBC-40801EE2FDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{6DCA4AD2-C985-435F-8E0D-952E7409119C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7D40AE05-9DA8-4839-8999-5F9F6A29FEAD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{A3B7FB5D-898B-4212-B724-EAC7E215FD12}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B0532108-E6B1-4C0F-9CF6-55F278DCF746}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{B5245618-E265-49C6-8642-A8A43F77CFDC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{D9149963-8E05-4688-AC8E-B389E5AB5EBD}" = protocol=6 | dir=in | app=c:\users\quicksilver\appdata\roaming\utorrent\utorrent.exe |
"{F39AD0B2-9DE4-4A5E-ACA5-4D09CA40029D}" = protocol=17 | dir=in | app=c:\users\quicksilver\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{BB0B2565-7065-414D-B35C-27C755DCC416}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{FD4E09EC-C07B-4022-B287-349D87CD2DF9}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"Elantech" = ETDWare PS/2-X64 11.10.3.4_WHQL
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}" = REALTEK Wireless LAN Driver
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}" = Realtek PCIE Card Reader
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.1
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{32D39568-3B77-11E3-88CE-00163E98E7D0}" = Evernote v. 5.0.3
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{87BAE092-674B-4633-99FC-F77D5F1D6B62}" = Cisco NAC Agent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-11-27
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 17.0.1241.53" = Opera Stable 17.0.1241.53
"Rainmeter" = Rainmeter
"TeamViewer 9" = TeamViewer 9
"VLC media player" = VLC media player 2.1.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2013 7:51:57 PM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 11/29/2013 1:00:48 PM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 11/30/2013 2:35:51 AM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 11/30/2013 2:35:54 AM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 12/3/2013 1:34:21 AM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 12/3/2013 1:34:22 AM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 12/3/2013 1:34:24 AM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 12/5/2013 7:44:23 PM | Computer Name = QuickSilver-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ytd.exe, version: 4.7.1.1, time stamp:
0x528a7467 Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
0x521ea8e7 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id:
0x35b4 Faulting application start time: 0x01cef0606de80762 Faulting application path:
C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 2a6864e4-5e07-11e3-ab9f-6c71d99a238e

Error - 12/10/2013 3:50:36 PM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

Error - 12/10/2013 3:50:37 PM | Computer Name = QuickSilver-PC | Source = Chrome | ID = 1
Description =

[ System Events ]
Error - 11/5/2013 4:10:17 PM | Computer Name = QuickSilver-PC | Source = DCOM | ID = 10010
Description =

Error - 11/7/2013 2:36:17 AM | Computer Name = QuickSilver-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 11/7/2013 2:46:12 AM | Computer Name = QuickSilver-PC | Source = Service Control Manager | ID = 7000
Description = The WinRing0_1_2_0 service failed to start due to the following error:
%%2

Error - 11/8/2013 2:18:37 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 2:18:37 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 2:18:42 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 2:18:42 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 2:18:44 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 2:18:44 PM | Computer Name = QuickSilver-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 11/8/2013 4:07:35 PM | Computer Name = QuickSilver-PC | Source = Service Control Manager | ID = 7000
Description = The WinRing0_1_2_0 service failed to start due to the following error:
%%2


< End of report >

Edited by terrorist96, 13 December 2013 - 11:26 AM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello terrorist96,

Sorry for the delay.

Now

accountingnotes dot org forwardslash check dot php


I don't know what that is. It doesn't immediately come up in malware data bases that I look at and when I research it I find accounting firms. I don't suppose you use an accounting firm that might have access to your machine?

Moving on

Apart from some Adware nothing serious immediately leaps out at me. Let's have a look with a different tool.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 1

#3
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hi

Thanks for helping me out. No, I don't use an accounting firm. A guy from a forum tried to get me to click on it but when I refused, he embedded to me in a PM and was like, gotcha! And I said what he was doing etc. and he was like just downloading your hard drive.
As soon as i received the PM and saw he had clandestinely embedded the link in there, I immediately disconnected from the Internet and continued talking to him over my phone to see what he was trying to do.

But anyway, that's the back story. So I downloaded Farbar on my secondary computer, put it on a flashdrive and transferred it to my "infected" computer. Ran as admin, and here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by QuickSilver (administrator) on QUICKSILVER-PC on 15-12-2013 16:43:54
Running from C:\Users\QuickSilver\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(AddGadgets) E:\Programs\PCMeter\PCMeterV0.4.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2871632 2012-09-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5672624 2013-03-27] (VIA)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-13] (Google Inc.)
HKCU\...\Winlogon: [Shell] expstart.exe [925184 2013-10-19] () <==== ATTENTION
MountPoints2: {2280293e-10bb-11e3-b81a-6c71d99a238e} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NACAgentUI] - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [614008 2013-06-06] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x818376CCA17FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\QuickSilver\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\QuickSilver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\QuickSilver\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: HTTPS-Everywhere - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]
FF Extension: All-in-One Gestures - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: WOT - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: 2.0 - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]
FF Extension: dendzones - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]
FF Extension: GlassMyFox - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]_Noia4dev.xpi
FF Extension: NoiaScrollbars - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]_Noia4dev.xpi
FF Extension: omnibar - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\[email protected]
FF Extension: stylish - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: prefs - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
FF Extension: Adblock Plus - C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://global.hannspree.net/
CHR RestoreOnStartup: "hxxp://start.toshiba.com", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=072013"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: ( "name": "",) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Extension: (Google Docs) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.4_0
CHR Extension: (YouTube) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (HTTPS Everywhere) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.10.16_0
CHR Extension: (Hola Better Internet) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.2.127_0
CHR Extension: (Mailto:) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf\1.26.0_0
CHR Extension: (Disconnect Search) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk\1.4.0_0
CHR Extension: (Referer Control) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin\0.47_0
CHR Extension: (Disconnect) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.10.2_0
CHR Extension: (Aero Trans Brushed Metal Theme) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjdfchjlhkgnfjblhclgaliiccalckf\1.21_0
CHR Extension: (Hangouts) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1120.433.1_0
CHR Extension: (Google Wallet) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Pig Toolbox (Super Gestures)) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiplkfaidhjklglajdpfehoagkmlcakh\1.0.7.4_0
CHR Extension: (Gmail) - C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1280120 2013-06-06] (Cisco Systems, Inc.)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-16] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1476240 2012-12-13] (Realtek Semiconductor Corporation )
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
R3 WinRing0_1_2_0; \??\C:\Users\QuickSilver\AppData\Local\Temp\tmpD181.tmp [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 16:43 - 2013-12-15 16:44 - 00024621 _____ C:\Users\QuickSilver\Desktop\FRST.txt
2013-12-15 16:42 - 2013-12-15 16:42 - 00000000 ____D C:\FRST
2013-12-15 16:39 - 2013-12-15 15:37 - 01927796 _____ (Farbar) C:\Users\QuickSilver\Desktop\FRST64.exe
2013-12-10 21:46 - 2013-12-10 19:00 - 00602112 _____ (OldTimer Tools) C:\Users\QuickSilver\Desktop\OTL.exe
2013-12-10 17:33 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-10 17:33 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-10 17:33 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-10 17:33 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-10 17:27 - 2013-12-10 17:27 - 00770556 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-10 17:22 - 2013-11-26 07:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-10 17:22 - 2013-11-26 06:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-10 17:22 - 2013-11-26 06:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-10 17:22 - 2013-11-26 06:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 17:22 - 2013-11-26 05:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-10 17:22 - 2013-11-26 05:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-10 17:22 - 2013-11-26 05:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-10 17:22 - 2013-11-26 05:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-10 17:22 - 2013-11-26 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-10 17:22 - 2013-11-26 05:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-10 17:22 - 2013-11-26 05:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-10 17:22 - 2013-11-26 05:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-10 17:22 - 2013-11-26 05:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-10 17:22 - 2013-11-26 05:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-10 17:22 - 2013-11-26 04:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-10 17:22 - 2013-11-26 04:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 17:22 - 2013-11-26 04:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-10 17:22 - 2013-11-26 04:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-10 17:22 - 2013-11-26 04:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-10 17:22 - 2013-11-26 04:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-10 17:22 - 2013-11-26 04:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 17:22 - 2013-11-26 04:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-10 17:22 - 2013-11-26 03:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-10 17:22 - 2013-11-26 03:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-10 17:22 - 2013-11-26 03:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 17:22 - 2013-11-26 03:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-10 17:22 - 2013-11-26 02:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-10 17:22 - 2013-11-26 02:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-10 17:22 - 2013-11-26 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-10 17:22 - 2013-11-26 02:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 17:22 - 2013-11-26 02:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 16:21 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-10 16:21 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-10 16:21 - 2013-11-11 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 16:21 - 2013-11-11 22:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 16:21 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-10 16:21 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-10 16:21 - 2013-10-29 21:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 16:21 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 16:21 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 16:21 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 16:21 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 16:21 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 16:21 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 16:21 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 16:21 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 16:21 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 16:21 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 16:21 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 16:21 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 15:55 - 2013-12-10 15:55 - 00280864 _____ C:\Windows\Minidump\121013-8439-01.dmp
2013-12-05 23:52 - 2013-10-17 11:32 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2013-12-03 02:09 - 2013-12-03 02:09 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2013-11-26 01:19 - 2013-11-26 01:19 - 00000000 ____D C:\Users\QuickSilver\AppData\Roaming\MPC-HC
2013-11-17 23:29 - 2013-11-17 23:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-15 16:44 - 2013-12-15 16:43 - 00024621 _____ C:\Users\QuickSilver\Desktop\FRST.txt
2013-12-15 16:43 - 2013-07-13 04:31 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 16:42 - 2013-12-15 16:42 - 00000000 ____D C:\FRST
2013-12-15 16:41 - 2013-07-26 02:49 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA.job
2013-12-15 16:41 - 2013-07-13 03:45 - 01829770 _____ C:\Windows\WindowsUpdate.log
2013-12-15 16:36 - 2009-07-14 00:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 16:36 - 2009-07-14 00:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 16:32 - 2013-07-26 02:49 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core.job
2013-12-15 16:32 - 2013-07-13 04:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 16:31 - 2013-08-08 17:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 16:31 - 2013-07-16 00:41 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-15 16:31 - 2013-07-16 00:41 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-12-15 16:31 - 2013-07-13 07:00 - 00060151 _____ C:\Users\QuickSilver\Network_Meter_Data.js
2013-12-15 15:37 - 2013-12-15 16:39 - 01927796 _____ (Farbar) C:\Users\QuickSilver\Desktop\FRST64.exe
2013-12-10 22:37 - 2013-08-25 22:48 - 00000055 _____ C:\Users\QuickSilver\AppData\Roaming\Battery Meter_Data.ini
2013-12-10 21:49 - 2009-07-14 01:13 - 00781522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 19:28 - 2013-10-16 20:41 - 00007172 _____ C:\Users\QuickSilver\IP_Log_Data.js
2013-12-10 19:23 - 2013-07-21 14:14 - 00000000 ____D C:\Users\QuickSilver\AppData\Roaming\Skype
2013-12-10 19:00 - 2013-12-10 21:46 - 00602112 _____ (OldTimer Tools) C:\Users\QuickSilver\Desktop\OTL.exe
2013-12-10 17:37 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-10 17:36 - 2013-07-13 04:11 - 00142456 _____ C:\Windows\PFRO.log
2013-12-10 17:36 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 17:36 - 2009-07-14 00:51 - 00033656 _____ C:\Windows\setupact.log
2013-12-10 17:36 - 2009-07-14 00:45 - 00341232 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 17:35 - 2013-07-13 06:52 - 00000027 _____ C:\Users\QuickSilver\AppData\Roaming\Network Meter_Usage.ini
2013-12-10 17:27 - 2013-12-10 17:27 - 00770556 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-10 17:24 - 2013-07-16 00:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-10 17:23 - 2013-07-16 17:51 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-10 17:20 - 2013-07-13 05:42 - 00000000 ____D C:\Windows\system32\MRT
2013-12-10 17:17 - 2013-07-13 04:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-10 15:55 - 2013-12-10 15:55 - 00280864 _____ C:\Windows\Minidump\121013-8439-01.dmp
2013-12-10 15:55 - 2013-10-28 15:43 - 877500012 _____ C:\Windows\MEMORY.DMP
2013-12-10 15:55 - 2013-10-28 15:43 - 00000000 ____D C:\Windows\Minidump
2013-12-09 23:47 - 2013-07-21 14:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-09 23:47 - 2013-07-21 14:14 - 00000000 ____D C:\ProgramData\Skype
2013-12-06 21:13 - 2013-07-16 18:05 - 00000000 ____D C:\Users\QuickSilver\AppData\Roaming\vlc
2013-12-06 19:26 - 2013-07-13 05:13 - 00084984 _____ C:\Users\QuickSilver\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 23:22 - 2013-07-13 21:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-05 22:41 - 2013-07-13 04:31 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 22:41 - 2013-07-13 04:31 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-04 21:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-03 02:09 - 2013-12-03 02:09 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2013-11-29 13:40 - 2013-08-08 17:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-29 13:40 - 2013-08-08 17:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-29 13:40 - 2013-08-08 17:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-29 13:40 - 2013-07-13 21:37 - 00000000 ____D C:\Users\QuickSilver\AppData\Local\Adobe
2013-11-29 13:37 - 2013-08-03 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 15:36 - 2013-07-26 02:49 - 00003914 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA
2013-11-28 15:36 - 2013-07-26 02:49 - 00003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core
2013-11-26 07:54 - 2013-12-10 17:22 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 06:19 - 2013-12-10 17:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 06:18 - 2013-12-10 17:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 06:11 - 2013-12-10 17:22 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 05:48 - 2013-12-10 17:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 05:46 - 2013-12-10 17:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 05:41 - 2013-12-10 17:22 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 05:29 - 2013-12-10 17:22 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 05:27 - 2013-12-10 17:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 05:23 - 2013-12-10 17:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 05:21 - 2013-12-10 17:22 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 05:18 - 2013-12-10 17:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 05:18 - 2013-12-10 17:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 05:16 - 2013-12-10 17:22 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 04:57 - 2013-12-10 17:22 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 04:38 - 2013-12-10 17:22 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 04:38 - 2013-12-10 17:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 04:35 - 2013-12-10 17:22 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 04:32 - 2013-12-10 17:22 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 04:28 - 2013-12-10 17:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 04:16 - 2013-12-10 17:22 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 04:02 - 2013-12-10 17:22 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 03:48 - 2013-12-10 17:22 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 03:32 - 2013-12-10 17:22 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 03:26 - 2013-12-10 17:22 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 03:07 - 2013-12-10 17:22 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 02:40 - 2013-12-10 17:22 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 02:34 - 2013-12-10 17:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 02:34 - 2013-12-10 17:22 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 02:33 - 2013-12-10 17:22 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 02:27 - 2013-12-10 17:22 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-26 01:19 - 2013-11-26 01:19 - 00000000 ____D C:\Users\QuickSilver\AppData\Roaming\MPC-HC
2013-11-23 14:26 - 2013-12-10 16:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 13:47 - 2013-12-10 16:21 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-20 19:42 - 2013-07-16 00:36 - 00000000 ____D C:\Users\QuickSilver\AppData\Roaming\uTorrent
2013-11-19 06:21 - 2013-07-13 04:49 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-17 23:30 - 2013-11-17 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 19:54 - 2013-07-16 00:36 - 00000799 _____ C:\Users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-11-15 17:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache

Files to move or delete:
====================
C:\Users\QuickSilver\IP_Log_Data.js
C:\Users\QuickSilver\Network_Meter_Data.js


Some content of TEMP:
====================
C:\Users\QuickSilver\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\QuickSilver\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\QuickSilver\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\QuickSilver\AppData\Local\Temp\ose00000.exe
C:\Users\QuickSilver\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\QuickSilver\AppData\Local\Temp\vlc-2.1.1-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 20:39

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-12-2013
Ran by QuickSilver at 2013-12-15 16:44:19
Running from C:\Users\QuickSilver\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco NAC Agent (x32 Version: 4.9.3.5)
Cisco PEAP Module (x32 Version: 1.1.6)
Combined Community Codec Pack 2013-11-27 (x32 Version: 2013.11.27.0)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0335)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ETDWare PS/2-X64 11.10.3.4_WHQL (Version: 11.10.3.4)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614)
Fraps (remove only) (x32)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.22.3)
HD Tune 2.55 (x32)
Intel® Management Engine Components (x32 Version: 9.5.0.1428)
Intel® Processor Graphics (x32 Version: 9.18.10.3071)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100)
Intel® Trusted Connect Service Client (Version: 1.27.798.1)
IrfanView (remove only) (x32 Version: 4.36)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Opera Stable 17.0.1241.53 (x32 Version: 17.0.1241.53)
Photo Gallery (x32 Version: 16.4.3508.0205)
Platform (x32 Version: 1.39)
Rainmeter (x32 Version: 3.0.2 r2161)
Realtek Ethernet Controller Driver (x32 Version: 7.67.1226.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.9200.27035)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0201)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 6.11 (x32 Version: 6.11.102)
TeamViewer 9 (x32 Version: 9.0.24482)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)
VIA Platform Device Manager (x32 Version: 1.39)
VLC media player 2.1.1 (x32 Version: 2.1.1)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
YTD Video Downloader 4.7.1 (x32 Version: 4.7.1)

==================== Restore Points =========================

01-12-2013 03:52:33 Windows Update
05-12-2013 06:28:35 Windows Update
08-12-2013 22:06:37 Windows Update
10-12-2013 21:17:20 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {119C77BC-797F-412C-9241-69EE8C15CF44} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {2710771F-72F1-4450-8356-0C2699CFFEA9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {28D03115-EE31-43C7-ADFD-B8F1641B61C5} - System32\Tasks\PCMeter\Startup => E:\Programs\PCMeter\PCMeterV0.4.exe [2013-11-05] (AddGadgets)
Task: {30FB8D62-448F-47CB-8CBD-4A03F8A32A34} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {42B63B93-5370-43A0-B68A-57C87A01A349} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-29] (Adobe Systems Incorporated)
Task: {59AB3D1B-1F12-4B7E-B1A9-F6D431A6DB6B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core => C:\Users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {70C78C92-16AE-4612-9EFD-0C290743EE99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {83ADBC2E-A25A-423D-B6E6-A6E2191AF2F6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {8E983F19-02AA-4681-AF36-8FB2DCB1EFC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA => C:\Users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {985F7147-92B8-4FA6-9F66-EAD8FA6FD304} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {B5E4705C-FF46-4347-A590-6C18A453414C} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {B758CDA4-DCC0-4540-9E40-FB31CAB9D18E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-07-16] ()
Task: {C88B664B-96EA-4596-A66D-EEC41301AFA6} - System32\Tasks\Core Temp Autostart QuickSilver => E:\Programs\Core Temp\Core Temp.exe
Task: {D1D8B0F7-7181-46D2-80D7-08A30DAB6F12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13] (Google Inc.)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core.job => C:\Users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA.job => C:\Users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-13 04:10 - 2012-11-14 18:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-07-13 04:10 - 2012-11-14 18:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-07-13 06:40 - 2013-07-13 06:40 - 00012520 _____ () C:\Users\QuickSilver\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-07-13 06:40 - 2013-07-13 06:40 - 00015080 _____ () C:\Users\QuickSilver\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-07-13 06:40 - 2013-07-13 06:40 - 00014056 _____ () C:\Users\QuickSilver\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2013-10-29 16:45 - 2013-10-29 16:45 - 00798392 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-10-29 16:41 - 2013-10-29 16:41 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2013-10-29 16:44 - 2013-10-29 16:44 - 00368640 _____ () C:\Program Files\Rainmeter\Plugins\NowPlaying.DLL
2013-10-29 16:41 - 2013-10-29 16:41 - 00027136 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2013-10-29 16:41 - 2013-10-29 16:41 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2013-10-29 16:41 - 2013-10-29 16:41 - 00023040 _____ () C:\Program Files\Rainmeter\Plugins\WifiStatus.DLL
2013-10-29 16:41 - 2013-10-29 16:41 - 00014336 _____ () C:\Program Files\Rainmeter\Plugins\SysInfo.DLL
2013-09-26 13:50 - 2013-09-26 13:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2013-09-26 13:49 - 2013-09-26 13:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-10-21 08:10 - 2013-10-21 08:10 - 21115392 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2013-10-21 08:10 - 2013-10-21 08:10 - 00983054 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2013-10-21 08:10 - 2013-10-21 08:10 - 00133134 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2013-10-21 08:10 - 2013-10-21 08:10 - 00189454 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-13 04:08 - 2013-03-20 18:47 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-12-05 17:32 - 2013-12-03 22:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 17:32 - 2013-12-03 22:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 17:32 - 2013-12-03 22:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 17:32 - 2013-12-03 22:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 17:32 - 2013-12-03 22:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 17:32 - 2013-12-03 22:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-11-27 18:26 - 2013-11-27 18:26 - 00181760 _____ () C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2013.1120.433.1_0\plugin\ace.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTWlanE
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 03:50:37 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\81731906-4d71-41b5-b69e-4e4acf8755d6.dmp

Error: (12/10/2013 03:50:36 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\3b37068b-e683-4fb0-afde-1ad9c54ea7b5.dmp

Error: (12/05/2013 07:44:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: ytd.exe, version: 4.7.1.1, time stamp: 0x528a7467
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x35b4
Faulting application start time: 0xytd.exe0
Faulting application path: ytd.exe1
Faulting module path: ytd.exe2
Report Id: ytd.exe3

Error: (12/03/2013 01:34:24 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\de59d7a6-a7bf-4c52-a6e4-04406899adad.dmp

Error: (12/03/2013 01:34:22 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\00dcf9c6-9f5f-49cf-99ac-fa2e97b6fba1.dmp

Error: (12/03/2013 01:34:21 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d9a00929-d3ad-4e54-941e-d6264d8f19be.dmp

Error: (11/30/2013 02:35:54 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c7081be5-393d-467e-b681-26e3eec79696.dmp

Error: (11/30/2013 02:35:51 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c8f2e020-a3a5-4961-ab03-a9584f5edb9a.dmp

Error: (11/29/2013 01:00:48 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ec24bbe7-d58e-4ab3-a26e-dc37bcaf0a71.dmp

Error: (11/27/2013 07:51:57 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0ab00ac8-e491-4ee0-9e0c-fef4170f939c.dmp


System errors:
=============
Error: (12/10/2013 05:37:10 PM) (Source: Service Control Manager) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
%%2

Error: (12/10/2013 03:56:06 PM) (Source: Service Control Manager) (User: )
Description: The WinRing0_1_2_0 service failed to start due to the following error:
%%2

Error: (12/10/2013 03:55:44 PM) (Source: BugCheck) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff960002e3197, 0xfffff8800df08ea0, 0x0000000000000000)C:\Windows\MEMORY.DMP121013-8439-01

Error: (12/10/2013 03:55:43 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:55:00 PM on ‎12/‎10/‎2013 was unexpected.

Error: (12/10/2013 00:29:10 AM) (Source: Schannel) (User: QuickSilver-PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is relay.l.google.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (12/10/2013 00:29:10 AM) (Source: Schannel) (User: QuickSilver-PC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (12/10/2013 00:29:10 AM) (Source: Schannel) (User: QuickSilver-PC)
Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is relay.l.google.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (12/10/2013 00:29:10 AM) (Source: Schannel) (User: QuickSilver-PC)
Description: The following fatal alert was generated: 43. The internal error state is 552.

Error: (12/09/2013 11:04:02 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/09/2013 11:03:58 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 03:50:37 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\81731906-4d71-41b5-b69e-4e4acf8755d6.dmp

Error: (12/10/2013 03:50:36 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.63;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\3b37068b-e683-4fb0-afde-1ad9c54ea7b5.dmp

Error: (12/05/2013 07:44:23 PM) (Source: Application Error)(User: )
Description: ytd.exe4.7.1.1528a7467ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75335b401cef0606de80762C:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\ytd.exeC:\Windows\SysWOW64\ntdll.dll2a6864e4-5e07-11e3-ab9f-6c71d99a238e

Error: (12/03/2013 01:34:24 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\de59d7a6-a7bf-4c52-a6e4-04406899adad.dmp

Error: (12/03/2013 01:34:22 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\00dcf9c6-9f5f-49cf-99ac-fa2e97b6fba1.dmp

Error: (12/03/2013 01:34:21 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d9a00929-d3ad-4e54-941e-d6264d8f19be.dmp

Error: (11/30/2013 02:35:54 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c7081be5-393d-467e-b681-26e3eec79696.dmp

Error: (11/30/2013 02:35:51 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\c8f2e020-a3a5-4961-ab03-a9584f5edb9a.dmp

Error: (11/29/2013 01:00:48 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ec24bbe7-d58e-4ab3-a26e-dc37bcaf0a71.dmp

Error: (11/27/2013 07:51:57 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=31.0.1650.57;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0ab00ac8-e491-4ee0-9e0c-fef4170f939c.dmp


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 16272.61 MB
Available physical RAM: 9685.34 MB
Total Pagefile: 32543.39 MB
Available Pagefile: 24779.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:52.72 GB) NTFS
Drive e: () (Fixed) (Total:698.63 GB) (Free:578.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive h: () (Removable) (Total:7.6 GB) (Free:7.59 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: BCB59CB9)
Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 0C8270FE)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello terrorist96,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 1

#5
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Okay, I downloaded Combofix, transferred it to my other PC, onto the desktop, went into MSE and disabled Real-time protection, ran combofix, after about 30 seconds it gave me a warning telling me MSE is still active (even though I disabled real-time protection), it said click OK to disable them, so I did, but then it gave another warning saying that they are still active but it shall continue and that this is at my own risk..
So, I clicked OK and then a blue cmd window opened and started scanning.
Here is the log:

ComboFix 13-12-13.01 - QuickSilver 12/15/2013 17:24:56.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16273.14138 [GMT -4:00]
Running from: c:\users\QuickSilver\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-11-15 to 2013-12-15 )))))))))))))))))))))))))))))))
.
.
2013-12-15 21:28 . 2013-12-15 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-15 20:42 . 2013-12-15 20:42 -------- d-----w- C:\FRST
2013-12-10 21:33 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-10 21:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-10 21:33 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-10 21:33 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-10 21:33 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-10 21:25 . 2013-12-10 21:25 -------- d-----w- c:\windows\Migration
2013-12-10 21:20 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DEFFDF0-E3F0-41B5-8C15-806B9D0ECB8A}\mpengine.dll
2013-12-09 23:26 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 19:17 . 2013-10-18 17:32 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C37DDC00-EE37-4854-AB56-36FB7C7002E7}\gapaengine.dll
2013-12-06 03:52 . 2013-10-17 15:32 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2013-12-03 06:09 . 2013-12-03 06:09 -------- d-----w- c:\program files (x86)\Combined Community Codec Pack
2013-11-26 05:19 . 2013-11-26 05:19 -------- d-----w- c:\users\QuickSilver\AppData\Roaming\MPC-HC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 21:00 . 2013-07-13 11:00 60173 ----a-w- c:\users\QuickSilver\Network_Meter_Data.js
2013-12-10 23:28 . 2013-10-17 00:41 7172 ----a-w- c:\users\QuickSilver\IP_Log_Data.js
2013-12-10 21:17 . 2013-07-13 08:55 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-29 17:40 . 2013-08-08 21:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 17:40 . 2013-08-08 21:16 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-07-13 08:49 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 18:44 . 2013-11-13 18:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-13 18:44 . 2013-11-13 18:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-13 18:44 . 2013-11-13 18:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-13 18:44 . 2013-11-13 18:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-13 18:44 . 2013-11-13 18:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-13 18:44 . 2013-11-13 18:44 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-13 18:44 . 2013-11-13 18:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-13 18:44 . 2013-11-13 18:44 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-13 18:44 . 2013-11-13 18:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-13 18:44 . 2013-11-13 18:44 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-13 18:44 . 2013-11-13 18:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-13 18:44 . 2013-11-13 18:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-13 18:44 . 2013-11-13 18:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-13 18:44 . 2013-11-13 18:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-13 18:44 . 2013-11-13 18:44 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-13 18:44 . 2013-11-13 18:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-13 18:44 . 2013-11-13 18:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-13 18:44 . 2013-11-13 18:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 18:44 . 2013-11-13 18:44 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-13 18:44 . 2013-11-13 18:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-13 18:44 . 2013-11-13 18:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-13 18:44 . 2013-11-13 18:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-13 18:44 . 2013-11-13 18:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-13 18:44 . 2013-11-13 18:44 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-13 18:44 . 2013-11-13 18:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-13 18:44 . 2013-11-13 18:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-13 18:44 . 2013-11-13 18:44 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-13 18:44 . 2013-11-13 18:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-13 18:44 . 2013-11-13 18:44 413696 ----a-w- c:\windows\system32\html.iec
2013-11-13 18:44 . 2013-11-13 18:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 18:44 . 2013-11-13 18:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-13 18:44 . 2013-11-13 18:44 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-13 18:44 . 2013-11-13 18:44 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-13 18:44 . 2013-11-13 18:44 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-13 18:44 . 2013-11-13 18:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-13 18:44 . 2013-11-13 18:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-13 18:44 . 2013-11-13 18:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-13 18:44 . 2013-11-13 18:44 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-13 18:44 . 2013-11-13 18:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-13 18:44 . 2013-11-13 18:44 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-13 18:44 . 2013-11-13 18:44 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-13 18:44 . 2013-11-13 18:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-13 18:44 . 2013-11-13 18:44 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-13 18:44 . 2013-11-13 18:44 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-13 18:44 . 2013-11-13 18:44 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-13 18:44 . 2013-11-13 18:44 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-13 18:44 . 2013-11-13 18:44 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-13 18:44 . 2013-11-13 18:44 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-13 18:44 . 2013-11-13 18:44 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-13 18:44 . 2013-11-13 18:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-13 18:44 . 2013-11-13 18:44 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-13 18:44 . 2013-11-13 18:44 235520 ----a-w- c:\windows\system32\url.dll
2013-11-13 18:44 . 2013-11-13 18:44 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-13 18:44 . 2013-11-13 18:44 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-13 18:44 . 2013-11-13 18:44 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-13 18:44 . 2013-11-13 18:44 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-13 18:44 . 2013-11-13 18:44 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-13 18:44 . 2013-11-13 18:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-13 18:44 . 2013-11-13 18:44 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-13 05:08 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-19 22:36 . 2013-07-21 18:32 925184 ----a-w- c:\windows\expstart.exe
2013-10-18 17:32 . 2013-07-17 07:13 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-14 22:00 . 2013-11-13 18:45 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-10-12 02:30 . 2013-11-13 18:40 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 18:40 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 18:40 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 18:40 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 18:40 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 11:50 . 2013-10-19 01:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-13 18:40 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 18:40 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 18:40 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 18:40 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 18:40 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 18:40 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 18:40 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 18:40 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 18:40 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 18:40 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-10-02 02:22 . 2013-11-13 18:43 56832 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-10-02 02:11 . 2013-11-13 18:43 13824 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-10-02 02:08 . 2013-11-13 18:43 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-10-02 01:48 . 2013-11-13 18:43 56832 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-10-02 01:48 . 2013-11-13 18:43 18944 ----a-w- c:\windows\system32\wksprtPS.dll
2013-10-02 01:29 . 2013-11-13 18:43 62976 ----a-w- c:\windows\system32\tsgqec.dll
2013-10-02 01:10 . 2013-11-13 18:43 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-10-02 00:15 . 2013-11-13 18:43 1057280 ----a-w- c:\windows\system32\rdvidcrl.dll
2013-10-02 00:14 . 2013-11-13 18:43 50176 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2013-10-02 00:14 . 2013-11-13 18:43 17920 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2013-10-02 00:08 . 2013-11-13 18:43 83968 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-10-02 00:01 . 2013-11-13 18:43 420864 ----a-w- c:\windows\system32\wksprt.exe
2013-10-01 23:58 . 2013-11-13 18:43 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-10-01 23:31 . 2013-11-13 18:43 1147392 ----a-w- c:\windows\system32\mstsc.exe
2013-10-01 23:08 . 2013-11-13 18:43 855552 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-03-06 291128]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2013-06-06 614008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\QuickSilver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-22 1103712]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-10-22 394592]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\QuickSilver\AppData\Local\Temp\tmpD181.tmp;c:\users\QuickSilver\AppData\Local\Temp\tmpD181.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 21:31 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 17:40]
.
2013-12-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-07-16 04:41]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 08:31]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 08:31]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000Core.job
- c:\users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-26 08:31]
.
2013-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3921488435-3812560929-2914755584-1000UA.job
- c:\users\QuickSilver\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-26 08:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 441840]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2013-03-27 5672624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-21 21:43; {73007fef-a6e0-47d3-b4e7-dfc116ed6f65}; c:\users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi
FF - ExtSQL: 2013-10-22 00:32; [email protected]; c:\users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
FF - ExtSQL: 2013-10-25 20:54; [email protected]; c:\users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\QuickSilver\AppData\Local\Temp\tmpD181.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-15 17:31:04
ComboFix-quarantined-files.txt 2013-12-15 21:31
.
Pre-Run: 58,299,912,192 bytes free
Post-Run: 58,531,295,232 bytes free
.
- - End Of File - - A38D8F79944B685F51265F5B0300E4D3
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

but then it gave another warning saying that they are still active but it shall continue and that this is at my own risk..


Yes nowadays AVs work so deep that even when they are disabled they are still working away deep down.

Now

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post
  • JRT.txt
  • AdwCleaner log

  • 1

#7
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Looks like these programs don't like Youtube downloader lol

And seems like they deleted my preferences for Chrome and FF
And it removed my custom Start button logo I had.
And my desktop gadgets won't load and when I right click and go to gadgets, nothing happens

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by QuickSilver on Sun 12/15/2013 at 16:49:57.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/15/2013 at 16:58:12.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v3.015 - Report created 15/12/2013 at 17:00:01
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : QuickSilver - QUICKSILVER-PC
# Running from : C:\Users\QuickSilver\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\QuickSilver\AppData\Roaming\Mozilla\Firefox\Profiles\8ahrhvhc.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\QuickSilver\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1145 octets] - [15/12/2013 16:58:39]
AdwCleaner[S0].txt - [1074 octets] - [15/12/2013 17:00:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1134 octets] ##########

Edited by terrorist96, 15 December 2013 - 04:05 PM.

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Download Dr.Web CureIt .
  • Doubleclick the drweb-cureit.exe file to open it.
  • A window will open offerring a choice of EPM or Standard Mode
  • Chose EPM
  • A license and updates window will appear. If necessary update, otherwise go to the wrench at the top right and check the box Automatically apply actions to threats.
  • Check the box "I agree to participate..." and click Continue
  • You will not be able to use your computer until the scan is finished. It generally takes only a short time say... around 15/20 mins.
  • Dr Web will scan your computer. When finished close Dr Web.
  • A report is saved to C:\users\....\Doctor Web named cureit.log. Copy and paste the contents back here (Note: if it is too big just attach it).

  • 1

#9
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
So if it needs to update, then I'll have to connect to the Internet on my main PC.

It never asked me about EPM mode.

Attached Files


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
That looks clean.

Not much more I can do. Depending on what you think we will go to clearing away the tools we have been using at next post.

Couple of thoughts:

he embedded to me in a PM


So did that just come on the forum site or did you download to your machine?

And I said what he was doing etc. and he was like just downloading your hard drive.


I take it he was telling you he was downloading a copy of what was on your hard drive? If he didn't get access to your machine do you think he might have been "conning" you?

I also see TeamViewer on your machine. That can be hijacked and used to access a computer, do you think that may have been a target?
  • 1

Advertisements


#11
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Yeah, it was embedded in a PM on bitcointalk forum site. It was just a white box that looked like it hadn't loaded or something. I right clicked on it and selected copy url and pasted it in a notepad and saw it was the link that he was trying to get me to click on. Nothing was downloaded onto my machine as far as I know.
Is there anyway you can analyze that link in a virtual machine to see what it does when someone accesses it? And because it's a php link, it just makes me more paranoid at what it may have done when it was loaded in the PM.
I don't know what his intentions were. He may have just been saying that to scare me. I don't think Teamviewer was the target.
Honestly, I think he may have been trying to download a copy of a bitcoin wallet but the computer I was using at the time didn't have bitcoin installed so he wouldn't have gotten anything anyway. I'm also paranoid that whatever was in that link could also be used to bounce between the router and go onto other computers/devices on the LAN.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello terrorist96,

Is there anyway you can analyze that link in a virtual machine to see what it does when someone accesses it? And because it's a php link, it just makes me more paranoid at what it may have done when it was loaded in the PM.


Here are some links for malware analysis that may be of interest.

Link for general file analysis:

https://malwr.com/submission/

Link for analysis of threats:

http://www.threattra...e-analysis.aspx

Link to an Url Analyzer. Checks potential malicious URLs by analysing the browser's behavior:

http://url-analyzer.net/

It would be an interesting exercise to ask your anti-virus provider for their views.

Link to Microsoft Security Essentials help:

http://support.microsoft.com/ph/15931

I'm also paranoid that whatever was in that link could also be used to bounce between the router and go onto other computers/devices on the LAN.


Not much you can do about that.

Now

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Step 3

To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Any remaining tools may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
terrorist96

terrorist96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hey

So I checked out your sites and only the third one allows for URL analysis. This is the result:
http://url-analyzer.net/analysis/435
http://url-analyzer....435/4580/0/html

What do you think? Anything strange?

Trying to uninstall combofix, it was trying to run the scan again and it told me there was a new version. I had to close out of it before it tried to run again and then it said it was uninstalled.
Everything else was uninstalled fine.

So, is it okay to reinstalled YouTube Downloader?

Also, that CrypoLocker virus sounds terrifying.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

What do you think? Anything strange?


I really don't know too much about those analysis but I am thinking that they are saying it looks suspicious.

Trying to uninstall combofix


Sometimes happens. Usually because the uninstall instruction is not followed exactly and ComboFix thinks you want to run it again.

Did you copy and paste this part exactly?

Combofix /Uninstall

Note the gap it should be there.

If you still have trouble just move on to the OTL CleanUp and it should take care of it for you.

So, is it okay to reinstalled YouTube Downloader?


Depends, some YouTube Downloaders are okay and some bring malware with them.

Also, that CrypoLocker virus sounds terrifying.


Not very friendly is it. :ph34r:
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Further to my last post.

I have just tested the YouTube Downloader one.

If you do download it make sure you decline the browser helper, backup and weather options otherwise we will probably see you back here needing help again. :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP