The internet wouldn't connect until I used System Restore. This is the error I was getting. Don't know if it's related. http://s14.postimg.o...n5/Untitled.png
Trojan process running that slows video 5 seconds after idling [Solved
Started by
wickkidda
, May 26 2014 05:09 PM
-
This topic is locked
#17
Posted 31 May 2014 - 02:46 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Hi,
The internet wouldn't connect until I used System Restore. This is the error I was getting. Don't know if it's related.
Oh yes, very related!! Have a look here http://forum.bitdefe...showtopic=44116
Once well get this cleared up I'll want to talk to your about a different choice of a/v, etc.
In the meantime, just to provide you with some details. So far we've cleaned at least on Rogue from your system along with much Spyware and a few more minor infections. However, as you've seen, when we try to clean some of the remaining infections, much havoc ensues. Hence, I'm going to have you run a different Boot Record scanner. Let's see if we can get some clarity on exactly what is remaining. Keep in mind, the instruction below are just for the scan, I don't want you to tell the Tool to remove it until I see what it is. Ok?
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
#18
Posted 31 May 2014 - 06:42 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-31 20:21:26
-----------------------------
20:21:26.679 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:26.679 Number of processors: 4 586 0x2A07
20:21:26.680 ComputerName: MATT-PC UserName: Matt
20:21:28.327 Initialize success
20:24:28.288 AVAST engine defs: 14053101
20:25:11.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:25:11.217 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
20:25:11.307 Disk 0 MBR read successfully
20:25:11.310 Disk 0 MBR scan
20:25:11.315 Disk 0 Windows 7 default MBR code
20:25:11.322 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:25:11.336 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
20:25:11.353 Disk 0 scanning C:\Windows\system32\drivers
20:25:20.640 Service scanning
20:25:30.169 Service pcregservice C:\Program Files\pcreg\pcreg.exe **INFECTED** Win32:Adware-gen [Adw]
20:25:37.759 Modules scanning
20:25:37.767 Disk 0 trace - called modules:
20:25:37.780 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:25:38.111 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dbd060]
20:25:38.116 3 CLASSPNP.SYS[fffff8800199c43f] -> nt!IofCallDriver -> [0xfffffa8007b08520]
20:25:38.122 5 ACPI.sys[fffff88000f737a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007b04680]
20:25:46.320 AVAST engine scan C:\Windows
20:25:48.593 AVAST engine scan C:\Windows\system32
20:28:15.185 AVAST engine scan C:\Windows\system32\drivers
20:28:28.140 AVAST engine scan C:\Users\Matt
20:32:36.365 File: C:\Users\Matt\AppData\Roaming\Systems Cache\IdleServ.exe **INFECTED** Win32:Downloader-VIP [Trj]
20:35:46.261 AVAST engine scan C:\ProgramData
20:40:36.591 Scan finished successfully
20:41:14.227 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
20:41:14.230 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
#19
Posted 31 May 2014 - 07:06 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Excellent! As I expected.
Ok, please re-run and this time, if the Fix (not the Fix MBR) button is enabled (and I'm hoping it will be), press it. Then post the resulting log.
#20
Posted 01 June 2014 - 11:25 AM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
Only the Fix MBR button was enabled.
#21
Posted 01 June 2014 - 03:26 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Next step,
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Also, run OTL again using the Quick Scan and post that log back to me with the ComboFix results.
#22
Posted 01 June 2014 - 08:54 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
ComboFix 14-05-29.01 - Matt 06/01/2014 22:38:36.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8164.6348 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))
.
.
2014-05-29 19:10 . 2014-05-29 19:10 -------- d-----w- c:\windows\ERUNT
2014-05-29 18:37 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-29 18:16 . 2014-05-29 18:16 -------- d-----w- C:\_OTL
2014-05-26 20:21 . 2014-05-26 20:37 -------- d-----w- c:\program files (x86)\Watch Dogs 2
2014-05-25 06:28 . 2014-05-25 06:28 -------- d-----w- c:\users\Matt\AppData\Roaming\Systems Cache
2014-05-25 06:14 . 2014-05-25 06:46 -------- d-----w- c:\program files (x86)\Watch Dogs
2014-05-23 02:51 . 2014-05-23 03:10 -------- d-----w- c:\program files (x86)\Outlast
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 22:22 . 2014-04-11 17:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 22:20 . 2013-12-08 16:40 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-26 22:20 . 2011-10-15 02:44 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-03 13:51 . 2014-04-11 17:52 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 13:51 . 2014-04-11 17:52 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:50 . 2011-10-15 06:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-05-29 1754816]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"pcreg"="c:\program files\pcreg\service.exe" [2014-03-13 90184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"pcreg"="c:\program files\pcreg\service.exe" [2014-03-13 90184]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A9253YB05TZ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-9-6 1457552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"pcreg"="c:\program files\pcreg\service.exe" [2014-03-13 90184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Overwolf - c:\program files (x86)\Overwolf\Overwolf.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-10 - (no file)
AddRemove-The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1 - c:\program files (x86)\The Elder Scrolls V Skyrim\unins000.exe
AddRemove-Torchlight II © Runic Games_is1 - c:\program files (x86)\Torchlight II\unins000.exe
AddRemove-UmF5bWFuTGVnZW5kcw==_is1 - c:\program files (x86)\Rayman Legends\unins000.exe
AddRemove-Xenimus - c:\program files (x86)\Xenimus\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7b,ea,0b,b2,4d,7b,70,08,0f,57,8f,03,14,8d,b5,6a,94,4f,e7,96,f9,32,e9,
7e,9c,8e,d7,6c,52,85,86,d5,28,65,d8,48,83,eb,6f,b4,b9,22,41,49,72,41,9f,52,\
"??"=hex:0e,36,89,5e,e6,e5,10,4a,dd,10,a4,8c,5c,05,ac,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:d2,56,55,6f,09,f0,18,32
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,24,3b,a3,40,70,f4,fd,
a1,00,ba,e3,b6,1a,60,79,61,fd,8d,5c,16,34,a1,af,3d,b8,5a,df,7c,fd,42,47,b7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-01 22:46:42
ComboFix-quarantined-files.txt 2014-06-02 02:46
.
Pre-Run: 128,188,481,536 bytes free
Post-Run: 128,124,796,928 bytes free
.
- - End Of File - - 743584EC84A4E6A67ED42CDC5D7E83CA
A36C5E4F47E84449FF07ED3517B43A31
OTL logfile created on: 6/1/2014 10:47:54 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.97 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 69.62% Memory free
15.94 Gb Paging File | 13.75 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 119.42 Gb Free Space | 12.82% Space Free | Partition Type: NTFS
Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/30 14:27:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 13:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/30 14:27:49 | 003,853,936 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/29 13:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 13:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
========== Services (SafeList) ==========
SRV:64bit: - [2014/03/13 06:57:44 | 000,033,864 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/30 14:27:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/26 18:20:01 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () [Auto | Stopped] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 02:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/14 16:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 16:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 18:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 18:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 18:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 18:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 04:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 12:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/30 14:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/30 14:27:47 | 000,000,000 | ---D | M]
[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/05/31 14:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2014/05/26 18:57:14 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2013/11/20 10:58:36 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2014/05/27 21:07:02 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/30 14:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/30 14:27:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/06/01 22:45:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/01 22:46:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/06/01 22:46:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/06/01 22:36:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/01 22:36:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/01 22:36:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/01 22:30:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/01 22:28:10 | 005,203,398 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2014/05/31 20:20:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswmbr.exe
[2014/05/30 14:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/29 15:10:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/29 15:10:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 14:37:42 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/29 14:16:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/28 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2014/05/26 18:41:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs 2
[2014/05/25 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch Dogs
[2014/05/25 02:28:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2014/05/25 02:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs
[2014/05/22 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
[2014/05/04 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\NCSOFT
========== Files - Modified Within 30 Days ==========
[2014/06/01 22:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/01 22:45:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/01 22:41:30 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 22:41:30 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/01 22:34:28 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2014/06/01 22:34:08 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/06/01 22:34:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/06/01 22:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/01 22:33:58 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 22:28:14 | 005,203,398 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2014/05/31 20:41:14 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/05/31 20:21:00 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswmbr.exe
[2014/05/29 15:10:21 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 14:36:29 | 001,327,971 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/28 13:40:34 | 003,972,608 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 18:22:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 21:40:18 | 000,000,219 | ---- | M] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | M] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 12:44:19 | 000,779,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 12:44:19 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 12:44:19 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2014/06/01 22:36:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/01 22:36:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/01 22:36:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/01 22:36:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/01 22:36:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/31 20:41:14 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/05/29 14:36:27 | 001,327,971 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/28 13:40:30 | 003,972,608 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/23 21:40:18 | 000,000,219 | ---- | C] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | C] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/03/05 16:28:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/09/08 18:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 18:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 18:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 13:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 11:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 14:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 12:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 01:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 01:16:15 | 000,000,123 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/11/30 14:16:01 | 000,022,528 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/04/29 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2014/05/28 05:07:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2014/01/03 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2014/05/26 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/12/16 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\eBookConverter
[2013/09/10 12:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2014/05/01 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2012/11/07 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 03:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2014/05/25 02:28:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2014/05/16 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2014/03/17 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/12/24 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2014/05/21 02:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG
========== Purity Check ==========
< End of report >
#23
Posted 02 June 2014 - 11:27 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
You've still got on stubborn issue, so let's try a custom script.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the lines between Quote Box below into it:
Folder::
c:\program files\pcreg
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pcreg=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]pcreg=-
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
#24
Posted 02 June 2014 - 01:28 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
Looks like that did the trick. What was that service.exe thing?
ComboFix 14-05-29.01 - Matt 06/02/2014 15:13:21.5.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8164.6244 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pcreg
c:\program files\pcreg\msvcr100.dll
c:\program files\pcreg\nodown.txt
c:\program files\pcreg\pcreg.exe
c:\program files\pcreg\service.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcregservice
-------\Service_pcregservice
.
.
((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))
.
.
2014-06-02 19:19 . 2014-06-02 19:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-02 19:19 . 2014-06-02 19:19 -------- d-----w- c:\users\Matt2\AppData\Local\temp
2014-06-02 19:19 . 2014-06-02 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-29 19:10 . 2014-05-29 19:10 -------- d-----w- c:\windows\ERUNT
2014-05-29 18:37 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-29 18:16 . 2014-05-29 18:16 -------- d-----w- C:\_OTL
2014-05-26 20:21 . 2014-05-26 20:37 -------- d-----w- c:\program files (x86)\Watch Dogs 2
2014-05-25 06:28 . 2014-05-25 06:28 -------- d-----w- c:\users\Matt\AppData\Roaming\Systems Cache
2014-05-25 06:14 . 2014-05-25 06:46 -------- d-----w- c:\program files (x86)\Watch Dogs
2014-05-23 02:51 . 2014-05-23 03:10 -------- d-----w- c:\program files (x86)\Outlast
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 22:22 . 2014-04-11 17:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-26 22:20 . 2013-12-08 16:40 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-26 22:20 . 2011-10-15 02:44 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-03 13:51 . 2014-04-11 17:52 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-03 13:51 . 2014-04-11 17:52 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 13:50 . 2011-10-15 06:54 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-05-29 1754816]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Photosmart 6520 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2A9253YB05TZ;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MOTU Pedal Service.lnk - c:\program files (x86)\MOTU\Audio\MFWAKeys.exe [2012-9-6 1457552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrackPro.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;c:\windows\system32\drivers\MFWAMIDI64.sys;c:\windows\SYSNATIVE\drivers\MFWAMIDI64.sys [x]
R3 MFWAWAVE64;MOTU Audio Wave for 64 bit;c:\windows\system32\drivers\MFWAWAVE64.sys;c:\windows\SYSNATIVE\drivers\MFWAWAVE64.sys [x]
R3 MotuFWA64;MotuFWA64;c:\windows\system32\drivers\Motufwa64.sys;c:\windows\SYSNATIVE\drivers\Motufwa64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
R3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
R3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
R3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
R3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe;c:\windows\runservice.exe [x]
S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files (x86)\MOTU\motuDNSResponder.exe;c:\program files (x86)\MOTU\motuDNSResponder.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Block This Image (ABP)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
TCP: Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-pcreg - c:\program files\pcreg\service.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-pcreg - c:\program files\pcreg\service.exe
HKLM-Run-pcreg - c:\program files\pcreg\service.exe
AddRemove-The Elder Scrolls V Skyrim - High Resolution Texture Pack_is1 - c:\program files (x86)\The Elder Scrolls V Skyrim\unins000.exe
AddRemove-Torchlight II © Runic Games_is1 - c:\program files (x86)\Torchlight II\unins000.exe
AddRemove-UmF5bWFuTGVnZW5kcw==_is1 - c:\program files (x86)\Rayman Legends\unins000.exe
AddRemove-Xenimus - c:\program files (x86)\Xenimus\Uninstal.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-6543664-2043801977-3085460779-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7b,ea,0b,b2,4d,7b,70,08,0f,57,8f,03,14,8d,b5,6a,94,4f,e7,96,f9,32,e9,
7e,9c,8e,d7,6c,52,85,86,d5,28,65,d8,48,83,eb,6f,b4,b9,22,41,49,72,41,9f,52,\
"??"=hex:0e,36,89,5e,e6,e5,10,4a,dd,10,a4,8c,5c,05,ac,ff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:d2,56,55,6f,09,f0,18,32
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,24,3b,a3,40,70,f4,fd,
a1,00,ba,e3,b6,1a,60,79,61,fd,8d,5c,16,34,a1,af,3d,b8,5a,df,7c,fd,42,47,b7
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2014-06-02 15:24:51 - machine was rebooted
ComboFix-quarantined-files.txt 2014-06-02 19:24
ComboFix2.txt 2014-06-02 02:46
.
Pre-Run: 128,244,920,320 bytes free
Post-Run: 127,613,587,456 bytes free
.
- - End Of File - - A3DC980D7F08AF4FFE9242531E488586
A36C5E4F47E84449FF07ED3517B43A31
#25
Posted 02 June 2014 - 03:59 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
Quote
Looks like that did the trick.
Excellent to hear!!
Quote
What was that service.exe thing?
If you go back to Post #17 and follow the link in my first sentence, you'll see the issue. The more troublesome issue was PCreg and it's associated programs. I'm pretty sure that Bit Defender issue/patch is what caused your Internet issue after we ran one of the tools, so make sure you do that patch before you move on to the other stuff in the next paragraph.
So, here's where we are. When you did the System Restore you re-introduced a lot of the low level stuff back into your system. So, please re-run adwCleaner and the Junkware Removal tool to clean up whatever is still on your machine. Then re-run OTL with a quick scan and post all three logs back to me. I suspect we're very close to finishing you up.
#26
Posted 03 June 2014 - 04:11 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
# AdwCleaner v3.211 - Report created 03/06/2014 at 15:08:25
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v30.0 (en-US)
[ File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\prefs.js ]
[ File : C:\Users\Matt2\AppData\Roaming\Mozilla\Firefox\Profiles\sf0i1fpi.default\prefs.js ]
-\\ Google Chrome v
[ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [25242 octets] - [17/11/2013 11:28:40]
AdwCleaner[R1].txt - [6627 octets] - [29/05/2014 14:37:27]
AdwCleaner[R2].txt - [1214 octets] - [03/06/2014 14:56:00]
AdwCleaner[S0].txt - [25657 octets] - [17/11/2013 11:29:43]
AdwCleaner[S1].txt - [5875 octets] - [29/05/2014 15:03:33]
AdwCleaner[S2].txt - [1136 octets] - [03/06/2014 15:08:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1196 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Matt on Tue 06/03/2014 at 17:57:55.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\07udyna9.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/03/2014 at 18:01:28.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 6/3/2014 6:02:35 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.97 Gb Total Physical Memory | 5.83 Gb Available Physical Memory | 73.08% Memory free
15.94 Gb Paging File | 13.66 Gb Available in Paging File | 85.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 117.18 Gb Free Space | 12.58% Space Free | Partition Type: NTFS
Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/30 14:27:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/05/29 13:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
PRC - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe
PRC - [2012/05/30 13:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/12 15:29:02 | 000,953,232 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/11/20 08:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/13 17:38:46 | 000,854,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
PRC - [2009/08/13 17:38:04 | 000,850,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
PRC - [2009/08/13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/30 14:27:49 | 003,853,936 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/05/29 13:37:34 | 002,139,840 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/05/29 13:36:54 | 001,116,864 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/05/16 21:36:10 | 000,756,224 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/05/01 19:35:22 | 020,628,160 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/04/29 20:08:08 | 001,135,104 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-55.dll
MOD - [2014/04/29 20:08:08 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-53.dll
MOD - [2014/04/29 20:08:08 | 000,404,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-55.dll
MOD - [2014/04/29 20:08:08 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-1.dll
MOD - [2014/04/28 20:37:22 | 000,519,168 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-2.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/06 18:23:14 | 001,457,552 | ---- | M] () -- C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
MOD - [2012/05/30 13:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/30 14:27:49 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/29 13:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/26 18:20:01 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/08 18:16:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2013/09/05 11:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 02:38:28 | 000,759,192 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/09/06 18:23:14 | 000,390,544 | ---- | M] (MOTU Inc.) [Auto | Running] -- C:\Program Files (x86)\MOTU\motuDNSResponder.exe -- (MOTU_ZeroConf)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/14 16:51:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/09/14 16:51:41 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/02/25 01:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio5.sys -- (WsAudio_Device(5)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio4.sys -- (WsAudio_Device(4)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio3.sys -- (WsAudio_Device(3)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio2.sys -- (WsAudio_Device(2)
DRV:64bit: - [2013/01/25 18:44:28 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio1.sys -- (WsAudio_Device(1)
DRV:64bit: - [2012/10/10 23:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/10/10 23:08:08 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/09/06 18:24:08 | 000,029,848 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\motubus64.sys -- (motubus)
DRV:64bit: - [2012/09/06 18:24:02 | 000,032,408 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwamidi64.sys -- (MFWAMIDI64)
DRV:64bit: - [2012/09/06 18:24:00 | 000,609,944 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MotuFWA64.sys -- (MotuFWA64)
DRV:64bit: - [2012/09/06 18:23:58 | 000,082,584 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfwawave64.sys -- (MFWAWAVE64)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/01 04:19:24 | 001,041,000 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RTL8192cu)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/07/07 12:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/03/31 15:01:50 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 02:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2010/12/24 16:27:44 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/07 16:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/17 19:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.15
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Matt\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/30 14:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/30 14:27:47 | 000,000,000 | ---D | M]
[2011/10/14 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2014/05/31 14:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions
[2014/04/11 13:19:58 | 000,000,000 | ---D | M] (Settings Manager) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}
[2012/05/10 20:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\j2x55qrb.default\extensions
[2014/05/26 18:57:14 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2013/11/20 10:58:36 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\[email protected]
[2014/05/27 21:07:02 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 21:38:20 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/13 21:22:30 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/05/09 00:21:09 | 000,552,220 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/05/30 14:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/30 14:27:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn\1.0_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/06/02 15:20:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O8 - Extra context menu item: &Block This Image (ABP) - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16E0B6DF-764C-4C1D-BD12-AC3E94EED18A}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C5FD02-38D1-4EB5-8DE3-6AEA0E14B674}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F283811-EC66-4EA4-8717-98882A73DA42}: NameServer = 75.126.206.18,184.173.169.186
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/03 17:58:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\CrashDumps
[2014/06/02 15:20:50 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/06/02 15:19:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/06/01 22:36:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/06/01 22:36:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/06/01 22:36:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/06/01 22:30:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/06/01 22:28:10 | 005,203,398 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2014/05/31 20:20:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswmbr.exe
[2014/05/30 14:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/29 15:10:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/29 15:10:20 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 14:37:42 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/29 14:16:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/28 13:41:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2014/05/26 18:41:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs 2
[2014/05/25 02:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watch Dogs
[2014/05/25 02:28:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2014/05/25 02:14:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Watch Dogs
[2014/05/22 22:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlast
========== Files - Modified Within 30 Days ==========
[2014/06/03 17:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/03 15:16:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 15:16:33 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/03 15:10:07 | 000,001,940 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Copy 1).lnk
[2014/06/03 15:09:18 | 000,000,593 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2014/06/03 15:09:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/06/03 15:09:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/03 15:09:08 | 2125,799,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/03 03:44:08 | 000,609,516 | ---- | M] () -- C:\Users\Matt\Desktop\dangle.png
[2014/06/02 15:20:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/01 22:28:14 | 005,203,398 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\ComboFix.exe
[2014/05/31 20:41:14 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/05/31 20:21:00 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswmbr.exe
[2014/05/29 15:10:21 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe
[2014/05/29 14:36:29 | 001,327,971 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/28 13:40:34 | 003,972,608 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/26 18:41:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2014/05/26 18:22:49 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/23 21:40:18 | 000,000,219 | ---- | M] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | M] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/05/19 18:59:12 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/17 12:44:19 | 000,779,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 12:44:19 | 000,660,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 12:44:19 | 000,121,282 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
========== Files Created - No Company Name ==========
[2014/06/03 03:44:07 | 000,609,516 | ---- | C] () -- C:\Users\Matt\Desktop\dangle.png
[2014/06/01 22:36:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/06/01 22:36:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/06/01 22:36:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/06/01 22:36:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/06/01 22:36:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/31 20:41:14 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2014/05/29 14:36:27 | 001,327,971 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe
[2014/05/28 13:40:30 | 003,972,608 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2014/05/23 21:40:18 | 000,000,219 | ---- | C] () -- C:\Users\Matt\Desktop\Left 4 Dead 2.url
[2014/05/22 23:38:44 | 000,001,554 | ---- | C] () -- C:\Users\Matt\Desktop\Outlast.lnk
[2014/03/05 16:28:26 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll
[2013/09/08 18:16:17 | 000,000,593 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2013/09/08 18:16:16 | 000,045,056 | ---- | C] () -- C:\Windows\mmfs.dll
[2013/09/08 18:16:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2013/05/28 13:11:17 | 000,000,056 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\MOTU FireWire SMPTE Prefs.prefs
[2013/02/28 11:41:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/02/20 14:22:12 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2013/02/19 12:40:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/08/18 01:48:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/08/12 01:16:15 | 000,000,123 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\mbam.context.scan
[2012/07/10 05:53:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2011/11/30 14:16:01 | 000,022,528 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/04/29 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft
[2011/10/14 22:34:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\acccore
[2014/05/28 05:07:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Applian FLV and Media Player
[2014/01/03 18:09:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity
[2012/02/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BigHugeEngine
[2014/05/26 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BitTorrent
[2013/12/16 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\eBookConverter
[2013/09/10 12:07:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\fltk.org
[2012/06/13 23:25:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GameFly
[2012/04/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\GOG.com
[2013/03/24 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Hive Cluster
[2012/10/31 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImTOO
[2013/06/26 15:12:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IonFx
[2011/12/01 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/07/06 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2014/05/01 22:12:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NCSOFT
[2012/11/07 19:24:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OnLive App
[2012/12/07 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PreSonus
[2011/11/30 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Publish Providers
[2013/08/09 03:00:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Screaming Bee
[2011/11/30 14:00:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Sony
[2012/06/21 16:22:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Stardock
[2012/08/03 16:53:57 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Subversion
[2014/05/25 02:28:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Systems Cache
[2011/10/27 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer
[2012/03/07 02:05:43 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\To the Moon - Freebird Games
[2012/08/30 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Trine2
[2014/05/16 00:31:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client
[2013/03/04 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay
[2012/10/24 20:35:12 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ts3overlay_hook_win64
[2014/03/17 01:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tunngle
[2013/12/24 22:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ubisoft
[2014/05/21 02:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\VidCoder
[2011/11/14 07:11:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WinMPG
========== Purity Check ==========
< End of report >
#27
Posted 03 June 2014 - 05:15 PM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
How's the machine running?
#28
Posted 03 June 2014 - 05:46 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
Seems OK. I have a question though I've been waiting to ask since the beginning. For some reason a few years ago when I installed Windows, or sometime after, the icons for My Computer and the personal documents folder named after my machine never showed up on the desktop, but sometime around the first or second step you gave me they appeared. I always wondered why I never had a My Computer icon.
#29
Posted 04 June 2014 - 11:13 AM
Biscuithd
-
- Malware Removal
-
- 2,573 posts
Trusted Helper
You're looking much better.
Just a few more things to check and to clean up.
To answer your question about the missing Desktop. That is a frequent complaint we hear from people with Malware Issues. In all honesty I suspect it's an unintended consequence, because the Malware writer doesn't really want you to know the Malware is there and the missing destop is a big hint! If you have this in the future, be wure to stop by and we'll help you.
Next, run:
Security Check
Download Security Check from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Make sure you post back the results of the Security Check and we'll figure out where you are with that. Also, don't disappear on me as I still have a few more scans for your to run and a little more clean up to do including the Tools that we used.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Attach the entire report in your next reply.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Post the MBAM log for me
Then,
ESET Online Scanner:
Please run a free online scan with the ESET Online Scanner
Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.
Note: This scan works with Internet Explorer or Mozilla FireFox.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
- Click the green ESET Online Scanner box
- Tick the box next to YES, I accept the Terms of Use
then click on: Start - You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install.
- Make sure that the option Remove found threats is unticked
- If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click on Start
- The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close, make sure you copy the logfile first! located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
- Then paste the Logfile in the thread
- Then click on: Finish
To summarize, please post back the Security Check log, the ESET log and the MBAM log.
#30
Posted 04 June 2014 - 10:54 PM
wickkidda
- Topic Starter
-
- Member
-
- 129 posts
Member
The MBAM commands you're saying aren't exactly what I'm seeing on this version, but I ran Threat Scan because it seemed to be the most complete. There was nothing to clean and no notepad popped up, but I copied the log to clipboard. At the bottom is all I could get out of the ESET log before deleting the infected. I'm posting this before I click finish because I already have this post all ready to go and I don't know if it's gonna restart my computer.
Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/4/2014
Scan Time: 10:54:20 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.06.05.02
Rootkit Database: v2014.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Matt
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312806
Time Elapsed: 7 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\Extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\Plugins\npConduitFirefoxPlugin.dll.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\Program Files (x86)\Outlast\Binaries\Win32\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files\pcreg\service.exe.vir Win32/Conduit.SearchProtect.O potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF10.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF11.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF12.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF13.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF14.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF15.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF16.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF17.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF18.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF19.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF2.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF20.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF21.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF22.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF23.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF24.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF25.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF26.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF27.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF28.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF4.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF5.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF6.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF7.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF8.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\07udyna9.default\extensions\{07C9260C-091F-057F-D5BC-0CB91299BEAE}\components\SystemKHlpFF9.dll probably a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\Windows\Installer\MSI4A6C.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
