Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.TMP files in CHrome User Data Folder [Solved]


  • This topic is locked This topic is locked

#1
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Member
  • PipPipPip
  • 401 posts

I am uncertain if this is malware related but don't think there are supposed to be .tmp files in the Google Chrome User Data folder. Maybe I am wrong and just paranoid. I know malware can spawn files with randomized names to make detection more difficult so when a google search for the files names didnt turn up any immediate results (that I trusted enough to click on), I decided to come here. There should be a .jpg attached showing the files in the chrome user data folder so you can see file names and details.

 

Reason I found these is because chrome will not open, or does so intermittently. I have uninstalled using revo uninstaller and reinstalled (after a reboot) but get the same symptom - an APPCRASH dialog with the following text:

 

Problem signature:

Problem Event Name: APPCRASH

Application Name: chrome.exe

Application Version: 35.0.1916.114

Application Timestamp: 53726019

Fault Module Name: chrome.dll

Fault Module Version: 35.0.1916.114

Fault Module Timestamp: 53725d18

Exception Code: c0000005

Exception Offset: 00728bc8

OS Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

Additional Information 1: 0a9e

Additional Information 2: 0a9e372d3b4ad19135b953a78882e789

Additional Information 3: 0a9e

Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

 

I have MBAM Pro and Microsoft Security Essentials running on my system, both updated. neither picked up anything. I submitted a couple of the TMP files to VirusTotal.com which came up negative for malware. I do not see any .tmp files running in the system processes tab of task manager, though there are a couple other processes that i either don't know what they are or seem somewhat suspect.

 

OTL log below

OTL logfile created on: 5/22/2014 10:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SomeCrazyStuff\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.99 Gb Total Physical Memory | 9.19 Gb Available Physical Memory | 76.60% Memory free
23.98 Gb Paging File | 20.79 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1579.24 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 558.81 Gb Total Space | 182.83 Gb Free Space | 32.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.63 Mb Free Space | 71.64% Space Free | Partition Type: NTFS
 
Computer Name: CUSTOMDESKTOP | User Name: SomeCrazyStuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/22 22:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
PRC - [2014/05/13 18:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/07 20:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/04/12 22:16:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/02 20:19:15 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/01/22 14:05:52 | 000,106,496 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/01/22 13:44:22 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2014/01/20 21:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/21 06:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/03 05:25:00 | 000,038,288 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
PRC - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
PRC - [2010/10/29 12:09:00 | 000,139,264 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2010/08/03 10:44:28 | 000,858,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2010/08/03 10:44:16 | 000,498,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
PRC - [2010/08/03 10:43:32 | 000,850,504 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2010/08/03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010/05/06 17:37:46 | 009,921,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/04/29 16:20:10 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/04/26 21:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/02/10 15:46:40 | 000,697,640 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2010/01/19 01:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
PRC - [2009/11/05 22:32:04 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/11/02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 14:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files (x86)\amBX\System\amBX_Service.exe
PRC - [2009/07/13 20:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/02/13 11:08:50 | 002,559,823 | ---- | M] (amBX) -- C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
PRC - [2008/09/30 11:47:30 | 000,047,616 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/22 21:45:44 | 000,041,984 | ---- | M] () -- c:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpso4fx_.dll
MOD - [2014/05/22 21:45:40 | 000,053,248 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Temp\2042wrd.~lk\3848fspext.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 22:42:50 | 003,610,624 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/07/03 05:24:24 | 000,151,408 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/09 11:52:26 | 033,735,976 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll
MOD - [2010/02/08 18:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/22 11:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 11:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 11:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008/12/10 21:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/10/23 18:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 18:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/22 14:10:58 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/21 12:39:14 | 000,564,416 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/09 14:30:43 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/12 22:16:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/01/22 13:44:22 | 007,393,280 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2014/01/20 21:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/25 15:02:23 | 004,795,672 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/06/21 06:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe -- (amBX Saitek HAL Service)
SRV - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 14:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/21 11:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files (x86)\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/22 21:50:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/12/27 13:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/09/27 10:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/30 11:55:32 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2013/04/30 11:55:32 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2013/04/04 11:33:50 | 000,051,496 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ymidusbx64.sys -- (YMIDUSBW)
DRV:64bit: - [2013/02/25 00:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/10 16:07:30 | 000,176,136 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0DC5.sys -- (SaiK0DC5)
DRV:64bit: - [2010/08/27 12:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/04/26 20:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/26 20:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/04/07 03:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/07 15:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/10/07 15:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009/09/24 18:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/14 15:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/07/28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/01 12:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/01/19 17:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2013/12/02 01:23:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 2A 7A 3F 6F 74 CF 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {35437C12-E54F-40c3-BF79-468EB8C65DA8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33F1B3D0-B103-482c-8428-5AF918134BBF}: "URL" = http://www.google.co...&q={searchTerms}
IE - HKCU\..\SearchScopes\{35437C12-E54F-40c3-BF79-468EB8C65DA8}: "URL" = http://search.yahoo....icevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/12/02 01:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement Web App = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Google Docs = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tabs Outliner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl\0.4.78_0\
CHR - Extension: SparkChess 7 = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\7.0.0_0\
CHR - Extension: TouristEye Planner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Evernote Web = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.8_0\
CHR - Extension: zen temple = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee\1_0\
CHR - Extension: Google Wallet = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Picky Wallpapers = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: klekr = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\opljjfbgbkjjjgdhbocfakafilegppbl\1.0.0_0\
CHR - Extension: Edgeworld = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.1.3_0\
CHR - Extension: Gmail = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4:64bit: - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe (amBX UK Ltd.)
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [KeePass Password Safe 2] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54C0AC9A-94BD-4D39-BCFB-DB348B4079D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAC60A3E-A6A2-4F6C-8530-C617481A1A78}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Setup\setup.exe
O33 - MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102}\Shell - "" = AutoRun
O33 - MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102}\Shell\AutoRun\command - "" = I:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102}\Shell - "" = AutoRun
O33 - MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102}\Shell\AutoRun\command - "" = E:\eTflash.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/22 22:02:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
[2014/05/22 21:47:56 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/22 21:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/22 21:47:39 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/22 21:47:39 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/22 21:47:39 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/22 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\YAMAHA
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
[2014/05/22 14:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YAMAHA
[2014/05/22 14:17:36 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
[2014/05/22 14:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2014/05/22 14:13:59 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
[2014/05/22 13:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\amBX
[2014/05/22 13:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
[2014/05/22 13:52:49 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
[2014/05/22 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartTechnology Profiles
[2014/05/22 13:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2014/05/22 13:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2014/05/22 13:50:14 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2014/05/21 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LeapFrog
[2014/05/21 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/15 17:24:16 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
[2014/05/09 14:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 22:02:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Desktop\OTL.exe
[2014/05/22 21:52:32 | 000,020,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:52:32 | 000,020,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 21:50:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/22 21:50:01 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/22 21:50:01 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/22 21:50:01 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/22 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 21:45:44 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/22 21:45:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/22 21:45:21 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/22 21:39:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 21:34:07 | 000,001,262 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014/05/22 14:05:03 | 000,002,249 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/22 14:00:51 | 000,001,118 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2014/05/22 13:59:45 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2014/05/22 13:55:19 | 000,001,814 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2014/05/21 15:50:07 | 000,001,447 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/16 20:49:19 | 000,002,120 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/15 17:24:18 | 000,001,075 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/22 14:10:58 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 13:59:45 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2014/05/22 13:55:19 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2014/05/22 13:54:56 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2014/05/21 17:34:40 | 000,002,249 | ---- | C] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/21 17:34:17 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/21 17:34:17 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/12 22:16:28 | 000,291,760 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/12 22:16:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/12/02 02:46:24 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/02 02:22:59 | 000,000,017 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Local\resmon.resmoncfg
[2013/12/02 01:36:08 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2013/12/02 01:36:08 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013/12/02 01:36:05 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013/12/02 01:36:05 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013/12/02 01:14:18 | 000,047,174 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/12/02 01:12:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/12/02 01:12:16 | 000,034,051 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/13 20:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 20:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/02 06:05:42 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\amBX_Events
[2014/03/02 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\com.ynab.YNAB4.LiveSteam
[2013/12/02 03:18:22 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Curse Advertising
[2014/05/22 21:45:51 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox
[2014/05/15 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
[2013/12/02 03:36:52 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\FastCopy
[2014/05/22 21:44:15 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\KeePass
[2014/03/13 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Origin
[2014/03/27 08:36:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\ProcessLasso
[2014/04/05 19:10:27 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Rainmeter
[2014/03/12 23:51:41 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\RIFT
[2013/12/02 03:18:57 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\SoftGrid Client
[2014/04/07 22:52:39 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify
[2014/03/20 09:46:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Stardock
[2013/12/02 02:52:26 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Thunderbird
[2013/12/02 02:49:37 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\TP
[2014/03/04 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\wc3270
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

 

 

OTL-Extras log:

 

OTL Extras logfile created on: 5/22/2014 10:03:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SomeCrazyStuff\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
11.99 Gb Total Physical Memory | 9.19 Gb Available Physical Memory | 76.60% Memory free
23.98 Gb Paging File | 20.79 Gb Available in Paging File | 86.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863.01 Gb Total Space | 1579.24 Gb Free Space | 84.77% Space Free | Partition Type: NTFS
Drive D: | 558.81 Gb Total Space | 182.83 Gb Free Space | 32.72% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.63 Mb Free Space | 71.64% Space Free | Partition Type: NTFS
 
Computer Name: CUSTOMDESKTOP | User Name: SomeCrazyStuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9E6B30-DEC6-407B-9C23-254B118D4747}" = rport=445 | protocol=6 | dir=out | app=system |
"{15F3C85E-8E70-4CC9-8DD4-C71734183763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BF598A4-EC6C-46CB-AE59-7FB4D3349C28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2B5562B9-FBE6-474F-AAF6-FF4712006770}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{2FA12286-860C-4E94-A44C-753F7302D2CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{555DD3CA-0AD1-4B4C-8CE9-19863E572778}" = lport=138 | protocol=17 | dir=in | app=system |
"{57ADAE28-C17C-4321-B24E-18C1B029336E}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{59B4D957-D343-4711-8B30-89C5499B8589}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DF1E7DA-C7E2-438F-8AC3-49ADEEC22EF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FB710FD-578B-4F6F-9F1F-CE667E48D956}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A296D91-9601-4113-9ACE-0161347AF19E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{71991BF5-4B97-403B-A34A-3FAF31DCB147}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{76E06739-CFD1-4F82-B1A1-49055819F402}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{90CD9564-6D40-4424-83F3-0F59CB6A5A65}" = rport=139 | protocol=6 | dir=out | app=system |
"{96A4CA0F-BF14-49B4-857D-8BEDEFCD9FB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7299BFE-672E-48E5-A365-0BB0F9B9437F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AB727818-0C0E-4E9C-AD5D-C6FB11E69D1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2D2A800-F0C2-4486-B424-D92DB14FFCF5}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B4A2FBBD-F6D5-4B1C-8F7F-77782FDB8697}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C0C000CA-F4EA-431B-AE3C-E3E920FE69DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{C2C1A1D2-2CE9-4646-918B-9440F850B515}" = rport=137 | protocol=17 | dir=out | app=system |
"{C4A90DBC-C4F3-4E8E-B5A2-F32AA74BD3EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4D6E5AD-4CB8-4991-AC78-2EC20BBA7429}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C89441CF-8AA1-4036-9305-9B9814AC892E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E3320401-39A2-40DA-9F3B-1E511F09DF37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F05F5279-DF1C-420B-9242-B4BBBB00A83C}" = rport=138 | protocol=17 | dir=out | app=system |
"{F31A62DD-D8A3-4DA0-9B7C-5075471082E2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F5302835-D6FA-4AAD-87AD-82FF264C19FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0040E2F6-BF79-4463-A64D-04A3FA9DEDFE}" = protocol=58 | dir=in | [email protected],-28545 |
"{050DCCBE-62FD-4D67-B348-254A8CA59458}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{07C931BA-B8B0-4186-B7D0-0B0BD50BAAEF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{093EF7E9-B745-4B78-BE16-001B87C34D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
"{0B1BD880-6797-4C1C-BA1E-3AEBE5B89EE6}" = protocol=1 | dir=out | [email protected],-28544 |
"{107018BB-E3E0-4032-95EF-E373A6547484}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{14EBF333-F6DA-4030-A432-245B9F1FC750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1782EAB6-3AAD-4246-8BEB-6780645A6462}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1793C6F6-9833-4736-AF70-7F86EFBD1979}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1862DC17-AC19-4985-90D0-A1038BCCA899}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{19B5DE75-A38F-4BC1-B726-652CB50365B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{19B7700C-0C11-4B0C-BAFC-A5FED690B0C4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{19FCECE4-0E28-4FB8-9BF0-F3445C1FACC1}" = protocol=58 | dir=out | [email protected],-28546 |
"{2042A848-D50A-4402-A317-D7A5A8C8FA9B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{22BB9ED9-0362-4623-8B92-389C10B46E5E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{22DA7BFB-03D8-4B0E-9AA4-DCEB8635657C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{238523A2-6D73-4B5D-80DD-2C0BA4C8A109}" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"{2621B544-F4FC-4151-B606-8C099161E104}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{294D7A99-707F-41DB-8002-E383D9210A6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2C61C78F-7733-43C0-9122-BF05E3FE5A49}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{2CDE0061-1757-4788-8B6E-82CE9C760814}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2E28876A-9B2C-4882-B3B3-9D93A907DA3A}" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\local\apps\2.0\mdaq3tc9.6z2\dwer0naj.1qo\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{30068592-881B-4838-9824-654CA38D5F7E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{34070654-7F2F-4388-926D-4868D8BC3789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{367AC547-1054-48A0-ADE7-6A921A393FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\symphony\symphony.exe |
"{382E1CA2-CA32-4BC0-9B8C-C190262E3E62}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{385D9C89-4BBC-4585-9C61-BDEBFAFACC7C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{38769E53-FEF5-4262-88B6-248C9000FC46}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38C82D21-D67C-4D67-86AF-3B35D9CEEA17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{3BCE4518-4BA9-4056-AAF1-FFB4F673EFA6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{3E3C0EAA-DA66-436C-91A3-B223C76AD4FB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{40F3B3D8-4EC2-453E-8733-6BA789391B5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe |
"{41BD2C1F-6026-4B9A-8546-656DDC9586AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebin\sporeapp.exe |
"{43C1CE31-8AFB-488E-8010-FF5C19DC5938}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46860955-3BE0-437E-BFE5-B968318BE391}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{47C202B4-2DCB-4557-8819-C5E66CB08AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{4C679E4C-9905-4B14-BEF7-B08410EFAEEB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{4E0842DC-A8A5-4293-AC7D-F7DF8F892ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{4E4C6445-4A99-462F-BF6D-AB02E28CF0A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4FE3FB1C-F129-4ACE-BC2B-58A17BBD243C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50683A92-B618-4165-8C2F-2C4282409E45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{515FEED6-C17C-43FA-A916-DB1BB37437C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{51FD1AE9-4F2B-4601-8E69-CD1E195253C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{528B417B-F3D9-4393-A8B7-7A0453D3B93D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{562802A3-3CF8-46EE-95CE-9590EA71298D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{5806EA88-E043-4A6A-943F-51787B1D0D44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FB72655-5DA4-4986-85C2-3FAD98B889CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{62BD3435-2364-423D-8B83-C9061E3ABE8A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{62C92253-DD07-4E38-8C4D-73A1B2EC442E}" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\local\apps\2.0\mdaq3tc9.6z2\dwer0naj.1qo\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\curseclient.exe |
"{64C1641D-0E2D-4680-A7AB-908D0239DFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{67AFE04D-2334-4F7D-9901-06D8B80C1B7E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{68BF8909-443B-4823-93CB-DA66D24700E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{6E68442F-ECAB-456C-B904-DA2387223C73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{708CBD31-D624-46EB-8659-411DB718FA92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{719F89EA-8F51-4F97-ACF8-4CFFADD89084}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outlast\outlastlauncher.exe |
"{724B14A0-2C35-4395-B3F6-BB4AE0BD381B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{784033B7-E552-4D27-9A21-345052034DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7B5A8486-0A8E-4795-844E-1FBF24B6DCFC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{7C7A434C-752C-413A-8428-99105EFF0767}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7DAC0B8D-A537-402C-B2F3-1F73D060A373}" = protocol=1 | dir=in | [email protected],-28543 |
"{7DF6CD62-9630-401B-B74D-4DAA05D36A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7FAA2CE9-7F84-4630-A8A8-2F478D4F982D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebinep1\sporeapp.exe |
"{84554C99-7035-4FC6-B768-449BD4CE239F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A65CD50-940B-499E-954F-BB146D73ED5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{8B652305-2DF9-4F8B-B3DC-64A3869C43F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8C4FBA98-D8D4-432A-B605-83030BB838DF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{91A5FFEA-9D1F-4C18-92F3-1945AD949776}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9264DFFE-7812-4F32-98F9-647371D911E8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{957DE6FA-5C74-4C36-BA8D-0A4925F6D29E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{96AA187D-C71B-49D3-A06D-1FEC63BDE50F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96CDDB4D-EB29-4426-84E1-A8BEF4EE17A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tower wars\tw.exe |
"{9755F215-57A8-49B2-9E2C-EEB9364725C1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{97B5EBF4-925B-4BFC-A431-1AA30759D676}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{9939113B-8CDC-488E-8F70-4AA16525CBFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99E3B129-0CE7-458B-85EC-82E6BABCBD3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BE8A9AB-545E-4FD2-9F4A-A4CC458575D9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9DD7738C-2490-411C-837C-F816A9018C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{A9971D42-2D79-48AB-92BC-7EA2677346A7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{AAAA8CEE-F6C0-4A3F-AA1F-CF4DC963D618}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE49AF10-420A-4162-BCA8-1599B5A2CF46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF1038C3-02D5-4FFA-BADA-1877D4AB2406}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B275E32F-2F2F-46CE-9C28-E91AE802BA39}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B314A336-D694-49E2-8ED2-B21DB1FA39CC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\sporebin\sporeapp.exe |
"{B34D4B95-754C-4183-BC24-E3627F1590CA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{B3CBCE4C-8F0F-49DA-B272-D958FBB98FFD}" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"{B4DCD0C0-BFBF-4031-BAF1-7B4C4E410F71}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B5429B74-33B8-4D05-87FA-D52288109275}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{B86B85C5-683D-4622-9EFA-C1FC6D01BE31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\runme.exe |
"{B917F70D-FB64-44C8-AC51-8AAC4CD0DE76}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BC7573CF-3F0A-4F25-8A83-D60439778BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\symphony\symphony.exe |
"{C0F5708B-8663-4705-B47E-4644B081ABB3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2A29AE1-4B9F-4731-93B8-22C546FD952E}" = protocol=6 | dir=out | app=system |
"{C2D61113-A7DD-4596-B214-F13859EA4A27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{C3AF3FE9-562C-49B2-95B9-0D8D66DB9019}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe |
"{C5352A52-5A9E-45D8-84E0-6928A1589F03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\democracy 3\democracy3.exe |
"{C5A773BF-B554-4F8F-93EF-10212A58DB16}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{C8CF76BC-FC22-4119-A25A-411F3A24C345}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CB979EB3-4998-4285-9AA1-2ECC601986F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spore\support\ea help\electronic_arts_technical_support.htm |
"{CC1D3751-5EC6-43CB-B866-0F9D5B4E1BC2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{CE2DE377-00F7-4B0B-9958-21C1435326EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{D2A51693-40A7-4E8E-A2FB-0F6BBE4BB352}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D5A92C2E-BCF0-4A06-9ECC-52994E91B5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\launcher.exe |
"{D67AD15C-6EF2-4DBC-8760-D5A9FB1A86EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D81AA8BC-ED05-408C-9F27-E0889B6CD1E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ynab 4\ynab 4.exe |
"{DEF2D66E-CBBF-42D0-A56A-E74696A059F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{E225E97B-8584-4902-93C1-EF6D004F0F42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\nza\bin\nza.exe |
"{E4083C19-5FF8-49BD-B620-25DD2EE7D781}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5AFA935-2BE2-40D8-BA9A-2F8BB60E6FB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{ED39D1C0-1109-4E30-B1FC-23DB744066C3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{F1D5AA5A-D5AC-444B-9542-2AB5BDEC615E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F2066656-D3E4-4399-89E7-ECC88660B115}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F2D2D942-B9CA-4BE2-84CD-9B968AB5061C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\outlast\outlastlauncher.exe |
"{F330D9B0-AEB9-4AC2-A46B-2CB1E5D7BA11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F3EB352A-0BEE-4D92-9017-9646C7852083}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{F453CA40-9B78-4B13-8AE5-99666F6E5BDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F6049E6C-3042-4665-9ADA-0255C9C739ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe |
"{F68DD97F-66F1-4EFF-80D1-25288A70F7C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F87AFABD-CE69-4AEC-8FAA-C62FFA8637DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDD00DDD-54E0-4304-850F-EFD43656703E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"TCP Query User{026D9B77-7801-4648-BF7F-BEF45E148A4F}C:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{394A0229-4C6E-4D29-A6E9-50FEFD0F7E8D}C:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe |
"TCP Query User{70E69D50-95A1-4E37-8CD5-185766A256D4}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"TCP Query User{E3626687-8DDD-48C1-9E06-78B9C65604E2}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe |
"TCP Query User{ED294C8C-5DFC-494A-8C66-43E9E70E4BB6}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{0AA170AF-8D05-40FA-9F44-851EA6F7B19C}C:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\spotify\spotify.exe |
"UDP Query User{408C28A5-3B90-4B6F-BC7E-D6410B2535C0}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{462CB317-4FE4-4C53-9441-46DA66A7FF6D}C:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\somecrazystuff\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{911D5876-FC43-4D44-9B3E-D6347FF8CF90}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon online\game\ncsa-live\ghostreconphantoms.exe |
"UDP Query User{9F27ADBC-D22A-4CF1-950A-C053A64309FC}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13DB5647-AE17-4487-83A6-C18BA89874AD}_is1" = amBX Effects 1.1.2
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{257A63C6-A669-43F1-8C75-E16CDB617841}_is1" = amBX Gaming FXGen 3.6.2
"{3A76C69A-09A7-4DDB-BFFF-EDFDC33814D1}_is1" = amBX Audio FXGen 3.1.1
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{93F00A69-865C-4FEE-AB52-EF2312A28252}_is1" = amBX Control Panel 1.2.4
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}" = Smart Technology Programming Software 7.0.27.13
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"PDF-XChange 3_is1" = PDF-XChange 3
"PROSetDX" = Intel® Network Connections 15.3.68.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3F87B468-8245-4B0C-80A1-92F3DEB1EAC4}" = Mocha TN3270 for Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732E3F74-FF24-42BC-B1A2-3244BBEBEB5D}" = LeapFrog LeapPad Explorer Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1" = Flyff
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{920A4937-9D4D-4457-A323-F3EA79A84A3D}_is1" = amBX Saitek HAL 1.0.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D16A7-393F-470C-8B9F-74AE1EA6C105}" = LeapFrog Connect
"{A140B991-FC80-475C-B569-7197EA261A45}_is1" = amBX System 1.1.4.0
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}" = Aion
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17C58F5-2646-4743-A779-A24976F46571}" = Mindjet MindManager 2012
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"amBX Illuminate" = amBX Illuminate 1.0.2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}" = Yamaha USB-MIDI Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.25
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"MagniDriver" = marvell 91xx driver
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyDriveConnect" = MyDriveConnect 3.3.0.1502
"NCLauncher_NCWest" = NCSOFT Game Launcher
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"ProcessLasso" = Process Lasso
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Stardock Fences 2" = Stardock Fences 2
"Steam" = Steam
"Steam App 107410" = Arma 3
"Steam App 17390" = Spore
"Steam App 17440" = Spore: Creepy & Cute Parts Pack
"Steam App 207750" = Symphony
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 214360" = Tower Wars
"Steam App 227100" = Sniper Elite: [bleep] Zombie Army
"Steam App 227320" = You Need A Budget 4 (YNAB)
"Steam App 238320" = Outlast
"Steam App 243870" = Tom Clancy's Ghost Recon Phantoms - NA
"Steam App 245470" = Democracy 3
"Steam App 24720" = Spore: Galactic Adventures
"Steam App 39120" = RIFT™
"Steam App 43110" = Metro 2033
"Steam App 43160" = Metro: Last Light
"Steam App 50300" = Spec Ops: The Line
"Steam App 570" = Dota 2
"Steam App 63380" = Sniper Elite V2
"Steam App 8930" = Sid Meier's Civilization V
"UPCShell" = LeapFrog Connect
"wc3270_is1" = wc3270 3.3.14ga6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
"RIFT" = RIFT
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/21/2014 12:17:22 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
 stamp: 0x53726019  Faulting module name: chrome.dll, version: 35.0.1916.114, time
 stamp: 0x53725d18  Exception code: 0xc0000005  Fault offset: 0x00728bc8  Faulting process
 id: 0xb14  Faulting application start time: 0x01cf7510252c01fa  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
 Id: 6344f479-e103-11e3-869c-f46d04005102
 
Error - 5/21/2014 12:17:38 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
 stamp: 0x53726019  Faulting module name: chrome.dll, version: 35.0.1916.114, time
 stamp: 0x53725d18  Exception code: 0xc0000005  Fault offset: 0x00728bc8  Faulting process
 id: 0x1910  Faulting application start time: 0x01cf75102f138d9b  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
 Id: 6ce033bc-e103-11e3-869c-f46d04005102
 
Error - 5/21/2014 12:22:41 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
 stamp: 0x53726019  Faulting module name: chrome.dll, version: 35.0.1916.114, time
 stamp: 0x53725d18  Exception code: 0xc0000005  Fault offset: 0x00728bc8  Faulting process
 id: 0x1e68  Faulting application start time: 0x01cf7510d78ba15a  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
 Id: 214ee4b3-e104-11e3-869c-f46d04005102
 
Error - 5/21/2014 12:22:52 PM | Computer Name = CustomDesktop | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 35.0.1916.114, time
 stamp: 0x53726019  Faulting module name: chrome.dll, version: 35.0.1916.114, time
 stamp: 0x53725d18  Exception code: 0xc0000005  Fault offset: 0x00728bc8  Faulting process
 id: 0x1a3c  Faulting application start time: 0x01cf7510de0e2351  Faulting application
 path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  Faulting module
 path: C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\chrome.dll
Report
 Id: 27b94a6f-e104-11e3-869c-f46d04005102
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = ESENT | ID = 412
Description = wuaueng.dll (1084) SUS20ClientDataStore: Unable to read the header
 of logfile C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Error -546.
 
[ System Events ]
Error - 5/20/2014 4:28:58 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%854

 Source
 Path: http://go.microsoft....5D-99752CCA7094

 Signature
 Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x8007042c     Error description: The dependency
 service or group failed to start.
 
Error - 5/21/2014 12:22:56 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.175.11.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

 Current
 Engine Version:      Previous Engine Version: 1.1.10600.0     Error code: 0xc8000222     Error
 description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort
 was longer than the maximum message allowed by the port.
 
Error - 5/21/2014 12:23:19 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version:      Update Source: %%815     Update Stage: %%854     Source
 Path:      Signature Type: %%886     Update Type: %%803     User: CustomDesktop\SomeCrazyStuff

 Current
 Engine Version:      Previous Engine Version:      Error code: 0x8007042c     Error description:
 The dependency service or group failed to start.
 
Error - 5/21/2014 12:23:19 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine.     New Engine
 Version:      Previous Engine Version:      Engine Type: %%886     User: CustomDesktop\SomeCrazyStuff

 Error
 Code: 0x8007042c     Error description: The dependency service or group failed to start.
 
 
Error - 5/21/2014 12:23:20 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%854

 Source
 Path: http://go.microsoft....5D-99752CCA7094

 Signature
 Type: %%886     Update Type: %%803     User: CustomDesktop\SomeCrazyStuff     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x8007042c     Error description: The dependency
 service or group failed to start.
 
Error - 5/21/2014 2:18:18 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.175.98.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

 Current
 Engine Version:      Previous Engine Version: 1.1.10600.0     Error code: 0xc8000222     Error
 description: Length of message passed to NtRequestPort or NtRequestWaitReplyPort
 was longer than the maximum message allowed by the port.
 
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version:      Update Source: %%815     Update Stage: %%854     Source
 Path:      Signature Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE

 Current
 Engine Version:      Previous Engine Version:      Error code: 0x8007042c     Error description:
 The dependency service or group failed to start.
 
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2003
Description = %%860 has encountered an error trying to update the engine.     New Engine
 Version:      Previous Engine Version:      Engine Type: %%886     User: NT AUTHORITY\NETWORK
SERVICE     Error Code: 0x8007042c     Error description: The dependency service or group
failed to start.
 
Error - 5/21/2014 2:18:40 PM | Computer Name = CustomDesktop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 0.0.0.0     Update Source: %%851     Update Stage: %%854

 Source
 Path: http://go.microsoft....5D-99752CCA7094

 Signature
 Type: %%886     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 0.0.0.0     Error code: 0x8007042c     Error description: The dependency
 service or group failed to start.
 
Error - 5/21/2014 4:35:24 PM | Computer Name = CustomDesktop | Source = Service Control Manager | ID = 7023
Description = The amBX Service service terminated with the following error:   %%1115
 
 
< End of report >

 

MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/22/2014
Scan Time: 9:50:10 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.23.03
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7
CPU: x64
File System: NTFS
User: SomeCrazyStuff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 272127
Time Elapsed: 9 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

I apologize in advanced. I do have limited times where I can reply. I am very busy on workdays and sometimes do not get in til late in which case i go straight to bed. I will make every attempt to answer promptly. Thanks for your time!

Attached Thumbnails

  • ChromeData.png

  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Do you still need help? Sorry for the late reply.
  • 0

#3
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

yes please.


  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello and Welcome on board SomeCrazyStuff :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

For the first little overview the logs look quite good. We are now going to check for Adware.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits

    MBAMsettings.JPG

    Go back to the Dashboard and select Scan Now

    MBAMScan.JPG

    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

    MBAMReboot.JPG

    MBAMLog.JPG

    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Attach/Post that log

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan

    Please download FRST (by Farbar) from the link below and save it to your Desktop.

    Download Mirror #1

    If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
    • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
    • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • When the disclaimer appears, click Yes.
    • Click Scan to start FRST.
    • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

  • 0

#5
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by SomeCrazyStuff at 2014-05-29 21:27:24
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
amBX Audio FXGen 3.1.1 (HKLM\...\{3A76C69A-09A7-4DDB-BFFF-EDFDC33814D1}_is1) (Version: 3.1.1.0 - amBX UK Ltd.)
amBX Control Panel 1.2.4 (HKLM\...\{93F00A69-865C-4FEE-AB52-EF2312A28252}_is1) (Version: 1.2.4.34913 - amBX UK Ltd)
amBX Effects 1.1.2 (HKLM\...\{13DB5647-AE17-4487-83A6-C18BA89874AD}_is1) (Version: 1.1.2.21417 - Philips)
amBX Gaming FXGen 3.6.2 (HKLM\...\{257A63C6-A669-43F1-8C75-E16CDB617841}_is1) (Version: 3.6.2.0 - amBX UK Ltd.)
amBX Illuminate 1.0.2 (HKLM-x32\...\amBX Illuminate) (Version: 1.0.2 - amBX UK Ltd)
amBX Saitek HAL 1.0.0 (HKLM-x32\...\{920A4937-9D4D-4457-A323-F3EA79A84A3D}_is1) (Version:  - amBX UK Ltd.)
amBX System 1.1.4.0 (HKLM-x32\...\{A140B991-FC80-475C-B569-7197EA261A45}_is1) (Version: 1.1.4.0 - amBX UK Ltd)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.01 - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version:  - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2407 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 7.0.2407 - CyberLink Corp.) Hidden
CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6210 - CyberLink Corp.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2623 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.2623 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1423 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1423 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2519.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2519.50 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2429 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.2.2429 - CyberLink Corp.) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Flyff (HKLM-x32\...\{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1) (Version: Flyff - Gala-Net)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{F2C07BE3-0F88-4D0C-957B-3557699981E9}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
Intel® Network Connections 15.3.68.0 (HKLM\...\PROSetDX) (Version: 15.3.68.0 - Intel)
Intel® Network Connections 15.3.68.0 (Version: 15.3.68.0 - Intel) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 5.3.0.18537 - LeapFrog)
LeapFrog Connect (x32 Version: 5.3.0.18537 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 5.2.1.18456 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{FA8BFB25-BF48-4F8B-8859-B30810745190}) (Version: 1.18.11.1 - LightScribe)
Logitech GamePanel Software 3.06.109 (HKLM\...\{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}) (Version: 3.06.109 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mindjet MindManager 2012 (HKLM-x32\...\{F17C58F5-2646-4743-A779-A24976F46571}) (Version: 10.2.209 - Mindjet)
Mocha TN3270 for Windows 7 (HKLM-x32\...\{3F87B468-8245-4B0C-80A1-92F3DEB1EAC4}) (Version: 2.0 - MochaSoft)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyDriveConnect 3.3.0.1502 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 4.11.9 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version:  - Tracker Software)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 6.7.0.14 - Bitsum)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RIFT (HKCU\...\RIFT) (Version:  - Trion Worlds, Inc.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Elite: [bleep] Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version:  - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version:  - EA - Maxis)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Symphony (HKLM-x32\...\Steam App 207750) (Version:  - Empty Clip Studios)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tower Wars (HKLM-x32\...\Steam App 214360) (Version:  - SuperVillain Studios)
TurboV EVO (HKLM-x32\...\{491D92A9-69CA-4EB4-81D3-0106F9337957}) (Version: 1.02.25 - )
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
wc3270 3.3.14ga6 (HKLM-x32\...\wc3270_is1) (Version:  - Paul Mattes)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}) (Version:  - )
Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{71E75F05-930E-41BA-BDBC-15E3134DD45B}) (Version: 3.1.3.1 - Yamaha Corporation)
Yamaha USB-MIDI Driver (Version: 3.1.3.1 - Yamaha Corporation) Hidden
You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version:  - YouNeedABudget.com)

==================== Restore Points  =========================

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0685E99E-80FB-4BFC-8B00-12C5A0184DFA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-22] (Adobe Systems Incorporated)
Task: {07B996DE-BC78-4EB5-BE50-BF506C69504F} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {22582C84-EF9A-4032-A992-34988A42DA1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: {52D4DBDE-DD37-4E59-95AF-94975195CF62} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {59786905-2405-4C86-909D-37B4F53B32FA} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2014-03-22] (Bitsum LLC)
Task: {68BB7799-6580-4E66-85D0-EC9ED1E7926D} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2014-03-22] (Bitsum LLC)
Task: {96BA96CC-0BD6-4B6F-B19E-B14E188C1971} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe [2010-04-29] (ASUSTeK Computer Inc.)
Task: {980A34C5-5E3B-44C1-8F8B-F59C77E7FFF7} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {D9F08778-199A-48CB-8BD5-FE98442D1D44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-02 02:05 - 2013-06-21 05:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-12 22:16 - 2014-04-12 22:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-22 14:00 - 2011-02-10 19:17 - 00310784 _____ () C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
2014-05-22 13:54 - 2010-10-29 12:09 - 00055296 _____ () C:\Program Files\amBX\Gaming FXGen\x64\amBXProfileObtainer.dll
2014-05-22 13:54 - 2010-10-29 12:08 - 00011264 _____ () C:\Program Files\amBX\Gaming FXGen\x64\StringHasher.dll
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-02 01:36 - 2010-02-08 18:19 - 00053248 _____ () C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
2010-01-22 11:29 - 2010-01-22 11:29 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-01-22 11:30 - 2010-01-22 11:30 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-01-22 11:29 - 2010-01-22 11:29 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-12-02 01:36 - 2008-12-10 21:04 - 00253952 _____ () C:\Program Files\ASUS\TurboV EVO\pngio.dll
2013-12-02 02:18 - 2010-02-09 11:52 - 33735976 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-07-03 05:24 - 2012-07-03 05:24 - 00151408 _____ () C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
2014-05-29 21:06 - 2014-05-29 21:06 - 00053248 _____ () C:\Users\SomeCrazyStuff\AppData\Local\Temp\1047wrd.~lk\3791fspext.dll
2014-05-29 21:06 - 2014-05-29 21:06 - 00043008 _____ () C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Programmable Root Enumerator
Description: Programming Support
Class Guid: {678dcf40-e2e6-11d5-8cd5-e960089ea00a}
Manufacturer: Mad Catz
Service: SaiNtBus
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-21 13:00:09.941
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 13:00:09.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 13:00:09.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.1.7601.17514_none_9247d45ea984f2ad\userenv.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:59:52.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:59:52.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:59:52.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\x86_microsoft-windows-rpc-remote_31bf3856ad364e35_6.1.7601.17514_none_c2a09d30916321d9\RpcRtRemote.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:56:36.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:56:36.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:56:36.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22436_none_c03ca3001653c1ef\appidapi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-21 12:56:36.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\winsxs\wow64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.22411_none_c04d416616480b5a\appidapi.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 12279.11 MB
Available physical RAM: 9820.91 MB
Total Pagefile: 24556.38 MB
Available Pagefile: 21742.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1589 GB) NTFS
Drive d: () (Fixed) (Total:558.81 GB) (Free:182.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 559 GB) (Disk ID: D14626DC)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=559 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 882852A5)
Partition 1: (Active) - (Size=-198627557376) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by SomeCrazyStuff (administrator) on CUSTOMDESKTOP on 29-05-2014 21:27:10
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Platform: Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(amBX) C:\Program Files (x86)\amBX\System\amBX_Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
(Koninklijke Philips N.V.) C:\Program Files\amBX\Control Panel\amBXDaemon.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
(Spotify Ltd) C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(amBX) C:\Program Files\amBX\Effects\amBX Event Manager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(amBX) C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [amBX System Tray Application] => C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe [143360 2010-10-29] (amBX UK Ltd.)
HKLM\...\Run: [amBX Daemon] => C:\Program Files\amBX\Control Panel\amBXDaemon.exe [229376 2011-02-10] (Koninklijke Philips N.V.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9921664 2010-05-06] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-01-19] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38288 2012-07-03] (Mindjet)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-03-13] (NCSOFT Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [Spotify Web Helper] => C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-25] (Spotify Ltd)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {311ce271-5b26-11e3-8a37-806e6f6e6963} - G:\Setup\setup.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {9445c8b4-7c72-11e3-a52a-f46d04005102} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {fcd2c528-aaf9-11e3-b224-f46d04005102} - E:\eTflash.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
ShortcutTarget: amBX Effects.lnk -> C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
ShortcutTarget: amBX Illuminate.lnk -> C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2BD61320587BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
SearchScopes: HKCU - {33F1B3D0-B103-482c-8428-5AF918134BBF} URL = http://www.google.co...&q={searchTerms}
SearchScopes: HKCU - {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage:
CHR Extension: (Entanglement Web App) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-05-21]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2014-05-21]
CHR Extension: (Google Docs) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-21]
CHR Extension: (Google Drive) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-21]
CHR Extension: (Adblock Plus) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-25]
CHR Extension: (Google Search) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-21]
CHR Extension: (Tabs Outliner) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-05-21]
CHR Extension: (Adblock Advisor) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplojogpbcbnjoemcalepfmbcpnkpjjo [2014-05-25]
CHR Extension: (SparkChess 7) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem [2014-05-21]
CHR Extension: (TouristEye Planner) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg [2014-05-21]
CHR Extension: (Evernote Web) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-05-21]
CHR Extension: (zen temple) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmiiioabolbmhbhphhfjbohiiijmkee [2014-05-21]
CHR Extension: (Google Wallet) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-21]
CHR Extension: (Picky Wallpapers) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2014-05-21]
CHR Extension: (ScriptSafe) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-05-25]
CHR Extension: (klekr) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\opljjfbgbkjjjgdhbocfakafilegppbl [2014-05-21]
CHR Extension: (Edgeworld) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp [2014-05-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-05-21]
CHR Extension: (Gmail) - C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 amBX Saitek HAL Service; C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [310784 2011-02-10] ()
R2 amBX Service; C:\Program Files (x86)\amBX\System\amBX_Service.exe [612864 2009-10-14] (amBX)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4795672 2013-11-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 SaiK0DC5; C:\Windows\System32\DRIVERS\SaiK0DC5.sys [176136 2011-03-10] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-29 21:27 - 2014-05-29 21:27 - 00000000 ____D () C:\FRST
2014-05-29 21:25 - 2014-05-29 21:25 - 00000638 _____ () C:\Users\SomeCrazyStuff\Desktop\JRT.txt
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:00 - 2014-05-29 21:01 - 00000000 ____D () C:\AdwCleaner
2014-05-29 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 20:59 - 2014-05-29 21:27 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-05-29 10:56 - 2014-05-29 10:57 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-22 22:06 - 2014-05-22 22:06 - 00102736 _____ () C:\Users\SomeCrazyStuff\Desktop\Extras.Txt
2014-05-22 22:06 - 2014-05-22 22:06 - 00101666 _____ () C:\Users\SomeCrazyStuff\Desktop\OTL.Txt
2014-05-22 22:02 - 2014-05-22 22:02 - 00602112 _____ (OldTimer Tools) C:\Users\SomeCrazyStuff\Desktop\OTL.exe
2014-05-22 21:47 - 2014-05-29 21:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:10 - 2014-05-29 20:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:54 - 2014-05-22 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 13:54 - 2014-05-22 13:55 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:42 - 2014-05-22 13:49 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:42 - 2014-05-22 13:47 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-05-29 21:06 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 17:34 - 2014-05-29 20:39 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:07 - 2014-05-21 16:08 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-15 17:24 - 2014-05-29 21:06 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-09 14:30 - 2014-05-16 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-05-29 21:27 - 2014-05-29 21:27 - 00000000 ____D () C:\FRST
2014-05-29 21:27 - 2014-05-29 20:59 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-05-29 21:27 - 2013-12-02 01:07 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Temp
2014-05-29 21:25 - 2014-05-29 21:25 - 00000638 _____ () C:\Users\SomeCrazyStuff\Desktop\JRT.txt
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:11 - 2013-12-02 03:08 - 00014106 _____ () C:\Windows\setupact.log
2014-05-29 21:10 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 21:10 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 21:08 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-29 21:06 - 2014-05-22 21:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 21:06 - 2014-05-21 17:34 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 21:06 - 2014-05-15 17:24 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-29 21:06 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox
2014-05-29 21:06 - 2013-12-02 01:06 - 01145869 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 21:03 - 2013-12-07 14:44 - 00109010 _____ () C:\Windows\PFRO.log
2014-05-29 21:03 - 2013-12-02 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-29 21:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-29 21:01 - 2014-05-29 21:00 - 00000000 ____D () C:\AdwCleaner
2014-05-29 20:49 - 2014-05-22 14:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-29 20:39 - 2014-05-21 17:34 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-29 18:10 - 2014-04-02 20:18 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify
2014-05-29 10:57 - 2014-05-29 10:56 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-29 00:28 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Spotify
2014-05-27 19:45 - 2013-12-02 06:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-27 07:04 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 07:04 - 2013-12-02 01:07 - 00000000 ___RD () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-23 18:39 - 2013-12-02 03:21 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-05-22 22:06 - 2014-05-22 22:06 - 00102736 _____ () C:\Users\SomeCrazyStuff\Desktop\Extras.Txt
2014-05-22 22:06 - 2014-05-22 22:06 - 00101666 _____ () C:\Users\SomeCrazyStuff\Desktop\OTL.Txt
2014-05-22 22:02 - 2014-05-22 22:02 - 00602112 _____ (OldTimer Tools) C:\Users\SomeCrazyStuff\Desktop\OTL.exe
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:44 - 2013-12-02 03:06 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\KeePass
2014-05-22 21:43 - 2013-12-02 01:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:18 - 2013-12-02 01:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:13 - 2013-05-16 18:17 - 05669880 _____ (Yamaha Corporation ) C:\Users\SomeCrazyStuff\Downloads\setup.exe
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 14:10 - 2014-01-04 23:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 14:10 - 2014-01-04 23:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 14:00 - 2014-05-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 14:00 - 2013-12-02 06:04 - 00001565 _____ () C:\Windows\KB893803v2.log
2014-05-22 14:00 - 2013-12-02 06:04 - 00000000 ____D () C:\Program Files (x86)\amBX
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:55 - 2014-05-22 13:54 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:55 - 2013-12-02 06:05 - 00000000 ____D () C:\ProgramData\amBX_Events
2014-05-22 13:55 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 13:53 - 2012-01-23 11:42 - 101098504 _____ (Saitek ) C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_LightPod_SD7_00000025_64_Full_pfw.exe
2014-05-22 13:53 - 2012-01-23 11:41 - 97336088 _____ (amBX UK Ltd. ) C:\Users\SomeCrazyStuff\Downloads\amBX_Full_Installer_v2.0.0.exe
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:49 - 2014-05-22 13:42 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:47 - 2014-05-22 13:42 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 17:34 - 2013-12-02 02:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Deployment
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:08 - 2014-05-21 16:07 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-21 15:50 - 2013-12-02 01:07 - 00001453 _____ () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-21 15:36 - 2013-12-02 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 11:23 - 2013-12-02 06:03 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-21 11:23 - 2013-12-02 02:18 - 00000000 ____D () C:\ProgramData\Temp
2014-05-18 18:15 - 2013-12-02 02:44 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-05-16 20:49 - 2014-05-09 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-12 07:26 - 2014-05-22 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-30 02:05 - 2014-03-09 11:25 - 00000000 ____D () C:\ProgramData\Origin

Some content of TEMP:
====================
C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-29 09:54

==================== End Of Log ============================

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/29/2014
Scan Time: 9:08:46 PM
Logfile: MBAM053014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.30.03
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7
CPU: x64
File System: NTFS
User: SomeCrazyStuff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274829
Time Elapsed: 10 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by SomeCrazyStuff on Thu 05/29/2014 at 21:20:40.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/29/2014 at 21:25:19.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v3.211 - Report created 29/05/2014 at 21:01:19
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : SomeCrazyStuff - CUSTOMDESKTOP
# Running from : C:\Users\SomeCrazyStuff\Desktop\GTG\ADWCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Program Files (x86)\DeviceVM

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1492 octets] - [29/05/2014 21:00:13]
AdwCleaner[S0].txt - [1397 octets] - [29/05/2014 21:01:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1457 octets] ##########


  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Step 1: FRST Fix
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:


e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png
  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png
  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

Attached Files


  • 0

#7
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Sorry for the delayed reply. been very busy.

 

 

I ran Eset 3 times because the logfile doesnt look right. It did find several files categorized as PUP. all of the files were in a folder called GEGeekToolkit. It was full of networking programs i got a while back that included packet sniffers for networking analysis and similar. Microsoft Security Essentials and MBAM both picked up on the folder over a year ago and i went ahead and let them quarentine the files then as i no longer need them. I suppose those files are still lingering somewhere. Here is link to the site where i got the toolkit if you want to see what all is in it.

 

Eset log has almost nothing in it. I copied it at the bottom of this reply, but it is all of 3 lines long

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by SomeCrazyStuff at 2014-05-30 11:06:05 Run:1
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {311ce271-5b26-11e3-8a37-806e6f6e6963} - G:\Setup\setup.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {9445c8b4-7c72-11e3-a52a-f46d04005102} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {fcd2c528-aaf9-11e3-b224-f46d04005102} - E:\eTflash.exe
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
*****************

HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-281930833-3989108500-1397960144-1001 => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{311ce271-5b26-11e3-8a37-806e6f6e6963} => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102} => Key deleted successfully.
HKCR\CLSID\{9445c8b4-7c72-11e3-a52a-f46d04005102} => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102} => Key deleted successfully.
HKCR\CLSID\{fcd2c528-aaf9-11e3-b224-f46d04005102} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value deleted successfully.
HKCR\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll" => File/Directory not found.
C:\Users\SomeCrazyStuff\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by SomeCrazyStuff (administrator) on CUSTOMDESKTOP on 02-06-2014 07:13:42
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Platform: Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(amBX) C:\Program Files (x86)\amBX\System\amBX_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
(Koninklijke Philips N.V.) C:\Program Files\amBX\Control Panel\amBXDaemon.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(amBX) C:\Program Files\amBX\Effects\amBX Event Manager.exe
(amBX) C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Sysinternals - www.sysinternals.com) C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer\procexp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Sysinternals - www.sysinternals.com) C:\Users\SomeCrazyStuff\AppData\Local\Temp\procexp64.exe
() C:\DLautoR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [amBX System Tray Application] => C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe [143360 2010-10-29] (amBX UK Ltd.)
HKLM\...\Run: [amBX Daemon] => C:\Program Files\amBX\Control Panel\amBXDaemon.exe [229376 2011-02-10] (Koninklijke Philips N.V.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9921664 2010-05-06] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-01-19] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38288 2012-07-03] (Mindjet)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-03-13] (NCSOFT Corporation)
HKLM-x32\...\Run: [runfile] => C:\Program Files (x86)\DisplayLink\DLsetup\NoConsoleExe.exe [7168 2011-03-18] ()
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
IFEO\taskmgr.exe: [Debugger] "C:\USERS\SOMECRAZYSTUFF\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
ShortcutTarget: amBX Effects.lnk -> C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
ShortcutTarget: amBX Illuminate.lnk -> C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2BD61320587BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
SearchScopes: HKCU - {33F1B3D0-B103-482c-8428-5AF918134BBF} URL = http://www.google.co...&q={searchTerms}
SearchScopes: HKCU - {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

R2 amBX Saitek HAL Service; C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [310784 2011-02-10] ()
R2 amBX Service; C:\Program Files (x86)\amBX\System\amBX_Service.exe [612864 2009-10-14] (amBX)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8882136 2012-09-28] (DisplayLink Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4795672 2013-11-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [17408 2014-05-30] (http://libusb-win32.sourceforge.net)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 SaiK0DC5; C:\Windows\System32\DRIVERS\SaiK0DC5.sys [176136 2011-03-10] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-30 11:09 - 2014-05-30 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 10:51 - 2012-09-28 09:18 - 00385912 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2014-05-30 10:51 - 2012-09-28 09:18 - 00015224 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2014-05-30 10:50 - 2014-05-30 10:51 - 00000000 ____D () C:\Program Files\DisplayLink Graphics
2014-05-30 10:49 - 2014-05-30 10:50 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-05-30 10:49 - 2014-05-30 10:49 - 02081792 _____ (DisplayLink Corp.) C:\Windows\system32\DisplayLinkUsbCo64_7.0.41409.0.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00017408 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\DisplayLinkUsbPort_7.0.41409.0.sys
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd10.dll
2014-05-30 10:49 - 2011-07-01 17:33 - 00194048 _____ () C:\DLautoR.exe
2014-05-30 10:48 - 2014-05-30 10:48 - 00000000 ____D () C:\Program Files (x86)\DisplayLink
2014-05-30 10:29 - 2014-05-30 10:29 - 00003320 _____ () C:\Windows\System32\Tasks\Process Explorer-CustomDesktop-SomeCrazyStuff
2014-05-30 10:23 - 2014-05-30 10:23 - 00000000 ____D () C:\Windows\pss
2014-05-30 10:20 - 2014-05-30 10:20 - 00000022 _____ () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer.zip
2014-05-30 10:20 - 2014-05-30 10:20 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer
2014-05-29 21:39 - 2014-05-29 21:39 - 02294104 _____ () C:\Users\SomeCrazyStuff\Downloads\Rainmeter-3.1.exe
2014-05-29 21:27 - 2014-06-02 07:13 - 00000000 ____D () C:\FRST
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:00 - 2014-05-29 21:01 - 00000000 ____D () C:\AdwCleaner
2014-05-29 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 20:59 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-05-29 10:56 - 2014-05-29 10:57 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-22 21:47 - 2014-06-02 07:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:10 - 2014-06-02 07:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:54 - 2014-05-22 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 13:54 - 2014-05-22 13:55 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:42 - 2014-05-22 13:49 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:42 - 2014-05-22 13:47 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-06-02 07:12 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 17:34 - 2014-06-02 07:11 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:07 - 2014-05-21 16:08 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-15 17:24 - 2014-05-31 07:39 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-09 14:30 - 2014-05-16 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-06-02 07:13 - 2014-05-29 21:27 - 00000000 ____D () C:\FRST
2014-06-02 07:13 - 2014-05-29 20:59 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-06-02 07:13 - 2013-12-02 01:07 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Temp
2014-06-02 07:12 - 2014-05-21 17:34 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 07:11 - 2014-05-22 21:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 07:11 - 2014-05-22 14:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 07:11 - 2014-05-21 17:34 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 07:11 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox
2014-06-02 07:11 - 2013-12-02 01:06 - 01287130 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 07:39 - 2014-05-15 17:24 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-30 21:34 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:34 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:31 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 21:27 - 2013-12-02 03:08 - 00014218 _____ () C:\Windows\setupact.log
2014-05-30 21:27 - 2013-12-02 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-30 21:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 21:26 - 2013-12-07 14:44 - 00109346 _____ () C:\Windows\PFRO.log
2014-05-30 21:25 - 2013-12-02 03:06 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\KeePass
2014-05-30 21:16 - 2013-12-02 06:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-30 11:09 - 2014-05-30 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 10:51 - 2014-05-30 10:50 - 00000000 ____D () C:\Program Files\DisplayLink Graphics
2014-05-30 10:50 - 2014-05-30 10:49 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-05-30 10:50 - 2014-01-04 23:43 - 00014974 _____ () C:\Windows\DPINST.LOG
2014-05-30 10:49 - 2014-05-30 10:49 - 02081792 _____ (DisplayLink Corp.) C:\Windows\system32\DisplayLinkUsbCo64_7.0.41409.0.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00017408 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\DisplayLinkUsbPort_7.0.41409.0.sys
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd10.dll
2014-05-30 10:48 - 2014-05-30 10:48 - 00000000 ____D () C:\Program Files (x86)\DisplayLink
2014-05-30 10:48 - 2013-12-02 01:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-30 10:29 - 2014-05-30 10:29 - 00003320 _____ () C:\Windows\System32\Tasks\Process Explorer-CustomDesktop-SomeCrazyStuff
2014-05-30 10:23 - 2014-05-30 10:23 - 00000000 ____D () C:\Windows\pss
2014-05-30 10:20 - 2014-05-30 10:20 - 00000022 _____ () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer.zip
2014-05-30 10:20 - 2014-05-30 10:20 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer
2014-05-30 09:06 - 2014-04-02 20:18 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify
2014-05-29 22:22 - 2014-03-09 11:25 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 22:22 - 2014-03-09 11:25 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-29 21:40 - 2014-04-05 19:10 - 00001716 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2014-05-29 21:40 - 2014-04-05 19:10 - 00000000 ____D () C:\Program Files\Rainmeter
2014-05-29 21:39 - 2014-05-29 21:39 - 02294104 _____ () C:\Users\SomeCrazyStuff\Downloads\Rainmeter-3.1.exe
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:01 - 2014-05-29 21:00 - 00000000 ____D () C:\AdwCleaner
2014-05-29 10:57 - 2014-05-29 10:56 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-29 00:28 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Spotify
2014-05-27 07:04 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 07:04 - 2013-12-02 01:07 - 00000000 ___RD () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-23 18:39 - 2013-12-02 03:21 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:43 - 2013-12-02 01:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:13 - 2013-05-16 18:17 - 05669880 _____ (Yamaha Corporation ) C:\Users\SomeCrazyStuff\Downloads\setup.exe
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 14:10 - 2014-01-04 23:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 14:10 - 2014-01-04 23:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 14:00 - 2014-05-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 14:00 - 2013-12-02 06:04 - 00001565 _____ () C:\Windows\KB893803v2.log
2014-05-22 14:00 - 2013-12-02 06:04 - 00000000 ____D () C:\Program Files (x86)\amBX
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:55 - 2014-05-22 13:54 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:55 - 2013-12-02 06:05 - 00000000 ____D () C:\ProgramData\amBX_Events
2014-05-22 13:55 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 13:53 - 2012-01-23 11:42 - 101098504 _____ (Saitek ) C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_LightPod_SD7_00000025_64_Full_pfw.exe
2014-05-22 13:53 - 2012-01-23 11:41 - 97336088 _____ (amBX UK Ltd. ) C:\Users\SomeCrazyStuff\Downloads\amBX_Full_Installer_v2.0.0.exe
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:49 - 2014-05-22 13:42 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:47 - 2014-05-22 13:42 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 17:34 - 2013-12-02 02:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Deployment
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:08 - 2014-05-21 16:07 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-21 15:50 - 2013-12-02 01:07 - 00001453 _____ () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-21 15:36 - 2013-12-02 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 11:23 - 2013-12-02 06:03 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-21 11:23 - 2013-12-02 02:18 - 00000000 ____D () C:\ProgramData\Temp
2014-05-18 18:15 - 2013-12-02 02:44 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-05-16 20:49 - 2014-05-09 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-12 07:26 - 2014-05-22 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd8y5cf.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-29 09:54

==================== End Of Log ============================

 

 

 

 

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 


  • 0

#8
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Sorry for the delayed reply. been very busy.

 

 

I ran Eset 3 times because the logfile doesnt look right. It did find several files categorized as PUP. all of the files were in a folder called GEGeekToolkit. It was full of networking programs i got a while back that included packet sniffers for networking analysis and similar. Microsoft Security Essentials and MBAM both picked up on the folder over a year ago and i went ahead and let them quarentine the files then as i no longer need them. I suppose those files are still lingering somewhere. Here is link to the site where i got the toolkit if you want to see what all is in it.

 

Eset log has almost nothing in it. I copied it at the bottom of this reply, but it is all of 3 lines long

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-05-2014
Ran by SomeCrazyStuff at 2014-05-30 11:06:05 Run:1
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {311ce271-5b26-11e3-8a37-806e6f6e6963} - G:\Setup\setup.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {9445c8b4-7c72-11e3-a52a-f46d04005102} - I:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: {fcd2c528-aaf9-11e3-b224-f46d04005102} - E:\eTflash.exe
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
*****************

HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-281930833-3989108500-1397960144-1001 => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{311ce271-5b26-11e3-8a37-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{311ce271-5b26-11e3-8a37-806e6f6e6963} => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9445c8b4-7c72-11e3-a52a-f46d04005102} => Key deleted successfully.
HKCR\CLSID\{9445c8b4-7c72-11e3-a52a-f46d04005102} => Key not found.
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcd2c528-aaf9-11e3-b224-f46d04005102} => Key deleted successfully.
HKCR\CLSID\{fcd2c528-aaf9-11e3-b224-f46d04005102} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value deleted successfully.
HKCR\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} => Value not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwq1p5h.dll" => File/Directory not found.
C:\Users\SomeCrazyStuff\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by SomeCrazyStuff (administrator) on CUSTOMDESKTOP on 02-06-2014 07:13:42
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Platform: Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(amBX) C:\Program Files (x86)\amBX\System\amBX_Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe
(Koninklijke Philips N.V.) C:\Program Files\amBX\Control Panel\amBXDaemon.exe
(amBX UK Ltd.) C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(amBX) C:\Program Files\amBX\Effects\amBX Event Manager.exe
(amBX) C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Dropbox, Inc.) C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(Sysinternals - www.sysinternals.com) C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer\procexp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Sysinternals - www.sysinternals.com) C:\Users\SomeCrazyStuff\AppData\Local\Temp\procexp64.exe
() C:\DLautoR.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [amBX System Tray Application] => C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe [143360 2010-10-29] (amBX UK Ltd.)
HKLM\...\Run: [amBX Daemon] => C:\Program Files\amBX\Control Panel\amBXDaemon.exe [229376 2011-02-10] (Koninklijke Philips N.V.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9921664 2010-05-06] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-01-19] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-03-03] (CyberLink Corp.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [38288 2012-07-03] (Mindjet)
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [528360 2014-03-13] (NCSOFT Corporation)
HKLM-x32\...\Run: [runfile] => C:\Program Files (x86)\DisplayLink\DLsetup\NoConsoleExe.exe [7168 2011-03-18] ()
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
HKU\S-1-5-21-281930833-3989108500-1397960144-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
IFEO\taskmgr.exe: [Debugger] "C:\USERS\SOMECRAZYSTUFF\DOWNLOADS\PROCESSEXPLORER\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
ShortcutTarget: amBX Effects.lnk -> C:\Program Files\amBX\Effects\amBX Event Manager.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
ShortcutTarget: amBX Illuminate.lnk -> C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe (amBX)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2BD61320587BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
SearchScopes: HKCU - {33F1B3D0-B103-482c-8428-5AF918134BBF} URL = http://www.google.co...&q={searchTerms}
SearchScopes: HKCU - {35437C12-E54F-40c3-BF79-468EB8C65DA8} URL = http://search.yahoo....icevm&type=EGMB
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

R2 amBX Saitek HAL Service; C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [310784 2011-02-10] ()
R2 amBX Service; C:\Program Files (x86)\amBX\System\amBX_Service.exe [612864 2009-10-14] (amBX)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8882136 2012-09-28] (DisplayLink Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4795672 2013-11-25] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-12] ()

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [17408 2014-05-30] (http://libusb-win32.sourceforge.net)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 SaiK0DC5; C:\Windows\System32\DRIVERS\SaiK0DC5.sys [176136 2011-03-10] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51496 2013-04-04] (Yamaha Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-01-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-30 11:09 - 2014-05-30 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 10:51 - 2012-09-28 09:18 - 00385912 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmd.sys
2014-05-30 10:51 - 2012-09-28 09:18 - 00015224 _____ (DisplayLink Corp.) C:\Windows\system32\Drivers\dlkmdldr.sys
2014-05-30 10:50 - 2014-05-30 10:51 - 00000000 ____D () C:\Program Files\DisplayLink Graphics
2014-05-30 10:49 - 2014-05-30 10:50 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-05-30 10:49 - 2014-05-30 10:49 - 02081792 _____ (DisplayLink Corp.) C:\Windows\system32\DisplayLinkUsbCo64_7.0.41409.0.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00017408 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\DisplayLinkUsbPort_7.0.41409.0.sys
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd10.dll
2014-05-30 10:49 - 2011-07-01 17:33 - 00194048 _____ () C:\DLautoR.exe
2014-05-30 10:48 - 2014-05-30 10:48 - 00000000 ____D () C:\Program Files (x86)\DisplayLink
2014-05-30 10:29 - 2014-05-30 10:29 - 00003320 _____ () C:\Windows\System32\Tasks\Process Explorer-CustomDesktop-SomeCrazyStuff
2014-05-30 10:23 - 2014-05-30 10:23 - 00000000 ____D () C:\Windows\pss
2014-05-30 10:20 - 2014-05-30 10:20 - 00000022 _____ () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer.zip
2014-05-30 10:20 - 2014-05-30 10:20 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer
2014-05-29 21:39 - 2014-05-29 21:39 - 02294104 _____ () C:\Users\SomeCrazyStuff\Downloads\Rainmeter-3.1.exe
2014-05-29 21:27 - 2014-06-02 07:13 - 00000000 ____D () C:\FRST
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:00 - 2014-05-29 21:01 - 00000000 ____D () C:\AdwCleaner
2014-05-29 21:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-29 20:59 - 2014-06-02 07:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-05-29 10:56 - 2014-05-29 10:57 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-22 21:47 - 2014-06-02 07:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-22 21:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-22 21:47 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:10 - 2014-06-02 07:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:54 - 2014-05-22 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 13:54 - 2014-05-22 13:55 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:42 - 2014-05-22 13:49 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:42 - 2014-05-22 13:47 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-06-02 07:12 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 17:34 - 2014-06-02 07:11 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:07 - 2014-05-21 16:08 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-15 17:24 - 2014-05-31 07:39 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-09 14:30 - 2014-05-16 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-06-02 07:13 - 2014-05-29 21:27 - 00000000 ____D () C:\FRST
2014-06-02 07:13 - 2014-05-29 20:59 - 00000000 ____D () C:\Users\SomeCrazyStuff\Desktop\GTG
2014-06-02 07:13 - 2013-12-02 01:07 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Temp
2014-06-02 07:12 - 2014-05-21 17:34 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 07:11 - 2014-05-22 21:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-02 07:11 - 2014-05-22 14:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 07:11 - 2014-05-21 17:34 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 07:11 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Dropbox
2014-06-02 07:11 - 2013-12-02 01:06 - 01287130 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 07:39 - 2014-05-15 17:24 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\DropboxMaster
2014-05-30 21:34 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:34 - 2009-07-13 23:45 - 00020160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 21:31 - 2009-07-14 00:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 21:27 - 2013-12-02 03:08 - 00014218 _____ () C:\Windows\setupact.log
2014-05-30 21:27 - 2013-12-02 01:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-30 21:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 21:26 - 2013-12-07 14:44 - 00109346 _____ () C:\Windows\PFRO.log
2014-05-30 21:25 - 2013-12-02 03:06 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\KeePass
2014-05-30 21:16 - 2013-12-02 06:11 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-30 11:09 - 2014-05-30 11:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 10:51 - 2014-05-30 10:50 - 00000000 ____D () C:\Program Files\DisplayLink Graphics
2014-05-30 10:50 - 2014-05-30 10:49 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2014-05-30 10:50 - 2014-01-04 23:43 - 00014974 _____ () C:\Windows\DPINST.LOG
2014-05-30 10:49 - 2014-05-30 10:49 - 02081792 _____ (DisplayLink Corp.) C:\Windows\system32\DisplayLinkUsbCo64_7.0.41409.0.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00017408 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\DisplayLinkUsbPort_7.0.41409.0.sys
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumdfb10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\SysWOW64\dlumd10.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd9.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd11.dll
2014-05-30 10:49 - 2014-05-30 10:49 - 00000000 _____ () C:\Windows\system32\dlumd10.dll
2014-05-30 10:48 - 2014-05-30 10:48 - 00000000 ____D () C:\Program Files (x86)\DisplayLink
2014-05-30 10:48 - 2013-12-02 01:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-30 10:29 - 2014-05-30 10:29 - 00003320 _____ () C:\Windows\System32\Tasks\Process Explorer-CustomDesktop-SomeCrazyStuff
2014-05-30 10:23 - 2014-05-30 10:23 - 00000000 ____D () C:\Windows\pss
2014-05-30 10:20 - 2014-05-30 10:20 - 00000022 _____ () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer.zip
2014-05-30 10:20 - 2014-05-30 10:20 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\ProcessExplorer
2014-05-30 09:06 - 2014-04-02 20:18 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Spotify
2014-05-29 22:22 - 2014-03-09 11:25 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 22:22 - 2014-03-09 11:25 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-29 21:40 - 2014-04-05 19:10 - 00001716 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2014-05-29 21:40 - 2014-04-05 19:10 - 00000000 ____D () C:\Program Files\Rainmeter
2014-05-29 21:39 - 2014-05-29 21:39 - 02294104 _____ () C:\Users\SomeCrazyStuff\Downloads\Rainmeter-3.1.exe
2014-05-29 21:20 - 2014-05-29 21:20 - 00000000 ____D () C:\Windows\ERUNT
2014-05-29 21:01 - 2014-05-29 21:00 - 00000000 ____D () C:\AdwCleaner
2014-05-29 10:57 - 2014-05-29 10:56 - 109139530 _____ () C:\Users\SomeCrazyStuff\Downloads\184797-lq.mp4
2014-05-29 00:28 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Spotify
2014-05-27 07:04 - 2013-12-03 14:05 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-27 07:04 - 2013-12-02 01:07 - 00000000 ___RD () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (4).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (3).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (2).mid
2014-05-26 11:25 - 2014-05-26 11:25 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies (1).mid
2014-05-26 11:24 - 2014-05-26 11:24 - 00057810 _____ () C:\Users\SomeCrazyStuff\Downloads\Panic_at_the_Disco-I_write_sins_not_tragedies.mid
2014-05-25 13:18 - 2014-05-25 13:18 - 70087104 _____ (Microsoft Corporation) C:\Users\SomeCrazyStuff\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
2014-05-25 13:17 - 2014-05-25 13:17 - 10140512 _____ () C:\Users\SomeCrazyStuff\Downloads\AirfoilInstaller.exe
2014-05-23 18:39 - 2013-12-02 03:21 - 00000000 ____D () C:\Program Files (x86)\RIFT
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 21:47 - 2014-05-22 21:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-22 21:43 - 2013-12-02 01:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAMAHA
2014-05-22 14:18 - 2014-05-22 14:18 - 00000000 ____D () C:\Program Files (x86)\YAMAHA
2014-05-22 14:17 - 2014-05-22 14:17 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Roaming\InstallShield
2014-05-22 14:14 - 2014-05-22 14:14 - 00000000 ____D () C:\Program Files\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\Yamaha
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\InstallationGuide
2014-05-22 14:13 - 2014-05-22 14:13 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Downloaded Installations
2014-05-22 14:13 - 2013-05-16 18:17 - 05669880 _____ (Yamaha Corporation ) C:\Users\SomeCrazyStuff\Downloads\setup.exe
2014-05-22 14:10 - 2014-05-22 14:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-22 14:10 - 2014-01-04 23:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-22 14:10 - 2014-01-04 23:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-22 14:00 - 2014-05-22 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
2014-05-22 14:00 - 2013-12-02 06:04 - 00001565 _____ () C:\Windows\KB893803v2.log
2014-05-22 14:00 - 2013-12-02 06:04 - 00000000 ____D () C:\Program Files (x86)\amBX
2014-05-22 13:59 - 2014-05-22 13:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
2014-05-22 13:55 - 2014-05-22 13:54 - 00000000 ____D () C:\Program Files\amBX
2014-05-22 13:55 - 2013-12-02 06:05 - 00000000 ____D () C:\ProgramData\amBX_Events
2014-05-22 13:55 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 13:53 - 2012-01-23 11:42 - 101098504 _____ (Saitek ) C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_LightPod_SD7_00000025_64_Full_pfw.exe
2014-05-22 13:53 - 2012-01-23 11:41 - 97336088 _____ (amBX UK Ltd. ) C:\Users\SomeCrazyStuff\Downloads\amBX_Full_Installer_v2.0.0.exe
2014-05-22 13:52 - 2014-05-22 13:52 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\SmartTechnology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
2014-05-22 13:50 - 2014-05-22 13:50 - 00000000 ____D () C:\Program Files\SmartTechnology
2014-05-22 13:49 - 2014-05-22 13:42 - 197817841 _____ () C:\Users\SomeCrazyStuff\Downloads\Cyborg_amBX_64bit.zip
2014-05-22 13:47 - 2014-05-22 13:42 - 129201056 _____ (Mad catz ) C:\Users\SomeCrazyStuff\Downloads\Smart Technology 7_0_27_13 64Bit.exe
2014-05-21 17:48 - 2014-05-21 17:48 - 00000000 ____D () C:\Users\Public\Documents\LeapFrog
2014-05-21 17:43 - 2014-05-21 17:43 - 11171960 _____ (LeapFrog Enterprises, Inc.) C:\Users\SomeCrazyStuff\Downloads\LeapFrogConnectSetup_LeapPadExplorer (1).exe
2014-05-21 17:34 - 2014-05-21 17:34 - 00003910 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-21 17:34 - 2014-05-21 17:34 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-21 17:34 - 2014-05-21 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-21 17:34 - 2013-12-02 02:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Google
2014-05-21 17:34 - 2013-12-02 02:23 - 00000000 ____D () C:\Users\SomeCrazyStuff\AppData\Local\Deployment
2014-05-21 16:08 - 2014-05-21 16:08 - 00000000 ____D () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000
2014-05-21 16:08 - 2014-05-21 16:07 - 01440846 _____ () C:\Users\SomeCrazyStuff\Downloads\mbam-chameleon-1.62.1.1000.zip
2014-05-21 15:50 - 2013-12-02 01:07 - 00001453 _____ () C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-21 15:36 - 2013-12-02 02:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-21 11:23 - 2013-12-02 06:03 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-05-21 11:23 - 2013-12-02 02:18 - 00000000 ____D () C:\ProgramData\Temp
2014-05-18 18:15 - 2013-12-02 02:44 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-05-16 20:49 - 2014-05-09 14:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-12 07:26 - 2014-05-22 21:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-22 21:47 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-22 21:47 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\SomeCrazyStuff\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd8y5cf.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-29 09:54

==================== End Of Log ============================

 

 

 

 

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 


  • 0

#9
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Also, computer runs fine. i never had any performance issues. But chrome still doesnt open.

 

I did notice that something i did opened a link in chrome successfully. so the program is working. once chrome is open, i have no issues using it. but if i close the window and try to reopen chrome, it crashes again. i am wondering if there is some process that is stopping it. no idea where to begin looking though.


  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
OK, uninstall ESET and then install it again. Make a new scan by following the instructions, I need the log where it has found anything.
  • 0

Advertisements


#11
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

unfortunately, same result.

 

However, I clicked on the export to file button in eset and got this.

 

D:\GEGeek Toolkit\Network Tools\WirelessKeyView\64bit\wirelesskeyview-x64.zip a variant of Win64/WirelessKeyView.B potentially unsafe application
D:\GEGeek Toolkit\Network Tools\WirelessKeyView\64bit\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe application
D:\GEGeek Toolkit\Recovery\RouterPassView\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\GEGeek Toolkit\Recovery\RouterPassView\routerpassview.zip a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\GEGeek Toolkit\Recovery\WirelessKeyView64\wirelesskeyview-x64.zip a variant of Win64/WirelessKeyView.B potentially unsafe application
D:\GEGeek Toolkit\Recovery\WirelessKeyView64\WirelessKeyView.exe a variant of Win64/WirelessKeyView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Network Tools\AngryIPScanner\32bit\ipscan-win32-3.0-beta6.exe Java/AngryIPScan.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Network Tools\Network Sniffer\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\bulletspassview.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\lsasecretsdump.exe Win32/PSWTool.LsaSecretsDump.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\outlookaddressbookview.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\passwordscan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\routerpassview.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\skypelogview.exe a variant of Win32/SkypeLogView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Recovery\RouterPassView\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Uninstallers\AV Uninstallers\ZoneAlarm\clean.exe Win32/Toolbar.Conduit potentially unwanted application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\LSASecretsDump.exe Win32/PSWTool.LsaSecretsDump.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\OutlookAddressBookView.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\PasswordScan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\SkypeLogView.exe a variant of Win32/SkypeLogView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup314.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup323(1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup323(2).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\winzip16-64.exe Win32/Toolbar.Conduit potentially unwanted application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Network Tools\AngryIPScanner\32bit\ipscan-win32-3.0-beta6.exe Java/AngryIPScan.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Network Tools\Network Sniffer\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\bulletspassview.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\lsasecretsdump.exe Win32/PSWTool.LsaSecretsDump.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\outlookaddressbookview.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\passwordscan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\routerpassview.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\skypelogview.exe a variant of Win32/SkypeLogView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Recovery\RouterPassView\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Uninstallers\AV Uninstallers\ZoneAlarm\clean.exe Win32/Toolbar.Conduit potentially unwanted application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\BulletsPassView.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\LSASecretsDump.exe Win32/PSWTool.LsaSecretsDump.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\OutlookAddressBookView.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\PasswordScan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\RouterPassView.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\SkypeLogView.exe a variant of Win32/SkypeLogView.A potentially unsafe application
D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
 


  • 0

#12
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Here is the Eset Log. I had to right click on the OnlineScannerApp.exe under "C:/ Programfiles(x86)/ESET/ESET Online Scanner" and select run as administrator. After the scan this time it created the log file correctly.

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=31137b46a28c474e80c7a53d17f3472a
# engine=18519
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-03 04:35:43
# local_time=2014-06-02 11:35:43 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 11858047 23803737 0 0
# scanned=511846
# found=62
# cleaned=0
# scan_time=13505
sh=7454029ED323A9E527519CA200461D88A92569A5 ft=0 fh=0000000000000000 vn="a variant of Win64/WirelessKeyView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Network Tools\WirelessKeyView\64bit\wirelesskeyview-x64.zip"
sh=AF8F81FD7C88696CB610751F5017153B9202EB57 ft=1 fh=028d4c4119316086 vn="a variant of Win64/WirelessKeyView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Network Tools\WirelessKeyView\64bit\WirelessKeyView.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Recovery\RouterPassView\RouterPassView.exe"
sh=DDD35EC57960C6BAFA0D2610F5616C1A65595BFD ft=0 fh=0000000000000000 vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Recovery\RouterPassView\routerpassview.zip"
sh=7454029ED323A9E527519CA200461D88A92569A5 ft=0 fh=0000000000000000 vn="a variant of Win64/WirelessKeyView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Recovery\WirelessKeyView64\wirelesskeyview-x64.zip"
sh=AF8F81FD7C88696CB610751F5017153B9202EB57 ft=1 fh=028d4c4119316086 vn="a variant of Win64/WirelessKeyView.B potentially unsafe application" ac=I fn="D:\GEGeek Toolkit\Recovery\WirelessKeyView64\WirelessKeyView.exe"
sh=9F3D6D3FD87EBB83098E5615E98C6C8E929EAB84 ft=1 fh=b737a2242915c4a7 vn="Java/AngryIPScan.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Network Tools\AngryIPScanner\32bit\ipscan-win32-3.0-beta6.exe"
sh=36DDADA9EB21C0A8B1E7D4A4BBB20C0E64255208 ft=1 fh=dd742c54311ad357 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Network Tools\Network Sniffer\smsniff.exe"
sh=BF3FF859EF7211176E032FCAD83A1800FEBACF97 ft=1 fh=cabac662270238c7 vn="a variant of Win32/AdapterWatch.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\awatch.exe"
sh=2145F5CA53BFF812952E992A9755FD4224E93546 ft=1 fh=0abec7ecd3aee849 vn="a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\bulletspassview.exe"
sh=26F0AFAD5FD6294808D6BAD0DC2E41DDDEF94CEF ft=1 fh=332bd164004f9f48 vn="Win32/PSWTool.LsaSecretsDump.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\lsasecretsdump.exe"
sh=18474CA61A166C5335ADC4F0F96D7CCFB7BA0A61 ft=1 fh=704198a81eed64d3 vn="a variant of Win32/OutlookAddressBookView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\outlookaddressbookview.exe"
sh=1070B5D8410E1B53E4DF05A49DE6F7FA98D68765 ft=1 fh=cf46cde66cddd60b vn="Win32/PSWTool.WebBrowserPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\passwordscan.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\routerpassview.exe"
sh=FD9D6D1A02E51758BDFBEB424376C1CDDA7142D4 ft=1 fh=62148ab936a2ee5a vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\skypelogview.exe"
sh=FEBF8AA857BBC9BF279228B22D6DC89C570B18E2 ft=1 fh=556ea203cacde9f6 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\NirLaucher\NirSoft\smsniff.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Recovery\RouterPassView\RouterPassView.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnIC.dll"
sh=0E21B4B011AF3625278279C3598B7584CEC6D7A9 ft=1 fh=db225e0c516169ed vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnToolbarInstaller.exe"
sh=9D9EDEB89B1614D02E08F54660E8AA12141E32A8 ft=1 fh=3957f82014de0272 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\Uninstallers\AV Uninstallers\ZoneAlarm\clean.exe"
sh=BF3FF859EF7211176E032FCAD83A1800FEBACF97 ft=1 fh=cabac662270238c7 vn="a variant of Win32/AdapterWatch.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\awatch.exe"
sh=2145F5CA53BFF812952E992A9755FD4224E93546 ft=1 fh=0abec7ecd3aee849 vn="a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\BulletsPassView.exe"
sh=26F0AFAD5FD6294808D6BAD0DC2E41DDDEF94CEF ft=1 fh=332bd164004f9f48 vn="Win32/PSWTool.LsaSecretsDump.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\LSASecretsDump.exe"
sh=18474CA61A166C5335ADC4F0F96D7CCFB7BA0A61 ft=1 fh=704198a81eed64d3 vn="a variant of Win32/OutlookAddressBookView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\OutlookAddressBookView.exe"
sh=1070B5D8410E1B53E4DF05A49DE6F7FA98D68765 ft=1 fh=cf46cde66cddd60b vn="Win32/PSWTool.WebBrowserPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\PasswordScan.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\RouterPassView.exe"
sh=FD9D6D1A02E51758BDFBEB424376C1CDDA7142D4 ft=1 fh=62148ab936a2ee5a vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\SkypeLogView.exe"
sh=FA438A86C48753883B947227F9042622B079DE67 ft=1 fh=478ae53331e6ea59 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Documents\Work\GeeksToGo\Tools\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\smsniff.exe"
sh=5FB6822B24CE1EDC510AD20BBAEA3DFDA97F87B8 ft=1 fh=86f5f05c7551e90b vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup311.exe"
sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup314.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup322.exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup323(1).exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup323(2).exe"
sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup323.exe"
sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup324.exe"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup403.exe"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup404.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\ccsetup408.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\cpu-z_1.62-setup-en.exe"
sh=8C34EAB6DCBC2B0DA91BF66B0D696A35B6936CB6 ft=1 fh=0cc8e7d1d35150e5 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\winzip16-64.exe"
sh=9F3D6D3FD87EBB83098E5615E98C6C8E929EAB84 ft=1 fh=b737a2242915c4a7 vn="Java/AngryIPScan.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Network Tools\AngryIPScanner\32bit\ipscan-win32-3.0-beta6.exe"
sh=36DDADA9EB21C0A8B1E7D4A4BBB20C0E64255208 ft=1 fh=dd742c54311ad357 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Network Tools\Network Sniffer\smsniff.exe"
sh=BF3FF859EF7211176E032FCAD83A1800FEBACF97 ft=1 fh=cabac662270238c7 vn="a variant of Win32/AdapterWatch.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\awatch.exe"
sh=2145F5CA53BFF812952E992A9755FD4224E93546 ft=1 fh=0abec7ecd3aee849 vn="a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\bulletspassview.exe"
sh=26F0AFAD5FD6294808D6BAD0DC2E41DDDEF94CEF ft=1 fh=332bd164004f9f48 vn="Win32/PSWTool.LsaSecretsDump.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\lsasecretsdump.exe"
sh=18474CA61A166C5335ADC4F0F96D7CCFB7BA0A61 ft=1 fh=704198a81eed64d3 vn="a variant of Win32/OutlookAddressBookView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\outlookaddressbookview.exe"
sh=1070B5D8410E1B53E4DF05A49DE6F7FA98D68765 ft=1 fh=cf46cde66cddd60b vn="Win32/PSWTool.WebBrowserPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\passwordscan.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\routerpassview.exe"
sh=FD9D6D1A02E51758BDFBEB424376C1CDDA7142D4 ft=1 fh=62148ab936a2ee5a vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\skypelogview.exe"
sh=FEBF8AA857BBC9BF279228B22D6DC89C570B18E2 ft=1 fh=556ea203cacde9f6 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\NirLaucher\NirSoft\smsniff.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Recovery\RouterPassView\RouterPassView.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnIC.dll"
sh=0E21B4B011AF3625278279C3598B7584CEC6D7A9 ft=1 fh=db225e0c516169ed vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\System Tools\ImgBurn\$TEMP\ApnToolbarInstaller.exe"
sh=9D9EDEB89B1614D02E08F54660E8AA12141E32A8 ft=1 fh=3957f82014de0272 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\Uninstallers\AV Uninstallers\ZoneAlarm\clean.exe"
sh=BF3FF859EF7211176E032FCAD83A1800FEBACF97 ft=1 fh=cabac662270238c7 vn="a variant of Win32/AdapterWatch.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\awatch.exe"
sh=2145F5CA53BFF812952E992A9755FD4224E93546 ft=1 fh=0abec7ecd3aee849 vn="a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\BulletsPassView.exe"
sh=26F0AFAD5FD6294808D6BAD0DC2E41DDDEF94CEF ft=1 fh=332bd164004f9f48 vn="Win32/PSWTool.LsaSecretsDump.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\LSASecretsDump.exe"
sh=18474CA61A166C5335ADC4F0F96D7CCFB7BA0A61 ft=1 fh=704198a81eed64d3 vn="a variant of Win32/OutlookAddressBookView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\OutlookAddressBookView.exe"
sh=1070B5D8410E1B53E4DF05A49DE6F7FA98D68765 ft=1 fh=cf46cde66cddd60b vn="Win32/PSWTool.WebBrowserPassView.C potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\PasswordScan.exe"
sh=63369244FFBD95E4409C7A1B45FC1A5573E86F7D ft=1 fh=d11023d2be3970cc vn="a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\RouterPassView.exe"
sh=FD9D6D1A02E51758BDFBEB424376C1CDDA7142D4 ft=1 fh=62148ab936a2ee5a vn="a variant of Win32/SkypeLogView.A potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\SkypeLogView.exe"
sh=FA438A86C48753883B947227F9042622B079DE67 ft=1 fh=478ae53331e6ea59 vn="a variant of Win32/Sniffer.SniffPass.B potentially unsafe application" ac=I fn="D:\Users\SomeCrazyStuff\Downloads\GEGeek ToolKit\WSCCPortable\NirSoft Utilities\smsniff.exe"
 


  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
How is your PC running?

Attached Files


  • 0

#14
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts

Thank you very much for your time! Computer is running fine. Chrome still doesnt work. It may be something other than malware. wanted to get the green light from you before i moved to to other support.

 

Text from the APPCRASH i get when launching chrome is below, followed by the FRST scan log.

 

Problem signature:

Problem Event Name: APPCRASH

Application Name: chrome.exe

Application Version: 35.0.1916.114

Application Timestamp: 53726019

Fault Module Name: chrome.dll

Fault Module Version: 35.0.1916.114

Fault Module Timestamp: 53725d18

Exception Code: c0000005

Exception Offset: 00728bc8

OS Version: 6.1.7600.2.0.0.256.1

Locale ID: 1033

Additional Information 1: 0a9e

Additional Information 2: 0a9e372d3b4ad19135b953a78882e789

Additional Information 3: 0a9e

Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:

http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt

 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by SomeCrazyStuff at 2014-06-04 19:29:21 Run:2
Running from C:\Users\SomeCrazyStuff\Desktop\GTG
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
D:\Users\SomeCrazyStuff\Downloads\ccsetup*.exe
D:\Users\SomeCrazyStuff\Downloads\cpu-z_1.62-setup-en.exe
D:\Users\SomeCrazyStuff\Downloads\winzip16-64.exe
*****************

D:\Users\SomeCrazyStuff\Downloads\ccsetup*.exe => Moved successfully.
D:\Users\SomeCrazyStuff\Downloads\cpu-z_1.62-setup-en.exe => Moved successfully.
D:\Users\SomeCrazyStuff\Downloads\winzip16-64.exe => Moved successfully.

==== End of Fixlog ====


  • 0

#15
SomeCrazyStuff

SomeCrazyStuff

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 401 posts
Actually, as an update: I started having some issues with my laptop for work today. The problem there was my outlook PST data file wouldnt open. while troubleshooting it, i stumbled on a program called process monitor. after seeing that in action, i decided to use it on my desktop to see if i could find where chrome was failing. I found an entry in the Process Monitor log showing where Chrome was calling functions in another process for AMBX, which is the software controlling the gaming lights i have plugged into the desktop. I uninstalled the applications controlling those and now Chrome works with no faults. That may have been my issue the whole time. I am still glad you were able to go through the logs, though I do apologize for wasting time you could have been using on someone who actually had a malware issue. Thank you, again, for your time! I will continue any instructions you have til you give the green light. Let me know what else you'd like me to do.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP