Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SVCHOST.exe is infected, please help [Closed]


  • This topic is locked This topic is locked

#1
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Member
  • PipPip
  • 32 posts

I have been struggling remove a malware infection on my PC. I have used various free anti-malware and rootkit software, and while I believe I have identified the problem, I am struggling to find the exact solution to remove the infection.

RogueKiller by AliceSoft is identifying 2 infected processes, svchost.exe in both the system32 and SySwow64 folder. Malwarebytes is also blocking outbound traffic related to the infection.

I would greatly appreciate all help in addressing the problem. Thank you.

 

 

 

 

OTL logfile created on: 8/13/2014 2:03:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 11.67 Gb Available Physical Memory | 73.33% Memory free
31.84 Gb Paging File | 28.56 Gb Available in Paging File | 89.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.65 Gb Free Space | 15.50% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 3.43 Gb Free Space | 0.37% Space Free | Partition Type: NTFS
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/13 14:02:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
PRC - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/06 10:23:57 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/08/01 00:52:34 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/07/30 01:00:27 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/26 22:53:02 | 000,060,192 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
PRC - [2014/07/26 22:53:00 | 000,065,824 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 4\program\scalc.exe
PRC - [2014/07/26 19:18:20 | 000,678,912 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 4\program\soffice.bin
PRC - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/03/18 03:25:44 | 018,828,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/12/14 18:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2011/09/28 17:29:46 | 000,905,216 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
PRC - [2010/04/22 19:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/08/01 00:52:34 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/07/30 01:00:26 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/26 22:52:18 | 000,100,640 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\python3.dll
MOD - [2014/07/26 22:52:00 | 001,039,136 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\libxml2.dll
MOD - [2014/07/26 22:52:00 | 000,184,608 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\libxslt.dll
MOD - [2014/07/26 22:51:46 | 000,357,152 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\glew32.dll
MOD - [2014/07/25 09:44:24 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.3\lib\_socket.pyd
MOD - [2014/07/14 16:49:08 | 000,049,744 | ---- | M] () -- C:\Users\GDC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2011/12/14 18:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2011/12/14 11:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2011/09/28 17:29:46 | 000,905,216 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\CAHS.exe
MOD - [2011/04/19 15:56:58 | 000,143,360 | ---- | M] () -- C:\Program Files\Corsair USB Headset\Customapp\Program\VMixHS.dll
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009/08/26 06:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/03/26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- d:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/13 14:00:43 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4B91.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/03 12:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
[2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 01:00:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/13 13:21:49 | 000,000,768 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:46:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:12 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/30 20:02:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/30 20:02:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/13 14:00:43 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/13 13:21:49 | 000,000,768 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/13 13:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/13 10:53:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 10:53:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 10:50:28 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/13 10:50:28 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/13 10:50:28 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/13 10:47:06 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/13 10:47:03 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/08/13 10:47:02 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/08/13 10:45:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/13 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/07 12:11:00 | 000,332,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:44:45 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/31 23:44:28 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 17:46:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2014/07/18 17:16:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:39:04 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2013/02/02 23:33:52 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/13 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴‚
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴‚
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌š
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌š
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽Š
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽Š
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳ˆ
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳ˆ
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹”
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹”
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\‡
[2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\‡
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
 


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

How about a peek at the Rogue Killer scan you mentioned and the Extras.txt that OTL produced.

 

Meantime I'll look at the OTL log.


  • 0

#3
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Thank you very much for your help Biscuithd. :prop:

 

 

Rogue Killer:

 

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin -disaster only [Admin rights]
Mode : Remove -- Date : 08/13/2014  17:08:39

¤¤¤ Bad processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill]
[Proc.Svchost] svchost.exe -- C:\Windows\SysWow64\svchost.exe[x] -> [NoKill]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1    localhost -> DELETED

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721010DLE630 ATA Device +++++
--- User ---
[MBR] bb526e096c9225aed6ac1ded645f8cbf
[BSP] 6e0ed470eecb8f484fc0076dc4d8bd9d : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: OCZ-AGILITY3 ATA Device +++++
--- User ---
[MBR] 6a9c53f0d8ff7805ddb34dd534c5037a
[BSP] 75fff2452ef0cf913d5bbf7ee5eabb81 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 57139 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07312014_173721.log - RKreport_DEL_07312014_231907.log - RKreport_DEL_08022014_150226.log - RKreport_DEL_08132014_131311.log
RKreport_DEL_08132014_131701.log - RKreport_DEL_08132014_132143.log - RKreport_DEL_08132014_164755.log - RKreport_SCN_07312014_173707.log
RKreport_SCN_07312014_231843.log - RKreport_SCN_08022014_150115.log - RKreport_SCN_08022014_160903.log - RKreport_SCN_08132014_131222.log
RKreport_SCN_08132014_131619.log - RKreport_SCN_08132014_132118.log - RKreport_SCN_08132014_164719.log - RKreport_SCN_08132014_170822.log

 

 

 

Extras:

 

OTL Extras logfile created on: 8/13/2014 5:06:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 11.11 Gb Available Physical Memory | 69.82% Memory free
31.84 Gb Paging File | 27.73 Gb Available in Paging File | 87.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.20 Gb Free Space | 14.70% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 4.20 Gb Free Space | 0.45% Space Free | Partition Type: NTFS
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11670738-F740-4029-B21B-FE26335C2EB2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C968DF-DBE8-4F58-A670-EB5AF470A303}" = protocol=6 | dir=in | app=c:\users\gdc\appdata\roaming\utorrent\utorrent.exe |
"{1E919D05-C9E3-447A-A1CC-D63A84F3ADDB}" = protocol=17 | dir=in | app=c:\users\gdc\appdata\roaming\utorrent\utorrent.exe |
"{32AB43E7-E3C5-4D79-B58E-5CC6EAAD8306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F400175-5222-4F89-BC4E-8E25DC709CEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{543BCFF1-B35B-4DE8-8578-6D1E11E9108F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{578ECADA-4B89-4645-A9F3-B1BE17A09C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe |
"{76A74D42-3566-4B72-A39F-90056C15FABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7DFACBBE-71BE-4B5B-B726-D2C357859F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{98ECF2E6-B0B8-4D13-9AEC-C41E7C9D108F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |
"{A197BE4F-EB17-402E-B6EE-F043D3EF71E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A96BF058-1861-41F5-BFC5-23A30295BBC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B164D9EB-ACEF-4827-8E85-2A42C4B401DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{D2FB3FEB-E0D9-4672-A309-6F05D9CC03D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D355C2BE-646F-4BFF-A28A-135375E3EA4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{DC5AA31F-7A10-43A3-9324-FC7C04B6180E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEE8604D-6FF2-4B50-BBB5-33E38BE8B0CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E49FE50F-70EB-48FD-8CC7-577C68149237}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1" = Heroine's Quest 1.1
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{2735A620-D4D1-46CA-8AB2-B88C1EE8B9BD}" = Avira
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}" = LibreOffice 4.3.0.4
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6A13D0C5-0959-4BED-A371-CFC478435DF7}" = The Book of Legends
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair USB Headset
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{df495620-2ba9-412d-828d-b27f020d9fc8}" = Avira
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.83
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5992-1726-3179-3433" = ProPokerTools Odds Oracle 2.2.1
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bog's Adventures in the Underworld_is1" = Bog's Adventures in the Underworld v2.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"Double Dummy Solver_is1" = Double Dummy Solver 10
"DROD 5: The Second Sky_is1" = DROD 5: The Second Sky 5.0.0
"DROD: Journey to Rooted Hold_is1" = DROD: Journey to Rooted Hold 2.0.16
"DROD: The City Beneath_is1" = DROD: The City Beneath 3.0.0
"Elements - Soul of Fire" = Elements - Soul of Fire
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"Host OpenAL" = Host OpenAL
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.23
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"NifflasKnyttUnderground_is1" = Knytt Underground 1.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Quest for Infamy" = Quest for Infamy
"QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1" = Agarest Generations of War Zero
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam" = Steam
"Undefeated" = Undefeated
"VLC media player" = VLC media player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Care 365_is1" = Wise Care 365 3.18
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/10/2014 9:11:37 PM | Computer Name = GDC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 3.0.2.0, time
 stamp: 0x5318d363  Faulting module name: mbamservice.exe, version: 3.0.2.0, time
stamp: 0x5318d363  Exception code: 0x40000015  Fault offset: 0x0007da8a  Faulting process
 id: 0x6f0  Faulting application start time: 0x01cfb49f25b07aae  Faulting application
 path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Faulting
module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Report
 Id: 711b9c68-20f4-11e4-af91-50e549488a59
 
Error - 8/12/2014 11:06:42 AM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/12/2014 11:12:21 AM | Computer Name = GDC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ipmGui.exe, version: 14.0.6.522, time stamp:
 0x53bec647  Faulting module name: ipmGui.exe, version: 14.0.6.522, time stamp: 0x53bec647
Exception
 code: 0xc0000005  Fault offset: 0x00007a4c  Faulting process id: 0x1570  Faulting application
 start time: 0x01cfb63f47d95f2a  Faulting application path: C:\program files (x86)\avira\antivir
 desktop\ipmGui.exe  Faulting module path: C:\program files (x86)\avira\antivir desktop\ipmGui.exe
Report
 Id: 0e003127-2233-11e4-be06-50e549488a59
 
Error - 8/12/2014 12:44:34 PM | Computer Name = GDC-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
 live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
 files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 8/12/2014 12:44:48 PM | Computer Name = GDC-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/12/2014 10:14:33 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/13/2014 10:45:55 AM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 8/13/2014 12:57:57 PM | Computer Name = GDC-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
 live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
 files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".  Definition
 is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Please use
 sxstrace.exe for detailed diagnosis.
 
Error - 8/13/2014 12:58:11 PM | Computer Name = GDC-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "d:\program files (x86)\spybot
 - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8.  The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/13/2014 5:04:03 PM | Computer Name = GDC-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: e23c    Start Time:
 01cfb7395c00162b    Termination Time: 10    Application Path: C:\Users\GDC\Desktop\anti-rootkit\OTL.exe

Report
 Id: 59567456-232d-11e4-ba13-50e549488a59  
 
[ System Events ]
Error - 8/10/2014 9:30:46 AM | Computer Name = GDC-PC | Source = DCOM | ID = 10000
Description =
 
Error - 8/10/2014 9:11:36 PM | Computer Name = GDC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 8/10/2014 9:11:55 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 8/11/2014 9:30:48 AM | Computer Name = GDC-PC | Source = DCOM | ID = 10000
Description =
 
Error - 8/11/2014 3:32:21 PM | Computer Name = GDC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 8/12/2014 11:07:30 AM | Computer Name = GDC-PC | Source = DCOM | ID = 10000
Description =
 
Error - 8/12/2014 6:08:41 PM | Computer Name = GDC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 8/12/2014 10:27:23 PM | Computer Name = GDC-PC | Source = DCOM | ID = 10000
Description =
 
Error - 8/13/2014 10:47:00 AM | Computer Name = GDC-PC | Source = DCOM | ID = 10000
Description =
 
Error - 8/13/2014 1:21:34 PM | Computer Name = GDC-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
 
< End of report >
 


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello,

 

Good work so far. I am going to need some further detail about the svchost file and some others, so I have a Custom OTL script that I need you to run. I also have a question. When you ran RK (RogueKiller) did you try to delete any of the items that RK found or did you "scan" only?

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.



  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
     


netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

 

 


  • 0

#5
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thanks. Things have gotten worse since the last time I posted. I can no longer start windows normally. If I do the display warps and eventually blacks out. Is trying to solve this out of safe mode a realistic option? Or should I be thinking about factory reset?

I don't have any system restores before the problem either.. I think they were corrupted.
  • 0

#6
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

and yes I did delete files on the Rogue killer scan.

 

A couple of registry values and a host file. I had deleted both on previous scans but they returned for subsequent logins.


  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Honestly, what you have a pretty significant infection. I can remove it, but in all honesty it is going to take at least a few exchanges between us and maybe a few days of calendar time. Certainly a Factory Restore would be faster for you.

 

Yes, this lends itself quite well to Safe Mode and I love these kind of problems, but, I can absolutely understand if you'd rather fix it via Factory Restore.

 

The first step is the Custom OTL scan. What that is going to show me is which of your svchost.exe's are not patched (infected). Then I can sub in a good one for all the patched one's on your system. After that we'll see what other goodies this infection has placed on your machine for our amusement.


  • 0

#8
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

All right well I'm willing to give it a go. Thanks again for your efforts.

 

OTL:

 


OTL logfile created on: 8/14/2014 10:07:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.85 Gb Available Physical Memory | 93.26% Memory free
31.84 Gb Paging File | 30.79 Gb Available in Paging File | 96.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.12 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 20.12 Gb Free Space | 2.16% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.91 Mb Free Space | 99.04% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/25 18:12:00 | 000,580,232 | ---- | M] (WiseCleaner.com) [Auto | Stopped] -- d:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/14 16:30:31 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4B91.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/02/03 12:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 D9 7F 42 50 B6 CF 01  [binary data]
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = {109BC141-82FD-4ac4-A7AD-F66434B2338E}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{109BC141-82FD-4ac4-A7AD-F66434B2338E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{276F6CF0-4561-42dd-A291-3427BAA274FE}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
[2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 01:00:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/14 16:32:23 | 000,000,768 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001..\Run: [SpybotSD TeaTimer] d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 14:32:21 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/01 14:32:21 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/01 14:32:21 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/01 14:32:19 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/01 14:32:19 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/01 14:32:19 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/01 14:32:19 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/01 14:32:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/01 14:32:19 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/01 14:32:19 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/01 14:32:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/01 14:32:19 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/01 14:32:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:55 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/08/01 00:44:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/08/01 00:44:52 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:46:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:12 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/30 20:02:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/30 20:02:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/07/26 23:07:32 | 000,875,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/14 21:55:25 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/14 21:55:25 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/14 21:55:25 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/14 21:43:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/14 19:56:45 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 19:56:43 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/08/14 16:32:23 | 000,000,768 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/14 16:30:31 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/14 16:24:01 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/14 01:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/13 10:53:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/13 10:53:50 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:52:34 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/08/01 00:52:34 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:44:45 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/31 23:44:28 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 19:56:15 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/07/31 17:46:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/26 23:07:32 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr110.dll
[2014/07/26 23:07:32 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp110.dll
[2014/07/26 23:07:32 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\vccorlib110.dll
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:39:04 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2013/02/02 23:33:52 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
[2012/04/30 22:08:32 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\.ABC
[2014/08/02 21:10:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Ad-Aware Antivirus
[2013/02/21 18:45:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Anodyne
[2012/09/25 20:48:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\AstralTowers
[2014/04/12 14:53:56 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Battle.net
[2013/01/02 00:40:18 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\BDL+D
[2013/10/27 15:56:29 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Black Home
[2013/08/10 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Bridge Baron 23
[2014/04/19 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.emmanuelsalvacruz.crystalstory2
[2013/04/12 16:56:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.shirogames.evoland
[2014/04/02 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\com.treefortress.Bardbarian
[2012/01/02 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Corsair
[2013/11/06 23:43:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Crazy Viking Studios
[2012/06/06 22:14:26 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DAEMON Tools Lite
[2013/12/30 15:10:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Darkblood Chronicles
[2012/12/01 01:04:02 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\DefendersQuest
[2014/06/13 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Double Dummy Solver
[2013/01/27 17:22:57 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Doublefine
[2012/11/04 18:47:09 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dwarfs
[2012/06/03 12:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Dynamite Jack
[2013/10/05 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Epic Quest Saves
[2014/07/15 15:25:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Fancy Fish Games
[2014/05/28 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FearlessFantasy
[2013/05/03 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\FEZ
[2012/11/10 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Frogwares
[2013/12/30 14:31:31 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\GD_RPG
[2013/10/04 02:09:47 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Journey - The Heart of Gaia Strategy Guide_OptimizedSize_
[2014/08/04 15:43:13 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\KeePass
[2013/08/19 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceIII_Saves
[2013/08/12 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LaxiusForceII_Saves
[2012/02/10 21:56:08 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Leahs_Tale
[2012/04/29 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LegacyInteractive
[2014/08/06 21:58:18 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LibreOffice
[2013/11/02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\LoneSurvivor
[2012/11/28 16:24:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Might & Magic Heroes VI
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM2_Saves
[2013/07/31 00:52:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM3_Saves
[2013/07/31 10:28:35 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM4_Saves
[2013/08/03 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\MM5_Saves
[2012/09/03 14:57:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Moonchild_Saves
[2013/01/14 19:58:36 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Nifflas
[2013/12/04 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Onyx
[2012/11/24 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Opaline
[2012/08/11 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\PC Utility Kit
[2013/04/23 00:44:25 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\RenPy
[2013/07/02 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Rogue Legacy
[2012/05/08 22:28:46 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Silverback Productions
[2012/03/18 17:29:12 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Skyborn
[2014/08/14 01:54:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\SoftGrid Client
[2013/08/10 17:48:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Splashtop
[2011/12/28 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sweet Lily Dreams Saves
[2013/11/09 03:40:17 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Sword of the Stars - The Pit
[2012/01/02 18:24:05 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Longest Journey
[2013/05/09 17:19:37 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\The Princess Heart Saves
[2014/01/08 18:53:45 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TheBookofLegends_Saves
[2014/05/24 23:27:54 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TLDCEPC
[2012/02/23 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\TP
[2014/01/10 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/10 01:52:15 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\uTorrent
[2013/02/14 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vendetta
[2014/08/02 15:54:24 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
[2013/12/30 11:54:41 | 000,000,000 | ---D | M] -- C:\Users\GDC\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 22:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014/04/11 22:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014/04/11 22:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 23:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2014/05/14 12:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: QMGR.DLL  >
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
 
< MD5 for: SERVICES  >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2014/05/08 09:48:48 | 000,560,495 | ---- | M] () MD5=12A7DDA9C7CA1AAA2C6F36BB1E24528B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2014/07/25 10:57:50 | 000,008,173 | ---- | M] () MD5=1A328FB4D4EB42C5F6D3407A3DE721ED -- C:\Program Files (x86)\LibreOffice 4\URE\misc\services.rdb
[2014/07/26 22:50:38 | 000,203,858 | ---- | M] () MD5=634998FE7C2EF60FA3438BE6852261D4 -- C:\Program Files (x86)\LibreOffice 4\program\services\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014/03/04 07:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 05:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is A241-9390
 Directory of C:\
07/14/2009  01:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  01:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only
11/30/2013  03:29 AM    <JUNCTION>     Application Data [C:\Users\Admin -disaster only\AppData\Roaming]
11/30/2013  03:29 AM    <JUNCTION>     Cookies [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Cookies]
11/30/2013  03:29 AM    <JUNCTION>     Local Settings [C:\Users\Admin -disaster only\AppData\Local]
11/30/2013  03:29 AM    <JUNCTION>     My Documents [C:\Users\Admin -disaster only\Documents]
11/30/2013  03:29 AM    <JUNCTION>     NetHood [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/30/2013  03:29 AM    <JUNCTION>     PrintHood [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/30/2013  03:29 AM    <JUNCTION>     Recent [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Recent]
11/30/2013  03:29 AM    <JUNCTION>     SendTo [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\SendTo]
11/30/2013  03:29 AM    <JUNCTION>     Start Menu [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu]
11/30/2013  03:29 AM    <JUNCTION>     Templates [C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only\AppData\Local
11/30/2013  03:29 AM    <JUNCTION>     Application Data [C:\Users\Admin -disaster only\AppData\Local]
11/30/2013  03:29 AM    <JUNCTION>     History [C:\Users\Admin -disaster only\AppData\Local\Microsoft\Windows\History]
11/30/2013  03:29 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Admin -disaster only\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Admin -disaster only\Documents
11/30/2013  03:29 AM    <JUNCTION>     My Music [C:\Users\Admin -disaster only\Music]
11/30/2013  03:29 AM    <JUNCTION>     My Pictures [C:\Users\Admin -disaster only\Pictures]
11/30/2013  03:29 AM    <JUNCTION>     My Videos [C:\Users\Admin -disaster only\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  01:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  01:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  01:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  01:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  01:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  01:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  01:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  01:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  01:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  01:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  01:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  01:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  01:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC
12/27/2011  06:57 PM    <JUNCTION>     Application Data [C:\Users\GDC\AppData\Roaming]
12/27/2011  06:57 PM    <JUNCTION>     Cookies [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Cookies]
12/27/2011  06:57 PM    <JUNCTION>     Local Settings [C:\Users\GDC\AppData\Local]
12/27/2011  06:57 PM    <JUNCTION>     My Documents [C:\Users\GDC\Documents]
12/27/2011  06:57 PM    <JUNCTION>     NetHood [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/27/2011  06:57 PM    <JUNCTION>     PrintHood [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/27/2011  06:57 PM    <JUNCTION>     Recent [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Recent]
12/27/2011  06:57 PM    <JUNCTION>     SendTo [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\SendTo]
12/27/2011  06:57 PM    <JUNCTION>     Start Menu [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Start Menu]
12/27/2011  06:57 PM    <JUNCTION>     Templates [C:\Users\GDC\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\AppData\Local
12/27/2011  06:57 PM    <JUNCTION>     Application Data [C:\Users\GDC\AppData\Local]
12/27/2011  06:57 PM    <JUNCTION>     History [C:\Users\GDC\AppData\Local\Microsoft\Windows\History]
12/27/2011  06:57 PM    <JUNCTION>     Temporary Internet Files [C:\Users\GDC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\AppData\LocalLow
12/30/2012  02:27 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\GDC\Documents
12/27/2011  06:57 PM    <JUNCTION>     My Music [C:\Users\GDC\Music]
12/27/2011  06:57 PM    <JUNCTION>     My Pictures [C:\Users\GDC\Pictures]
12/27/2011  06:57 PM    <JUNCTION>     My Videos [C:\Users\GDC\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  01:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  01:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  01:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/09/2011  06:15 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/09/2011  06:15 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
12/09/2011  06:15 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2011  06:15 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2011  06:15 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2011  06:15 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/09/2011  06:15 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
12/09/2011  06:15 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
12/09/2011  06:15 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
12/09/2011  06:15 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/09/2011  06:15 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
12/09/2011  06:15 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
12/09/2011  06:15 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/09/2011  06:15 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
12/09/2011  06:15 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
12/09/2011  06:15 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
12/09/2011  06:15 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/09/2011  06:15 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/09/2011  06:15 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/09/2011  06:15 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
12/09/2011  06:15 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
12/09/2011  06:15 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
12/09/2011  06:15 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              99 Dir(s)   8,716,701,696 bytes free
 
========== Files - Unicode (All) ==========
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
[2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
Extras:
 

OTL Extras logfile created on: 8/14/2014 10:07:42 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.85 Gb Available Physical Memory | 93.26% Memory free
31.84 Gb Paging File | 30.79 Gb Available in Paging File | 96.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.12 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 20.12 Gb Free Space | 2.16% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.91 Mb Free Space | 99.04% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11670738-F740-4029-B21B-FE26335C2EB2}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C968DF-DBE8-4F58-A670-EB5AF470A303}" = protocol=6 | dir=in | app=c:\users\gdc\appdata\roaming\utorrent\utorrent.exe | 
"{1E919D05-C9E3-447A-A1CC-D63A84F3ADDB}" = protocol=17 | dir=in | app=c:\users\gdc\appdata\roaming\utorrent\utorrent.exe | 
"{32AB43E7-E3C5-4D79-B58E-5CC6EAAD8306}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3F400175-5222-4F89-BC4E-8E25DC709CEF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{543BCFF1-B35B-4DE8-8578-6D1E11E9108F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{578ECADA-4B89-4645-A9F3-B1BE17A09C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{76A74D42-3566-4B72-A39F-90056C15FABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7DFACBBE-71BE-4B5B-B726-D2C357859F9F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{98ECF2E6-B0B8-4D13-9AEC-C41E7C9D108F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{A197BE4F-EB17-402E-B6EE-F043D3EF71E6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A96BF058-1861-41F5-BFC5-23A30295BBC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B164D9EB-ACEF-4827-8E85-2A42C4B401DD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{D2FB3FEB-E0D9-4672-A309-6F05D9CC03D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D355C2BE-646F-4BFF-A28A-135375E3EA4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{DC5AA31F-7A10-43A3-9324-FC7C04B6180E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEE8604D-6FF2-4B50-BBB5-33E38BE8B0CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E49FE50F-70EB-48FD-8CC7-577C68149237}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1" = Heroine's Quest 1.1
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{2735A620-D4D1-46CA-8AB2-B88C1EE8B9BD}" = Avira
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}" = LibreOffice 4.3.0.4
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6A13D0C5-0959-4BED-A371-CFC478435DF7}" = The Book of Legends
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair USB Headset
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{df495620-2ba9-412d-828d-b27f020d9fc8}" = Avira
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.83
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5992-1726-3179-3433" = ProPokerTools Odds Oracle 2.2.1
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AudioCS" = Creative Audio Control Panel
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bog's Adventures in the Underworld_is1" = Bog's Adventures in the Underworld v2.0
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"Double Dummy Solver_is1" = Double Dummy Solver 10
"DROD 5: The Second Sky_is1" = DROD 5: The Second Sky 5.0.0
"DROD: Journey to Rooted Hold_is1" = DROD: Journey to Rooted Hold 2.0.16
"DROD: The City Beneath_is1" = DROD: The City Beneath 3.0.0
"Elements - Soul of Fire" = Elements - Soul of Fire
"Google Chrome" = Google Chrome
"Heroes of Might and Magic V - Collectors Edition3.1" = Heroes of Might and Magic V - Collectors Edition
"Host OpenAL" = Host OpenAL
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0630.1
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.23
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"NifflasKnyttUnderground_is1" = Knytt Underground 1.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"Quest for Infamy" = Quest for Infamy 
"QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1" = Agarest Generations of War Zero
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Steam" = Steam
"Undefeated" = Undefeated
"VLC media player" = VLC media player
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Care 365_is1" = Wise Care 365 3.18
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DROD RPG: Tendry's Tale_is1" = DROD RPG: Tendry's Tale 1.1.0
"DROD: The City Beneath_is1" = DROD: The City Beneath 3.3.0
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/14/2014 4:03:08 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/14/2014 4:15:01 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/14/2014 4:23:17 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/14/2014 4:27:12 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/14/2014 7:55:24 PM | Computer Name = GDC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time
 stamp: 0x5339cec3  Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time
 stamp: 0x4df2be1e  Exception code: 0x40000015  Fault offset: 0x0008d6fd  Faulting process
 id: 0x62c  Faulting application start time: 0x01cfb81b2dbedadb  Faulting application
 path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe  Faulting
 module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll  Report
 Id: 74a853e0-240e-11e4-a602-50e549488a59
 
Error - 8/14/2014 7:55:26 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 8/14/2014 7:55:28 PM | Computer Name = GDC-PC | Source = Application Virtualization Client | ID = 5009
Description = {hap=12:app=OfficeVirt 9014006604090000:tid=AA4} The Application Virtualization
 Client could not connect to stream URL 'http://c2r.microsoft....7128.5001.sft'
 (rc 16D1160A-0000E028, original rc 16D1160A-0000E028).
 
Error - 8/14/2014 7:55:28 PM | Computer Name = GDC-PC | Source = Application Virtualization Client | ID = 3008
Description = {hap=12:app=OfficeVirt 9014006604090000:tid=AA4} The client was unable
 to connect to an Application Virtualization Server (rc 16D1160A-0000E028)
 
Error - 8/14/2014 7:55:40 PM | Computer Name = GDC-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbamservice.exe, version: 3.0.2.0, time
 stamp: 0x5318d363  Faulting module name: mbamservice.exe, version: 3.0.2.0, time 
stamp: 0x5318d363  Exception code: 0x40000015  Fault offset: 0x0007da8a  Faulting process
 id: 0x79c  Faulting application start time: 0x01cfb81b37a7bb3f  Faulting application
 path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Faulting 
module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe  Report
 Id: 7e5d4275-240e-11e4-a602-50e549488a59
 
Error - 8/14/2014 9:45:13 PM | Computer Name = GDC-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 9:54:08 PM | Computer Name = GDC-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 8/14/2014 10:09:30 PM | Computer Name = GDC-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
 

  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Wow....<long exhale>...there's a lot going on here :)   However, if you stick with me, we'll get through it. :thumbsup:

 

First, please uninstall uTorrent. Don't just "disable it", uninstall it. It is currently reinfecting you and we won't be able to clean the machine otherwise.

 

Next, I'm going to have you do four different things. An OTL fix, an aswMBR scan, a run of ComboFix and finally an FRST Scan. Then we'll see where we are. Feel free to post this in pieces as you finish a scan. I'm fine with that. Ok, here we go!

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
     
:Commands
[createrestorepoint]
 
:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = {109BC141-82FD-4ac4-A7AD-F66434B2338E}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{109BC141-82FD-4ac4-A7AD-F66434B2338E}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{276F6CF0-4561-42dd-A291-3427BAA274FE}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/07/31 17:46:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/07/31 17:46:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys:commands
[resethosts]
[emptytemp]
[reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.
 

aswMBR.png Scan with aswMBR

Please download aswMBR by Avast! & Gmer and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on the aswMBR.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Allow virtualisation if offered.
  • If you are prompted to download the latest anti-virus definitions from avast!, click No.
  • Select Scan.
  • Upon completion, you will see Scan finished successfully. Click Save log.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

Do NOT click Fix or FixMBR!
A file (MBR.dat) will be created on your desktop. Do NOT click or delete it!

Copy the contents of the logfile ans paste in into your next reply.
Do not forget to re-enable your previously switched-off protection software!

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.


  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.

 

 


  • 0

#10
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

 

 

Wow....<long exhale>...there's a lot going on here xsmile.png.pagespeed.ic.CwSpBGGvqN.png   However, if you stick with me, we'll get through it. xthumbsup.gif.pagespeed.ic.7aXFW0A4z_.pn

 

:yeah:

 

OTL:

 

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = {109BC141-82FD-4ac4-A7AD-F66434B2338E}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{109BC141-82FD-4ac4-A7AD-F66434B2338E}: "URL" = http://www.google.co...q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.google.co...q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{276F6CF0-4561-42dd-A291-3427BAA274FE}: "URL" = http://search.yahoo....evm&type=IEBDSV> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2014/07/31 17:46:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe> in the current context!
Error: Unable to interpret <[2014/07/31 17:46:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe> in the current context!
Error: Unable to interpret <[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮> in the current context!
Error: Unable to interpret <[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮> in the current context!
Error: Unable to interpret <[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥> in the current context!
Error: Unable to interpret <[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥> in the current context!
Error: Unable to interpret <[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴> in the current context!
Error: Unable to interpret <[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴> in the current context!
Error: Unable to interpret <[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌> in the current context!
Error: Unable to interpret <[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌> in the current context!
Error: Unable to interpret <[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D> in the current context!
Error: Unable to interpret <[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D> in the current context!
Error: Unable to interpret <[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽> in the current context!
Error: Unable to interpret <[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽> in the current context!
Error: Unable to interpret <[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6> in the current context!
Error: Unable to interpret <[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6> in the current context!
Error: Unable to interpret <[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª> in the current context!
Error: Unable to interpret <[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª> in the current context!
Error: Unable to interpret <[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳> in the current context!
Error: Unable to interpret <[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳> in the current context!
Error: Unable to interpret <[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E> in the current context!
Error: Unable to interpret <[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E> in the current context!
Error: Unable to interpret <[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹> in the current context!
Error: Unable to interpret <[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹> in the current context!
Error: Unable to interpret <[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K> in the current context!
Error: Unable to interpret <[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K> in the current context!
Error: Unable to interpret <[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C> in the current context!
Error: Unable to interpret <[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C> in the current context!
Error: Unable to interpret <[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B> in the current context!
Error: Unable to interpret <[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys:commands> in the current context!
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 08152014_114225
 
ASW:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-15 11:47:02
-----------------------------
11:47:02.453    OS Version: Windows x64 6.1.7601 Service Pack 1
11:47:02.453    Number of processors: 4 586 0x2A07
11:47:02.453    ComputerName: GDC-PC  UserName: 
11:47:02.531    Initialize success
11:47:02.531    VM: driver load error: 2
11:47:17.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:47:17.335    Disk 0 Vendor: OCZ-AGILITY3 2.11 Size: 57241MB BusType: 3
11:47:17.335    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
11:47:17.335    Disk 1 Vendor: Hitachi_HDS721010DLE630 MS2OA5R0 Size: 953869MB BusType: 3
11:47:17.351    Disk 0 MBR read successfully
11:47:17.351    Disk 0 MBR scan
11:47:17.351    Disk 0 Windows 7 default MBR code
11:47:17.351    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:47:17.351    Disk 0 default boot code
11:47:17.351    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        57139 MB offset 206848
11:47:17.367    Disk 0 scanning C:\Windows\system32\drivers
11:47:18.490    Service scanning
11:47:21.859    Modules scanning
11:47:21.859    Disk 0 trace - called modules:
11:47:21.859    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
11:47:21.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d238060]
11:47:21.859    3 CLASSPNP.SYS[fffff8800191c43f] -> nt!IofCallDriver -> [0xfffffa800cb9bd10]
11:47:21.859    5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d038060]
11:47:21.875    Scan finished successfully
11:47:36.040    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
11:47:36.071    The log file has been saved successfully to "F:\aswMBR.txt"
 
FRST:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Admin -disaster only (administrator) on GDC-PC on 15-08-2014 11:51:41
Running from C:\Users\GDC\Desktop\anti-rootkit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [OTL] => C:\Users\GDC\Desktop\anti-rootkit\OTL.exe [602112 2014-08-14] (OldTimer Tools)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1520015183-56102371-4256460016-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = 
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: [NameServer]8.8.8.8,8.8.8.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-27]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-29] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S2 WiseBootAssistant; d:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-04-25] (WiseCleaner.com)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-31] (Emsisoft GmbH)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-31] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\4B91.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-14] ()
U3 aswMBR; \??\C:\Users\ADMIN-~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\ADMIN-~1\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 11:51 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 14:20 - 2014-08-13 14:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 00:42 - 2014-08-12 01:36 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-07 00:26 - 2014-08-13 16:41 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-06 21:58 - 2014-08-13 23:54 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 17:12 - 2014-08-02 15:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 16:00 - 2014-08-12 11:12 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 14:32 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 14:32 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 14:32 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 14:32 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 14:32 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 14:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 02:32 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\4B91.tmp
2014-08-01 00:58 - 2014-08-14 19:58 - 00508001 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:55 - 2014-08-14 16:02 - 00002030 _____ () C:\Windows\PFRO.log
2014-08-01 00:53 - 2014-08-15 11:43 - 00002632 _____ () C:\Windows\setupact.log
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:48 - 2014-08-01 00:49 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 00:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 00:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 00:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 00:39 - 2014-08-14 19:56 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-01 00:39 - 2014-08-01 00:42 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:24 - 2014-07-31 23:19 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:55 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\FB.tmp
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BBDF.tmp
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:49 - 2014-08-01 01:31 - 00000000 ____D () C:\AdwCleaner
2014-07-31 17:50 - 2014-08-13 13:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 17:50 - 2014-08-13 13:41 - 00000000 ____D () C:\EEK
2014-07-31 17:46 - 2014-07-31 17:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-31 17:43 - 2014-07-31 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-08-14 16:30 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 01:04 - 2014-08-14 16:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-31 01:02 - 2014-08-15 11:51 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-31 00:59 - 2014-07-31 23:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-31 23:44 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 20:02 - 2014-07-31 23:44 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 20:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-29 21:10 - 2013-08-10 02:16 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 11:51 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-15 11:51 - 2014-07-31 01:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-15 11:48 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 11:43 - 2014-08-01 00:53 - 00002632 _____ () C:\Windows\setupact.log
2014-08-15 11:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 19:58 - 2014-08-01 00:58 - 00508001 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 19:57 - 2013-11-30 03:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-14 19:56 - 2014-08-01 00:39 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-14 19:56 - 2013-10-29 18:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 16:30 - 2014-07-31 17:32 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 16:24 - 2013-05-31 00:48 - 00001868 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-14 16:15 - 2014-07-31 01:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 16:11 - 2012-12-31 18:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 16:08 - 2013-11-30 03:29 - 00000000 ____D () C:\Users\Admin -disaster only
2014-08-14 16:05 - 2013-05-31 00:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-08-14 16:03 - 2013-11-08 09:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 16:03 - 2009-07-14 00:45 - 00331592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 16:02 - 2014-08-01 00:55 - 00002030 _____ () C:\Windows\PFRO.log
2014-08-14 01:54 - 2012-02-23 19:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-14 01:14 - 2013-10-29 18:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 00:00 - 2013-05-30 00:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-13 23:54 - 2014-08-06 21:58 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-13 16:41 - 2014-08-07 00:26 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-13 16:16 - 2013-10-29 18:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 14:56 - 2014-08-13 14:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 13:41 - 2014-07-31 17:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 13:41 - 2014-07-31 17:50 - 00000000 ____D () C:\EEK
2014-08-13 10:53 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 10:53 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 23:35 - 2012-01-05 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-12 23:35 - 2012-01-05 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-12 22:13 - 2012-08-20 15:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 20:57 - 2012-08-20 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 12:17 - 2014-02-13 20:39 - 00003964 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-12 11:12 - 2014-08-01 16:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-12 01:36 - 2014-08-12 00:42 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-04 15:43 - 2013-10-05 01:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-02-08 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 22:40 - 2011-12-27 18:57 - 00000000 ____D () C:\Users\GDC
2014-08-03 19:37 - 2014-07-04 01:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 21:10 - 2013-05-31 00:47 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Ad-Aware Antivirus
2014-08-02 15:54 - 2014-08-01 17:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-02 10:42 - 2013-12-28 04:00 - 00000000 ____D () C:\Windows\rescache
2014-08-01 01:31 - 2014-07-31 19:49 - 00000000 ____D () C:\AdwCleaner
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:52 - 2013-10-25 16:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 00:52 - 2013-10-25 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 00:49 - 2014-08-01 00:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:47 - 2013-07-23 00:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-01 00:47 - 2013-07-23 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2013-06-28 12:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 00:42 - 2014-08-01 00:39 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:42 - 2013-05-30 00:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-01 00:39 - 2013-10-04 02:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-01 00:39 - 2013-10-04 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2014-07-31 00:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 23:44 - 2014-07-30 20:02 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 23:44 - 2014-07-30 20:02 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 23:19 - 2014-08-01 00:24 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:56 - 2011-12-09 18:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 19:56 - 2011-12-09 18:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 17:47 - 2014-07-31 17:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:46 - 2014-07-31 17:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-31 17:46 - 2013-11-10 01:17 - 00000000 ____D () C:\Users\GDC\Desktop\Agaresttrainer_+4
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-30 01:00 - 2013-11-16 03:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:11 - 2012-02-01 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-24 08:53 - 2013-05-07 11:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
 
Some content of TEMP:
====================
C:\Users\GDC\AppData\Local\Temp\avgnt.exe
C:\Users\GDC\AppData\Local\Temp\vlc-2.1.5-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 15:25
 
==================== End Of Log ============================
 
 
FRST Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by Admin -disaster only at 2014-08-15 11:51:58
Running from C:\Users\GDC\Desktop\anti-rootkit
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Disabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM-x32\...\{F075020E-43B2-4F2C-9723-C81CE162E7B6}) (Version: 10.5.2.4379 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.106 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agarest Generations of War Zero (HKLM-x32\...\QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1) (Version: 1 - )
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bog's Adventures in the Underworld v2.0 (HKLM-x32\...\Bog's Adventures in the Underworld_is1) (Version:  - Alpha72 Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
Corsair USB Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Double Dummy Solver 10 (HKLM-x32\...\Double Dummy Solver_is1) (Version:  - Bob Richardson & Bo Haglund)
DROD 5: The Second Sky 5.0.0 (HKLM-x32\...\DROD 5: The Second Sky_is1) (Version: 5.0.0 - Caravel Games)
DROD: Journey to Rooted Hold 2.0.16 (HKLM-x32\...\DROD: Journey to Rooted Hold_is1) (Version: 2.0.16 - Caravel Games)
DROD: The City Beneath 3.0.0 (HKLM-x32\...\DROD: The City Beneath_is1) (Version: 3.0.0 - Caravel Games)
Easy Tune 6 B11.0630.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elements - Soul of Fire (HKLM-x32\...\Elements - Soul of Fire) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.101 - Etron Technology) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.54.1.1 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic V - Collectors Edition (HKLM-x32\...\Heroes of Might and Magic V - Collectors Edition3.1) (Version: 3.1 - Ubisoft)
Heroine's Quest 1.1 (HKLM-x32\...\{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1) (Version: 1.0 - Crystal Shard)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Knytt Underground 1.0 (HKLM-x32\...\NifflasKnyttUnderground_is1) (Version:  - Nifflas)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (x32 Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
ProPokerTools Odds Oracle 2.2.1 (HKLM-x32\...\5992-1726-3179-3433) (Version: 2.2.1 - ProPokerTools)
Quest for Infamy  (HKLM-x32\...\Quest for Infamy) (Version:  - Infamous Quests)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sophos Anti-Rootkit 1.5.20 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited)
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Book of Legends (HKLM-x32\...\{6A13D0C5-0959-4BED-A371-CFC478435DF7}) (Version: 1.0.0.1 - LeeGT-Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Undefeated (HKLM-x32\...\Undefeated) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Care 365 3.18 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.18 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.83 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.83 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-08-14 16:32 - 00000768 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0915AC27-E5B0-4A63-B41C-00B10C0525A7} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {0955D8BE-9ED5-44F6-A83A-75A53444BFB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {32670E94-9F47-4DE3-A81C-02A9C2F9D0EA} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2014-07-18] (WiseCleaner.com)
Task: {4B839122-4438-4EAC-8CE7-BD1589B62CD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {D87DF6D0-B287-434D-9B1D-23B02DA81DA7} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-07-07] (WiseCleaner.COM)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\GDC:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:7B532EF3
AlternateDataStreams: C:\ProgramData\TEMP:8EBE034C
AlternateDataStreams: C:\ProgramData\TEMP:D169FA00
AlternateDataStreams: C:\ProgramData\TEMP:DD5042D8
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\Cookies:gs5sys
AlternateDataStreams: C:\Users\GDC\Local Settings:gs5sys
AlternateDataStreams: C:\Users\GDC\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\GDC\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77691568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77691568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: DivXMediaServer => d:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2014 11:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5017) (User: )
Description: {tid=B78}
The Application Virtualization Client could not determine the size of the file system cache (FS status 16D07A0A-0000E0A2).
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5011) (User: )
Description: {tid=B78}
The Application Virtualization Client could not disconnect session 35 (FS status 16D1200A-0000E0A2).
 
Error: (08/15/2014 11:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x764
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (08/15/2014 11:43:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5d4
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (08/15/2014 11:23:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5f4
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (08/14/2014 09:45:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/15/2014 11:47:25 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 11:44:48 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2014 11:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5017) (User: )
Description: {tid=B78}
16D07A0A-0000E0A2
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5011) (User: )
Description: {tid=B78}
3516D1200A-0000E0A2
 
Error: (08/15/2014 11:43:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a76401cfb89fadeedb14C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exef4a51f7f-2492-11e4-87e1-50e549488a59
 
Error: (08/15/2014 11:43:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5d401cfb89fa41f8f53C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlleafbe9c2-2492-11e4-87e1-50e549488a59
 
Error: (08/15/2014 11:23:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:20:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:20:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5f401cfb89c667276f1C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllad4ed160-248f-11e4-bc0a-50e549488a59
 
Error: (08/14/2014 09:45:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-01 02:32:51.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-01 02:32:51.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:59:27.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:59:26.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:55:12.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:55:12.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:54:55.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:54:55.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 7%
Total physical RAM: 16301.12 MB
Available physical RAM: 15142.88 MB
Total Pagefile: 32600.41 MB
Available Pagefile: 31472.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.8 GB) (Free:8.16 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:20.12 GB) NTFS
Drive f: () (Removable) (Total:0.49 GB) (Free:0.48 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: CE920B6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE920B61)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 500 MB) (Disk ID: 73696420)
No partition Table on disk 2.
 
==================== End Of Log ============================
 

  • 0

Advertisements


#11
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

My computer rebooted while it was running Combo Fix (I wasn't watching closely). I did get the log afterwards.

 

Log:

ComboFix 14-08-15.01 - Admin -disaster only 08/15/2014  11:53:47.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16301.15132 [GMT -4:00]
Running from: C:\Users\GDC\Desktop\anti-rootkit\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
After that I ran FRST again.
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Admin -disaster only (administrator) on GDC-PC on 15-08-2014 12:08:51
Running from C:\Users\GDC\Desktop\anti-rootkit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [combofix] => C:\ComboFix\Combobatch.bat [8272 2014-08-15] ()
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [combofix] => C:\ComboFix\CF20222.3XE /c C:\ComboFixCombobatch.bat
HKLM\...\runonceex: [flags] =>
HKLM-x32\...\RunOnce: [OTL] => C:\Users\GDC\Desktop\anti-rootkit\OTL.exe [602112 2014-08-14] (OldTimer Tools)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1520015183-56102371-4256460016-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL = 
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: [NameServer]8.8.8.8,8.8.8.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-27]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-29] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-31] (Emsisoft GmbH)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-31] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\4B91.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 11:53 - 2014-08-15 11:55 - 00000000 ___SD () C:\ComboFix
2014-08-15 11:53 - 2014-08-15 11:55 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 11:53 - 2014-08-15 11:53 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-15 11:53 - 2014-08-15 11:53 - 00000000 ____D () C:\Qoobox
2014-08-15 11:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 11:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 11:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 11:51 - 2014-08-15 12:08 - 00000000 ____D () C:\FRST
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 14:20 - 2014-08-13 14:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 00:42 - 2014-08-12 01:36 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-07 00:26 - 2014-08-13 16:41 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-06 21:58 - 2014-08-13 23:54 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 17:12 - 2014-08-02 15:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 16:00 - 2014-08-12 11:12 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 14:32 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 14:32 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 14:32 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 14:32 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 14:32 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 14:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 02:32 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\4B91.tmp
2014-08-01 00:58 - 2014-08-15 12:05 - 00532962 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:55 - 2014-08-15 11:56 - 00002576 _____ () C:\Windows\PFRO.log
2014-08-01 00:53 - 2014-08-15 11:56 - 00002688 _____ () C:\Windows\setupact.log
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:48 - 2014-08-01 00:49 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 00:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 00:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 00:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 00:39 - 2014-08-14 19:56 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-01 00:39 - 2014-08-01 00:42 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:24 - 2014-07-31 23:19 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:55 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\FB.tmp
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BBDF.tmp
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:49 - 2014-08-01 01:31 - 00000000 ____D () C:\AdwCleaner
2014-07-31 17:50 - 2014-08-13 13:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 17:50 - 2014-08-13 13:41 - 00000000 ____D () C:\EEK
2014-07-31 17:46 - 2014-07-31 17:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-31 17:43 - 2014-07-31 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-08-14 16:30 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 01:04 - 2014-08-14 16:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-31 01:02 - 2014-08-15 12:08 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-31 00:59 - 2014-07-31 23:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-31 23:44 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 20:02 - 2014-07-31 23:44 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 20:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-29 21:10 - 2013-08-10 02:16 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 12:08 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-15 12:08 - 2014-07-31 01:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-15 12:05 - 2014-08-01 00:58 - 00532962 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 12:03 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:03 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 12:00 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 11:56 - 2014-08-01 00:55 - 00002576 _____ () C:\Windows\PFRO.log
2014-08-15 11:56 - 2014-08-01 00:53 - 00002688 _____ () C:\Windows\setupact.log
2014-08-15 11:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 11:55 - 2014-08-15 11:53 - 00000000 ___SD () C:\ComboFix
2014-08-15 11:55 - 2014-08-15 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 11:55 - 2009-07-13 22:34 - 75497472 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 05505024 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-15 11:54 - 2012-01-05 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-15 11:53 - 2014-08-15 11:53 - 00000000 ___SD () C:\32788R22FWJFW
2014-08-15 11:53 - 2014-08-15 11:53 - 00000000 ____D () C:\Qoobox
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 19:57 - 2013-11-30 03:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-14 19:56 - 2014-08-01 00:39 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-14 19:56 - 2013-10-29 18:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 16:30 - 2014-07-31 17:32 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 16:24 - 2013-05-31 00:48 - 00001868 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-14 16:15 - 2014-07-31 01:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 16:11 - 2012-12-31 18:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 16:08 - 2013-11-30 03:29 - 00000000 ____D () C:\Users\Admin -disaster only
2014-08-14 16:05 - 2013-05-31 00:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-08-14 16:03 - 2013-11-08 09:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 16:03 - 2009-07-14 00:45 - 00331592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 01:54 - 2012-02-23 19:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-14 01:14 - 2013-10-29 18:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 00:00 - 2013-05-30 00:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-13 23:54 - 2014-08-06 21:58 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-13 16:41 - 2014-08-07 00:26 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-13 16:16 - 2013-10-29 18:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 14:56 - 2014-08-13 14:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 13:41 - 2014-07-31 17:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 13:41 - 2014-07-31 17:50 - 00000000 ____D () C:\EEK
2014-08-12 23:35 - 2012-01-05 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-12 22:13 - 2012-08-20 15:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 20:57 - 2012-08-20 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 12:17 - 2014-02-13 20:39 - 00003964 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-12 11:12 - 2014-08-01 16:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-12 01:36 - 2014-08-12 00:42 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-04 15:43 - 2013-10-05 01:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-02-08 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 22:40 - 2011-12-27 18:57 - 00000000 ____D () C:\Users\GDC
2014-08-03 19:37 - 2014-07-04 01:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 21:10 - 2013-05-31 00:47 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Ad-Aware Antivirus
2014-08-02 15:54 - 2014-08-01 17:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-02 10:42 - 2013-12-28 04:00 - 00000000 ____D () C:\Windows\rescache
2014-08-01 01:31 - 2014-07-31 19:49 - 00000000 ____D () C:\AdwCleaner
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:52 - 2013-10-25 16:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 00:52 - 2013-10-25 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 00:49 - 2014-08-01 00:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:47 - 2013-07-23 00:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-01 00:47 - 2013-07-23 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2013-06-28 12:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 00:42 - 2014-08-01 00:39 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:42 - 2013-05-30 00:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-01 00:39 - 2013-10-04 02:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-01 00:39 - 2013-10-04 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2014-07-31 00:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 23:44 - 2014-07-30 20:02 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 23:44 - 2014-07-30 20:02 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 23:19 - 2014-08-01 00:24 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:56 - 2011-12-09 18:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 19:56 - 2011-12-09 18:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 17:47 - 2014-07-31 17:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:46 - 2014-07-31 17:46 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-07-31 17:46 - 2013-11-10 01:17 - 00000000 ____D () C:\Users\GDC\Desktop\Agaresttrainer_+4
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-30 01:00 - 2013-11-16 03:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:11 - 2012-02-01 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-24 08:53 - 2013-05-07 11:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 15:25
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by Admin -disaster only at 2014-08-15 12:09:08
Running from C:\Users\GDC\Desktop\anti-rootkit
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware (Disabled - Out of date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Aware (Disabled - Out of date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}
FW: Lavasoft Ad-Aware (Disabled) {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.12 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM-x32\...\{F075020E-43B2-4F2C-9723-C81CE162E7B6}) (Version: 10.5.2.4379 - Lavasoft)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.106 - Lavasoft)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Agarest Generations of War Zero (HKLM-x32\...\QWdhcmVzdEdlbmVyYXRpb25zb2ZXYXJaZXJv_is1) (Version: 1 - )
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bog's Adventures in the Underworld v2.0 (HKLM-x32\...\Bog's Adventures in the Underworld_is1) (Version:  - Alpha72 Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
Corsair USB Headset (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}) (Version: 1.00.0007 - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Double Dummy Solver 10 (HKLM-x32\...\Double Dummy Solver_is1) (Version:  - Bob Richardson & Bo Haglund)
DROD 5: The Second Sky 5.0.0 (HKLM-x32\...\DROD 5: The Second Sky_is1) (Version: 5.0.0 - Caravel Games)
DROD: Journey to Rooted Hold 2.0.16 (HKLM-x32\...\DROD: Journey to Rooted Hold_is1) (Version: 2.0.16 - Caravel Games)
DROD: The City Beneath 3.0.0 (HKLM-x32\...\DROD: The City Beneath_is1) (Version: 3.0.0 - Caravel Games)
Easy Tune 6 B11.0630.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B11.0630.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Elements - Soul of Fire (HKLM-x32\...\Elements - Soul of Fire) (Version:  - )
Etron USB3.0 Host Controller (x32 Version: 0.101 - Etron Technology) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 3.54.1.1 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic V - Collectors Edition (HKLM-x32\...\Heroes of Might and Magic V - Collectors Edition3.1) (Version: 3.1 - Ubisoft)
Heroine's Quest 1.1 (HKLM-x32\...\{204D4EF9-7415-4927-8B42-99D2F88F1149}_is1) (Version: 1.0 - Crystal Shard)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KeePass Password Safe 2.23 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
Knytt Underground 1.0 (HKLM-x32\...\NifflasKnyttUnderground_is1) (Version:  - Nifflas)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (x32 Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
ON_OFF Charge B11.0110.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version:  - )
ProPokerTools Odds Oracle 2.2.1 (HKLM-x32\...\5992-1726-3179-3433) (Version: 2.2.1 - ProPokerTools)
Quest for Infamy  (HKLM-x32\...\Quest for Infamy) (Version:  - Infamous Quests)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Smart 6 B11.0512.1 (HKLM-x32\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
Sophos Anti-Rootkit 1.5.20 (HKLM-x32\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.2 - Sophos Limited)
Sound Blaster X-Fi (HKLM-x32\...\{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}) (Version: 1.0 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Book of Legends (HKLM-x32\...\{6A13D0C5-0959-4BED-A371-CFC478435DF7}) (Version: 1.0.0.1 - LeeGT-Games)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Undefeated (HKLM-x32\...\Undefeated) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Care 365 3.18 (HKLM-x32\...\Wise Care 365_is1) (Version: 3.18 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.83 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.83 - WiseCleaner.com, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-08-15 11:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0915AC27-E5B0-4A63-B41C-00B10C0525A7} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited)
Task: {0955D8BE-9ED5-44F6-A83A-75A53444BFB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {32670E94-9F47-4DE3-A81C-02A9C2F9D0EA} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe [2014-07-18] (WiseCleaner.com)
Task: {4B839122-4438-4EAC-8CE7-BD1589B62CD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29] (Google Inc.)
Task: {D87DF6D0-B287-434D-9B1D-23B02DA81DA7} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-07-07] (WiseCleaner.COM)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\GDC:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:321156F2
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:7B532EF3
AlternateDataStreams: C:\ProgramData\TEMP:8EBE034C
AlternateDataStreams: C:\ProgramData\TEMP:D169FA00
AlternateDataStreams: C:\ProgramData\TEMP:DD5042D8
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\Cookies:gs5sys
AlternateDataStreams: C:\Users\GDC\Local Settings:gs5sys
AlternateDataStreams: C:\Users\GDC\Templates:gs5sys
AlternateDataStreams: C:\Users\GDC\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\Application Data:gs5sys
AlternateDataStreams: C:\Users\GDC\AppData\Local\History:gs5sys
AlternateDataStreams: C:\Users\GDC\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77691568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77691568.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: DivXMediaServer => d:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2014 00:08:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:56:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x70c
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (08/15/2014 11:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:56:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x5d0
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
 
Error: (08/15/2014 11:53:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (08/15/2014 11:53:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (08/15/2014 11:53:14 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (08/15/2014 11:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5017) (User: )
Description: {tid=B78}
The Application Virtualization Client could not determine the size of the file system cache (FS status 16D07A0A-0000E0A2).
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5011) (User: )
Description: {tid=B78}
The Application Virtualization Client could not disconnect session 35 (FS status 16D1200A-0000E0A2).
 
 
System errors:
=============
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (08/15/2014 00:06:53 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (08/15/2014 00:06:53 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2014 00:08:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:56:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a70c01cfb8a17eba7731C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exec570bb9b-2494-11e4-8a37-50e549488a59
 
Error: (08/15/2014 11:56:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:56:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd5d001cfb8a174eb2b70C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllbbc9e73f-2494-11e4-8a37-50e549488a59
 
Error: (08/15/2014 11:53:14 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (08/15/2014 11:53:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (08/15/2014 11:53:14 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (08/15/2014 11:46:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5017) (User: )
Description: {tid=B78}
16D07A0A-0000E0A2
 
Error: (08/15/2014 11:43:58 AM) (Source: Application Virtualization Client) (EventID: 5011) (User: )
Description: {tid=B78}
3516D1200A-0000E0A2
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-15 11:55:19.439
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-15 11:55:19.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-01 02:32:51.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-01 02:32:51.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\4B91.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:59:27.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:59:26.983
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:55:12.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:55:12.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FB.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:54:55.075
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-31 23:54:55.049
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\BBDF.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 7%
Total physical RAM: 16301.12 MB
Available physical RAM: 15147.93 MB
Total Pagefile: 32600.41 MB
Available Pagefile: 31477.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.8 GB) (Free:8.61 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:22.69 GB) NTFS
Drive f: () (Removable) (Total:0.49 GB) (Free:0.48 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: CE920B6D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CE920B61)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 500 MB) (Disk ID: 73696420)
No partition Table on disk 2.
 
==================== End Of Log ============================
 
 
 
I can't stress enough how grateful I am for your assistance. Thank you for all the help.

  • 0

#12
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Unfortunately there was an error in the OTL Custom Script. Please try it again with this script.

:Commands

[createrestorepoint]

 

:OTL

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes,DefaultScope = {109BC141-82FD-4ac4-A7AD-F66434B2338E}

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{109BC141-82FD-4ac4-A7AD-F66434B2338E}: "URL" = http://www.google.co...q={searchTerms}

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.google.co...q={searchTerms}

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{276F6CF0-4561-42dd-A291-3427BAA274FE}: "URL" = http://search.yahoo....evm&type=IEBDSV

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\SearchScopes\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH

IE - HKU\S-1-5-21-1520015183-56102371-4256460016-1003\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1520015183-56102371-4256460016-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2014/07/31 17:46:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2014/07/31 17:46:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe

[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮

[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮

[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥

[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥

[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴

[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴

[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌

[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌

[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D

[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D

[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽

[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽

[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6

[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6

[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª

[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª

[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳

[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳

[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E

[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E

[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹

[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹

[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K

[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K

[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C

[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C

[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B

[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys

@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys:commands

[resethosts]

[emptytemp]

[reboot]


  • 0

#13
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Result of latest OTL Fix:
 
All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\SearchScopes\{109BC141-82FD-4ac4-A7AD-F66434B2338E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109BC141-82FD-4ac4-A7AD-F66434B2338E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ not found.
Registry key HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\SearchScopes\{276F6CF0-4561-42dd-A291-3427BAA274FE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{276F6CF0-4561-42dd-A291-3427BAA274FE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FD3163-CE09-45cd-AC0F-56353EBB1C41}\ not found.
HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45d30484-7ded-43d9-957a-d2fd1f046511}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:bj.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysNative\bootdelete.exe moved successfully.
File C:\Windows\SysNative\bootdelete.exe not found.
File C:\Windows\SysWow64\쒮 not found.
File C:\Windows\SysWow64\쒮 not found.
File C:\Windows\SysWow64\윯꺙¥ not found.
File C:\Windows\SysWow64\윯꺙¥ not found.
File C:\Windows\SysWow64\ᶃ꺴 not found.
File C:\Windows\SysWow64\ᶃ꺴 not found.
File C:\Windows\SysWow64\ទ娌 not found.
File C:\Windows\SysWow64\ទ娌 not found.
File C:\Windows\SysWow64\̤D not found.
File C:\Windows\SysWow64\̤D not found.
File C:\Windows\SysWow64\䤽 not found.
File C:\Windows\SysWow64\䤽 not found.
File C:\Windows\SysWow64\獫6 not found.
File C:\Windows\SysWow64\獫6 not found.
File C:\Windows\SysWow64\姎苺ª not found.
File C:\Windows\SysWow64\姎苺ª not found.
File C:\Windows\SysWow64\둂棳 not found.
File C:\Windows\SysWow64\둂棳 not found.
File C:\Windows\SysWow64\ꌎ쵲E not found.
File C:\Windows\SysWow64\ꌎ쵲E not found.
File C:\Windows\SysWow64\㇂茹 not found.
File C:\Windows\SysWow64\㇂茹 not found.
File C:\Windows\SysWow64\瑚䞳K not found.
File C:\Windows\SysWow64\瑚䞳K not found.
File C:\Windows\SysWow64\溼격C not found.
File C:\Windows\SysWow64\溼격C not found.
File C:\Windows\SysWow64\鐻泄B not found.
File C:\Windows\SysWow64\鐻泄B not found.
ADS C:\ProgramData:gs5sys deleted successfully.
Unable to delete ADS C:\Users\Public\Documents\desktop.ini:gs5sys:commands .
File sethosts] not found.
File ptytemp] not found.
File boot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08152014_131913

  • 0

#14
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Better! But, I think it still missed a couple of things.

 

Does it boot normally yet?


  • 0

#15
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I have been afraid to start it in normal mode. You are saying I should?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP