Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SVCHOST.exe is infected, please help [Closed]


  • This topic is locked This topic is locked

#16
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

No, first let's try one more OTL scan.

 

Just Start OTL and click Quick Scan. Then post the results.

 

Then, see if she'll boot normally.


  • 0

Advertisements


#17
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Quick scan:

 

OTL logfile created on: 8/15/2014 1:32:33 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.85 Gb Available Physical Memory | 93.29% Memory free
31.84 Gb Paging File | 30.79 Gb Available in Paging File | 96.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.61 Gb Free Space | 15.44% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 22.69 Gb Free Space | 2.44% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.45 Mb Free Space | 98.95% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/14 16:30:31 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4B91.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
[2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 01:00:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/15 11:55:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [combofix] C:\ComboFix\CF20222.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [combofix] C:\ComboFix\CF20222.3XE (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4:64bit: - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/15 12:06:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/15 11:55:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/15 11:55:29 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\temp
[2014/08/15 11:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/15 11:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/15 11:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/15 11:53:12 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/15 11:53:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/15 11:53:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2014/08/15 11:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/15 11:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:12 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/30 20:02:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/30 20:02:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/15 13:24:06 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/15 13:24:06 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/15 13:24:06 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/15 13:20:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/15 12:03:56 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 12:03:56 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 11:55:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/08/14 19:56:45 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/14 19:56:43 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/08/14 16:30:31 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/14 16:24:01 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/14 01:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:44:45 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/31 23:44:28 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/15 11:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/15 11:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/15 11:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/15 11:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:39:04 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
[2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >

  • 0

#18
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

I tried to boot normally and it failed. A command window with the combo fix heading was popping up insistently in the left corner.


  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
:otl
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
[2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
@Alternate Data Stream - 4608 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
 
Ok, one more OTL fix. Cut/Paste this into OTL as you did before and run fix, etc. Post back results. 

  • 0

#20
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Log:

 

========== OTL ==========
File C:\Windows\SysWow64\쒮 not found.
File C:\Windows\SysWow64\쒮 not found.
File C:\Windows\SysWow64\윯꺙¥ not found.
File C:\Windows\SysWow64\윯꺙¥ not found.
File C:\Windows\SysWow64\ᶃ꺴 not found.
File C:\Windows\SysWow64\ᶃ꺴 not found.
File C:\Windows\SysWow64\ទ娌 not found.
File C:\Windows\SysWow64\ទ娌 not found.
File C:\Windows\SysWow64\̤D not found.
File C:\Windows\SysWow64\̤D not found.
File C:\Windows\SysWow64\䤽 not found.
File C:\Windows\SysWow64\䤽 not found.
File C:\Windows\SysWow64\獫6 not found.
File C:\Windows\SysWow64\獫6 not found.
File C:\Windows\SysWow64\姎苺ª not found.
File C:\Windows\SysWow64\姎苺ª not found.
File C:\Windows\SysWow64\둂棳 not found.
File C:\Windows\SysWow64\둂棳 not found.
File C:\Windows\SysWow64\ꌎ쵲E not found.
File C:\Windows\SysWow64\ꌎ쵲E not found.
File C:\Windows\SysWow64\㇂茹 not found.
File C:\Windows\SysWow64\㇂茹 not found.
File C:\Windows\SysWow64\瑚䞳K not found.
File C:\Windows\SysWow64\瑚䞳K not found.
File C:\Windows\SysWow64\溼격C not found.
File C:\Windows\SysWow64\溼격C not found.
File C:\Windows\SysWow64\鐻泄B not found.
File C:\Windows\SysWow64\鐻泄B not found.
File C:\Windows\SysWow64\ not found.
File C:\Windows\SysWow64\ not found.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 08152014_134358

  • 0

#21
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Uggh....those unicode files are going to be a pain!!

 

Ok, give me some time to ponder this. I can't image that the ADS helped much.

 

Try re-running ComboFix and see if it will finish and give you a log. Also, run aswMBR (instructions in previous post). I'm trying to clear enough junk out of the way so that the tools will run and let us see what's actually going on.


  • 0

#22
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

ComboFix:

 

ComboFix 14-08-15.01 - Admin -disaster only 08/15/2014  14:00:41.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16301.15168 [GMT -4:00]
Running from: c:\users\GDC\Desktop\anti-rootkit\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Lavasoft Ad-Aware *Disabled/Outdated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\GDC\AppData\Roaming\BDL+D
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\2FBD69B0-79F0-4E42-BD3E-4D7EC9D7C148\____.hld
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\2FBD69B0-79F0-4E42-BD3E-4D7EC9D7C148\____.sys
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\39FD8254-8737-4AFF-9C31-D593D385AFD3\____.hld
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\39FD8254-8737-4AFF-9C31-D593D385AFD3\____.sys
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat.1
c:\users\GDC\AppData\Roaming\BDL+D\MANGAGAMER.COM\activation_log.dat.2
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
-------\Service_WiseBootAssistant
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-15 to 2014-08-15  )))))))))))))))))))))))))))))))
.
.
2014-08-15 18:02 . 2014-08-15 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 18:02 . 2014-08-15 18:02 -------- d-----w- c:\users\Admin -disaster only\AppData\Local\temp
2014-08-15 15:51 . 2014-08-15 16:09 -------- d-----w- C:\FRST
2014-08-15 15:42 . 2014-08-15 15:42 -------- d-----w- C:\_OTL
2014-08-13 18:20 . 2014-08-13 18:56 -------- d-----w- c:\users\GDC\AppData\Local\adawarebp
2014-08-13 00:57 . 2014-08-13 00:57 -------- d-----w- c:\users\GDC\AppData\Local\Skype
2014-08-13 00:57 . 2014-08-13 00:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-13 00:57 . 2014-08-13 00:57 -------- d-----r- c:\program files (x86)\Skype
2014-08-07 01:58 . 2014-08-07 01:58 -------- d-----w- c:\users\GDC\AppData\Roaming\LibreOffice
2014-08-07 01:57 . 2014-08-07 01:57 -------- d-----w- c:\program files (x86)\LibreOffice 4
2014-08-06 14:25 . 2014-08-06 14:25 -------- d-----w- c:\programdata\Package Cache
2014-08-04 02:52 . 2014-08-04 02:52 -------- d-----w- c:\program files\7-Zip
2014-08-01 21:12 . 2014-08-02 19:54 -------- d-----w- c:\users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 20:00 . 2014-08-12 15:12 -------- d-----w- c:\users\GDC\AppData\Local\CrashDumps
2014-08-01 06:32 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\4B91.tmp
2014-08-01 04:48 . 2014-08-01 04:49 -------- d-----w- c:\users\GDC\AppData\Roaming\vlc
2014-08-01 04:45 . 2014-08-01 04:45 -------- d-----w- c:\programdata\Oracle
2014-08-01 04:44 . 2014-08-01 04:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-01 04:44 . 2014-07-11 07:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 04:04 . 2014-08-01 04:04 -------- d-----w- c:\users\Admin -disaster only\AppData\Local\CrashDumps
2014-08-01 03:55 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\FB.tmp
2014-07-31 00:02 . 2014-08-01 03:44 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-31 00:02 . 2014-08-01 03:44 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-31 00:02 . 2014-07-31 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-31 00:02 . 2014-07-31 00:02 -------- d-----w- c:\programdata\Malwarebytes
2014-07-31 00:02 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-31 00:02 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-30 23:59 . 2014-07-30 23:59 -------- d-sh--w- c:\users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 23:59 . 2014-07-30 23:59 -------- d-sh--w- c:\users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 23:50 . 2014-07-30 23:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-27 03:07 . 2014-07-27 03:07 875472 ----a-w- c:\windows\SysWow64\msvcr110.dll
2014-07-27 03:07 . 2014-07-27 03:07 535008 ----a-w- c:\windows\SysWow64\msvcp110.dll
2014-07-27 03:07 . 2014-07-27 03:07 252400 ----a-w- c:\windows\SysWow64\vccorlib110.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-01 04:52 . 2013-10-25 20:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-01 04:52 . 2013-10-25 20:05 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-31 23:56 . 2011-12-09 22:33 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-07-31 23:56 . 2011-12-09 22:33 25640 ----a-w- c:\windows\gdrv.sys
2014-07-24 12:53 . 2013-05-07 15:35 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-03 17:03 . 2013-03-27 15:54 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-26 21:40 . 2011-12-29 21:49 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-20 20:14 . 2014-07-08 21:10 266424 ----a-w- c:\windows\system32\iedkcs32.dll
2014-06-19 01:39 . 2014-07-08 21:09 23464448 ----a-w- c:\windows\system32\mshtml.dll
2014-06-19 01:06 . 2014-07-08 21:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-19 01:06 . 2014-07-08 21:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-19 00:48 . 2014-07-08 21:09 2768384 ----a-w- c:\windows\system32\iertutil.dll
2014-06-19 00:42 . 2014-07-08 21:09 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-06-19 00:42 . 2014-07-08 21:09 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-06-19 00:41 . 2014-07-08 21:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-19 00:41 . 2014-07-08 21:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-19 00:32 . 2014-07-08 21:09 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-06-19 00:31 . 2014-07-08 21:10 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-06-19 00:26 . 2014-07-08 21:09 598016 ----a-w- c:\windows\system32\ieui.dll
2014-06-19 00:24 . 2014-07-08 21:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-19 00:24 . 2014-07-08 21:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-19 00:23 . 2014-07-08 21:09 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-19 00:14 . 2014-07-08 21:09 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-19 00:09 . 2014-07-08 21:09 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-06-18 23:59 . 2014-07-08 21:10 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 23:56 . 2014-07-08 21:09 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-06-18 23:53 . 2014-07-08 21:09 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-18 23:51 . 2014-07-08 21:09 5721088 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 23:50 . 2014-07-08 21:09 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-06-18 23:48 . 2014-07-08 21:09 292864 ----a-w- c:\windows\system32\dxtrans.dll
2014-06-18 23:39 . 2014-07-08 21:09 608768 ----a-w- c:\windows\system32\ie4uinit.exe
2014-06-18 23:38 . 2014-07-08 21:09 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-18 23:37 . 2014-07-08 21:09 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-06-18 23:36 . 2014-07-08 21:10 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35 . 2014-07-08 21:09 62464 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-06-18 23:33 . 2014-07-08 21:09 631808 ----a-w- c:\windows\system32\msfeeds.dll
2014-06-18 23:27 . 2014-07-08 21:09 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 23:27 . 2014-07-08 21:09 2040832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 23:23 . 2014-07-08 21:09 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-06-18 23:22 . 2014-07-08 21:10 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-06-18 23:06 . 2014-07-08 21:10 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58 . 2014-07-08 21:09 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 22:52 . 2014-07-08 21:09 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-06-18 22:51 . 2014-07-08 21:09 13527040 ----a-w- c:\windows\system32\ieframe.dll
2014-06-18 22:46 . 2014-07-08 21:09 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45 . 2014-07-08 21:09 1964544 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-06-18 22:34 . 2014-07-08 21:09 1393664 ----a-w- c:\windows\system32\urlmon.dll
2014-06-18 22:15 . 2014-07-08 21:09 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-18 22:13 . 2014-07-08 21:09 1791488 ----a-w- c:\windows\SysWow64\wininet.dll
2014-06-18 02:18 . 2014-07-08 21:10 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 21:10 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-18 01:10 . 2014-07-08 21:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 10:10 . 2014-07-08 21:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-08 21:10 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-08 21:09 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-08 21:09 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-08 21:09 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-06-03 17:15 . 2013-03-27 15:54 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-30 08:08 . 2014-07-08 21:10 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 08:08 . 2014-07-08 21:10 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 08:08 . 2014-07-08 21:10 340992 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 08:08 . 2014-07-08 21:10 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 08:08 . 2014-07-08 21:10 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 08:08 . 2014-07-08 21:10 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 08:08 . 2014-07-08 21:10 22016 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 07:52 . 2014-07-08 21:10 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-05-30 07:52 . 2014-07-08 21:10 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52 . 2014-07-08 21:10 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-05-30 07:52 . 2014-07-08 21:10 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52 . 2014-07-08 21:10 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52 . 2014-07-08 21:10 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-05-30 07:52 . 2014-07-08 21:10 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-05-30 06:45 . 2014-07-08 21:10 497152 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SPIRunE"="SPIRunE.dll" [2007-05-09 18432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-06 751184]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KeePass 2 PreLoad"="d:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-07-20 2010624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-07-14 190032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2013-2-2 8453376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\4B91.tmp;c:\windows\SYSNATIVE\4B91.tmp [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 20:15 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29 22:40]
.
2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-29 22:40]
.
2014-08-15 c:\windows\Tasks\Wise Care 365.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTray.exe [2014-08-01 19:52]
.
2014-08-14 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2014-08-01 21:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2011-03-31 2552320]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{45d30484-7ded-43d9-957a-d2fd1f046511} - (no file)
SafeBoot-77691568.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\4B91.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-08-15  14:03:34
ComboFix-quarantined-files.txt  2014-08-15 18:03
.
Pre-Run: 9,274,961,920 bytes free
Post-Run: 9,094,029,312 bytes free
.
- - End Of File - - AA85697040C92911C5B3FA7E5CA01CAC
A36C5E4F47E84449FF07ED3517B43A31
 
 
Aswmbr:
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-15 11:47:02
-----------------------------
11:47:02.453    OS Version: Windows x64 6.1.7601 Service Pack 1
11:47:02.453    Number of processors: 4 586 0x2A07
11:47:02.453    ComputerName: GDC-PC  UserName: 
11:47:02.531    Initialize success
11:47:02.531    VM: driver load error: 2
11:47:17.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:47:17.335    Disk 0 Vendor: OCZ-AGILITY3 2.11 Size: 57241MB BusType: 3
11:47:17.335    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
11:47:17.335    Disk 1 Vendor: Hitachi_HDS721010DLE630 MS2OA5R0 Size: 953869MB BusType: 3
11:47:17.351    Disk 0 MBR read successfully
11:47:17.351    Disk 0 MBR scan
11:47:17.351    Disk 0 Windows 7 default MBR code
11:47:17.351    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:47:17.351    Disk 0 default boot code
11:47:17.351    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        57139 MB offset 206848
11:47:17.367    Disk 0 scanning C:\Windows\system32\drivers
11:47:18.490    Service scanning
11:47:21.859    Modules scanning
11:47:21.859    Disk 0 trace - called modules:
11:47:21.859    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
11:47:21.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d238060]
11:47:21.859    3 CLASSPNP.SYS[fffff8800191c43f] -> nt!IofCallDriver -> [0xfffffa800cb9bd10]
11:47:21.859    5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d038060]
11:47:21.875    Scan finished successfully
11:47:36.040    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
11:47:36.071    The log file has been saved successfully to "F:\aswMBR.txt"
 
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-15 14:05:02
-----------------------------
14:05:02.384    OS Version: Windows x64 6.1.7601 Service Pack 1
14:05:02.384    Number of processors: 4 586 0x2A07
14:05:02.384    ComputerName: GDC-PC  UserName: 
14:05:02.509    Initialize success
14:05:02.524    VM: driver load error: 2
14:05:10.823    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:05:10.823    Disk 0 Vendor: OCZ-AGILITY3 2.11 Size: 57241MB BusType: 3
14:05:10.823    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
14:05:10.839    Disk 1 Vendor: Hitachi_HDS721010DLE630 MS2OA5R0 Size: 953869MB BusType: 3
14:05:10.839    Disk 0 MBR read successfully
14:05:10.839    Disk 0 MBR scan
14:05:10.839    Disk 0 Windows 7 default MBR code
14:05:10.839    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:05:10.839    Disk 0 default boot code
14:05:10.839    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        57139 MB offset 206848
14:05:10.855    Disk 0 scanning C:\Windows\system32\drivers
14:05:11.931    Service scanning
14:05:15.176    Modules scanning
14:05:15.176    Disk 0 trace - called modules:
14:05:15.176    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
14:05:15.176    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d239060]
14:05:15.176    3 CLASSPNP.SYS[fffff8800193043f] -> nt!IofCallDriver -> [0xfffffa800d036520]
14:05:15.176    5 ACPI.sys[fffff88000f037a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d038060]
14:05:15.191    Scan finished successfully
14:05:20.152    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:05:20.168    The log file has been saved successfully to "F:\aswMBR.txt"
 
 

  • 0

#23
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

We're getting there. One more OTL fix and see if those Unicde files will move.

 

Cut and past this into OTL and Run Fix as before and post resulting log.

:Commands

[createrestorepoint]

 

:OTL

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
 
:files

C:\Windows\SysWow64 /u
 
:commands

[resethosts]

[emptytemp]

[reboot]

  • 0

#24
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

OTL Log:

 

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Unable to delete ADS C:\ProgramData:gs5sys .
========== FILES ==========
File\Folder C:\Windows\SysWow64 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin -disaster only
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: GDC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08152014_141440

  • 0

#25
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, time to take a breath and see where we are. Would you do a fresh OTL scan (Quick Scan) and a fresh FRST scan and post the results.

 

I'll assess and get back to you later.


  • 0

Advertisements


#26
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok great, appreciate all the time you've spent with me so far.

 

OTL:

 

OTL logfile created on: 8/15/2014 2:23:08 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.84 Gb Available Physical Memory | 93.20% Memory free
31.84 Gb Paging File | 30.78 Gb Available in Paging File | 96.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 9.03 Gb Free Space | 16.19% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 22.69 Gb Free Space | 2.44% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.49 Mb Free Space | 98.96% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/14 16:30:31 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4B91.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
[2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 01:00:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/15 14:14:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/15 14:03:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\temp
[2014/08/15 11:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/15 11:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/15 11:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/15 11:53:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/15 11:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/15 11:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:12 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/30 20:02:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/30 20:02:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/15 14:19:31 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/15 14:19:31 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/15 14:19:31 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/15 14:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/15 14:14:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/08/15 13:42:41 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 13:42:41 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 13:35:34 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/15 13:35:33 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/08/14 16:30:31 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/14 16:24:01 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/14 01:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:44:45 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/31 23:44:28 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/15 11:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/15 11:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/15 11:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/15 11:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:39:04 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/29 16:52:35 | 105,033,973 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/18 06:34:01 | 105,033,973 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\쒮
[2013/11/17 18:34:05 | 104,760,117 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 06:34:01 | 104,760,117 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\윯꺙¥
[2013/11/16 00:34:01 | 104,513,208 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/15 06:34:02 | 104,513,208 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ᶃ꺴
[2013/11/14 14:15:24 | 104,278,918 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/10 06:33:58 | 104,278,918 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ទ娌
[2013/11/09 12:33:59 | 103,387,443 | ---- | M] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/06 12:33:59 | 103,387,443 | ---- | C] ()(C:\Windows\SysWow64\???D) -- C:\Windows\SysWow64\̤D
[2013/11/02 09:00:22 | 104,620,600 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/28 03:00:17 | 104,620,600 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\䤽
[2013/10/27 15:00:20 | 103,533,600 | ---- | M] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/24 15:00:45 | 103,533,600 | ---- | C] ()(C:\Windows\SysWow64\???6) -- C:\Windows\SysWow64\獫6
[2013/10/21 21:00:23 | 102,278,179 | ---- | M] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/20 15:00:12 | 102,278,179 | ---- | C] ()(C:\Windows\SysWow64\???ª) -- C:\Windows\SysWow64\姎苺ª
[2013/10/14 23:48:44 | 101,076,544 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/10/12 11:48:42 | 101,076,544 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\둂棳
[2013/09/30 19:31:37 | 098,602,865 | ---- | M] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/24 13:32:04 | 098,602,865 | ---- | C] ()(C:\Windows\SysWow64\???E) -- C:\Windows\SysWow64\ꌎ쵲E
[2013/09/19 14:01:26 | 098,395,704 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/19 14:01:26 | 098,395,704 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㇂茹
[2013/09/15 14:01:28 | 097,671,483 | ---- | M] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/13 02:01:24 | 097,671,483 | ---- | C] ()(C:\Windows\SysWow64\???K) -- C:\Windows\SysWow64\瑚䞳K
[2013/09/12 20:01:23 | 097,412,816 | ---- | M] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/12 20:01:23 | 097,412,816 | ---- | C] ()(C:\Windows\SysWow64\???C) -- C:\Windows\SysWow64\溼격C
[2013/09/07 17:01:30 | 096,533,415 | ---- | M] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 17:01:29 | 096,533,415 | ---- | C] ()(C:\Windows\SysWow64\???B) -- C:\Windows\SysWow64\鐻泄B
[2013/09/06 11:01:29 | 096,334,488 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
[2013/09/03 11:01:02 | 096,334,488 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
 
FSBR:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by Admin -disaster only (administrator) on GDC-PC on 15-08-2014 14:24:43
Running from C:\Users\GDC\Desktop\anti-rootkit
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CAHS1Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2010624 2013-07-20] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe [2552320 2011-03-30] (Gigabyte Technology CO., LTD.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [SpybotSD TeaTimer] => d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation)
HKU\S-1-5-21-1520015183-56102371-4256460016-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1520015183-56102371-4256460016-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name -> {45d30484-7ded-43d9-957a-d2fd1f046511} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: [NameServer]8.8.8.8,8.8.8.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-27]
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-29] (Creative Labs) [File not signed]
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [128928 2010-12-14] (Futuremark Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-31] (Emsisoft GmbH)
S3 CorsairCAHS1; C:\Windows\System32\drivers\CAHS164.sys [1308160 2011-06-16] (C-Media Electronics Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2011-12-30] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-31] (GFI Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MEMSWEEP2; C:\Windows\system32\4B91.tmp [6144 2011-05-12] (Sophos Plc) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 11:53 - 2014-08-15 14:03 - 00000000 ____D () C:\Qoobox
2014-08-15 11:53 - 2014-08-15 14:02 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 11:53 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-15 11:53 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-15 11:53 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-15 11:53 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-15 11:51 - 2014-08-15 14:24 - 00000000 ____D () C:\FRST
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-13 14:20 - 2014-08-13 14:56 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 00:42 - 2014-08-12 01:36 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-07 00:26 - 2014-08-13 16:41 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-06 21:58 - 2014-08-13 23:54 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-01 17:12 - 2014-08-02 15:54 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 16:00 - 2014-08-12 11:12 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 14:32 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 14:32 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 14:32 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-01 14:32 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 14:32 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 14:32 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 14:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 14:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 02:32 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\4B91.tmp
2014-08-01 00:58 - 2014-08-15 13:42 - 00553065 _____ () C:\Windows\WindowsUpdate.log
2014-08-01 00:55 - 2014-08-15 14:15 - 00003128 _____ () C:\Windows\PFRO.log
2014-08-01 00:53 - 2014-08-15 13:37 - 00002800 _____ () C:\Windows\setupact.log
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:48 - 2014-08-01 00:49 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 00:44 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-01 00:44 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-01 00:44 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-01 00:39 - 2014-08-15 13:35 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-01 00:39 - 2014-08-01 00:42 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:24 - 2014-07-31 23:19 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:55 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\FB.tmp
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2011-05-12 14:03 - 00006144 ____N (Sophos Plc) C:\Windows\system32\BBDF.tmp
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:44 - 2014-07-31 23:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:49 - 2014-08-01 01:31 - 00000000 ____D () C:\AdwCleaner
2014-07-31 17:50 - 2014-08-13 13:41 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-07-31 17:50 - 2014-08-13 13:41 - 00000000 ____D () C:\EEK
2014-07-31 17:43 - 2014-07-31 17:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:32 - 2014-08-14 16:30 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 01:04 - 2014-08-14 16:15 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-07-31 01:02 - 2014-08-15 14:24 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-07-31 00:59 - 2014-07-31 23:54 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-31 23:44 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 20:02 - 2014-07-31 23:44 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-30 20:02 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-29 21:10 - 2013-08-10 02:16 - 00450636 _____ () C:\Windows\system32\Drivers\etc\hosts.20140729-211016.backup
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 14:24 - 2014-08-15 11:51 - 00000000 ____D () C:\FRST
2014-08-15 14:24 - 2014-07-31 01:02 - 00000000 ____D () C:\Users\GDC\Desktop\anti-rootkit
2014-08-15 14:24 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 14:15 - 2014-08-01 00:55 - 00003128 _____ () C:\Windows\PFRO.log
2014-08-15 14:03 - 2014-08-15 14:03 - 00027492 _____ () C:\ComboFix.txt
2014-08-15 14:03 - 2014-08-15 11:53 - 00000000 ____D () C:\Qoobox
2014-08-15 14:03 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-08-15 14:02 - 2014-08-15 11:53 - 00000000 ____D () C:\Windows\erdnt
2014-08-15 14:02 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-15 13:42 - 2014-08-01 00:58 - 00553065 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 13:42 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 13:42 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 13:37 - 2014-08-01 00:53 - 00002800 _____ () C:\Windows\setupact.log
2014-08-15 13:37 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 13:35 - 2014-08-01 00:39 - 00000452 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-08-15 13:35 - 2013-10-29 18:40 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 11:55 - 2009-07-13 22:34 - 75497472 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 05505024 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-15 11:55 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-15 11:54 - 2012-01-05 19:52 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-15 11:42 - 2014-08-15 11:42 - 00000000 ____D () C:\_OTL
2014-08-14 19:57 - 2013-11-30 03:33 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
2014-08-14 19:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-14 16:30 - 2014-07-31 17:32 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 16:24 - 2013-05-31 00:48 - 00001868 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-08-14 16:15 - 2014-07-31 01:04 - 00002958 _____ () C:\Users\Admin -disaster only\Desktop\Rkill.txt
2014-08-14 16:11 - 2014-08-14 16:11 - 514927041 _____ () C:\Windows\MEMORY.DMP
2014-08-14 16:11 - 2014-08-14 16:11 - 00572088 _____ () C:\Windows\Minidump\081414-17940-01.dmp
2014-08-14 16:11 - 2012-12-31 18:05 - 00000000 ____D () C:\Windows\Minidump
2014-08-14 16:08 - 2013-11-30 03:29 - 00000000 ____D () C:\Users\Admin -disaster only
2014-08-14 16:05 - 2013-05-31 00:48 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-08-14 16:03 - 2013-11-08 09:35 - 00072264 _____ () C:\Users\GDC\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-14 16:03 - 2009-07-14 00:45 - 00331592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-14 01:54 - 2012-02-23 19:08 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\SoftGrid Client
2014-08-14 01:14 - 2013-10-29 18:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 00:00 - 2013-05-30 00:35 - 00000432 _____ () C:\Windows\Tasks\Wise Turbo Checker.job
2014-08-13 23:54 - 2014-08-06 21:58 - 00046943 _____ () C:\Users\GDC\Desktop\elements walkthrough.ods
2014-08-13 16:41 - 2014-08-07 00:26 - 00049524 _____ () C:\Users\GDC\Desktop\Elements Walkthrough.odt
2014-08-13 16:16 - 2013-10-29 18:41 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 14:56 - 2014-08-13 14:20 - 00000000 ____D () C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 13:41 - 2014-07-31 17:50 - 00000546 _____ () C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
2014-08-13 13:41 - 2014-07-31 17:50 - 00000000 ____D () C:\EEK
2014-08-12 23:35 - 2012-01-05 20:46 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-12 22:13 - 2012-08-20 15:30 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\Users\GDC\AppData\Local\Skype
2014-08-12 20:57 - 2014-08-12 20:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-12 20:57 - 2012-08-20 15:30 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 12:17 - 2014-02-13 20:39 - 00003964 _____ () C:\Users\GDC\Desktop\netflix.txt
2014-08-12 11:12 - 2014-08-01 16:00 - 00000000 ____D () C:\Users\GDC\AppData\Local\CrashDumps
2014-08-12 01:36 - 2014-08-12 00:42 - 00044312 _____ () C:\Users\GDC\Desktop\rotational programs.odt
2014-08-06 21:58 - 2014-08-06 21:58 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 21:57 - 2014-08-06 21:57 - 00001500 _____ () C:\Users\Public\Desktop\LibreOffice 4.3.lnk
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 21:57 - 2014-08-06 21:57 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-08-06 10:25 - 2014-08-06 10:25 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-06 10:25 - 2014-08-06 10:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\ProgramData\Avira
2014-08-06 10:25 - 2013-01-01 17:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-04 15:43 - 2013-10-05 01:59 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\KeePass
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-08-03 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-03 23:30 - 2014-02-08 17:22 - 00000000 ____D () C:\Program Files\WinRAR
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-03 22:52 - 2014-08-03 22:52 - 00000000 ____D () C:\Program Files\7-Zip
2014-08-03 22:40 - 2011-12-27 18:57 - 00000000 ____D () C:\Users\GDC
2014-08-03 19:37 - 2014-07-04 01:48 - 00000425 _____ () C:\Users\GDC\Desktop\July to Do.txt
2014-08-02 21:10 - 2013-05-31 00:47 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Ad-Aware Antivirus
2014-08-02 15:54 - 2014-08-01 17:12 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-02 10:42 - 2013-12-28 04:00 - 00000000 ____D () C:\Windows\rescache
2014-08-01 01:31 - 2014-07-31 19:49 - 00000000 ____D () C:\AdwCleaner
2014-08-01 00:53 - 2014-08-01 00:53 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-01 00:52 - 2013-10-25 16:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-01 00:52 - 2013-10-25 16:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 00:49 - 2014-08-01 00:48 - 00000000 ____D () C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 00:47 - 2013-07-23 00:43 - 00000773 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-01 00:47 - 2013-07-23 00:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-01 00:45 - 2014-08-01 00:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 00:44 - 2014-08-01 00:44 - 00006107 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-01 00:44 - 2014-08-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 00:44 - 2013-06-28 12:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-01 00:42 - 2014-08-01 00:39 - 00002908 _____ () C:\Windows\System32\Tasks\Wise Care 365
2014-08-01 00:42 - 2013-05-30 00:35 - 00003130 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker
2014-08-01 00:39 - 2013-10-04 02:43 - 00002054 _____ () C:\Users\Public\Desktop\Wise Care 365.lnk
2014-08-01 00:39 - 2013-10-04 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2014-08-01 00:04 - 2014-08-01 00:04 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54 - 2014-07-31 23:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 23:54 - 2014-07-31 00:59 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\Users\Admin -disaster only\Desktop\mbar
2014-07-31 23:49 - 2014-07-31 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 23:44 - 2014-07-30 20:02 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 23:44 - 2014-07-30 20:02 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-31 23:19 - 2014-08-01 00:24 - 00000768 _____ () C:\Windows\system32\Drivers\etc\hosts.20140801-002457.backup
2014-07-31 20:08 - 2014-07-31 20:08 - 00000814 _____ () C:\Users\Admin -disaster only\Desktop\JRT.txt
2014-07-31 20:04 - 2014-07-31 20:04 - 00000000 ____D () C:\Windows\ERUNT
2014-07-31 19:56 - 2011-12-09 18:33 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-31 19:56 - 2011-12-09 18:33 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-31 17:47 - 2014-07-31 17:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-31 17:46 - 2013-11-10 01:17 - 00000000 ____D () C:\Users\GDC\Desktop\Agaresttrainer_+4
2014-07-31 17:32 - 2014-07-31 17:32 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-31 00:59 - 2014-07-31 00:59 - 00003229 _____ () C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-31 00:59 - 2014-07-31 00:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-30 20:02 - 2014-07-30 20:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-30 20:02 - 2014-07-30 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 19:59 - 2014-07-30 19:59 - 00000000 __SHD () C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
2014-07-30 19:51 - 2014-07-30 19:51 - 00000000 _____ () C:\autoexec.bat
2014-07-30 01:00 - 2013-11-16 03:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-27 10:29 - 2012-02-01 23:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 01:11 - 2012-02-01 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 23:07 - 2014-07-26 23:07 - 00875472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00535008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2014-07-26 23:07 - 2014-07-26 23:07 - 00252400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2014-07-24 08:53 - 2013-05-07 11:35 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 15:25
 
==================== End Of Log ============================

  • 0

#27
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Latest Scan:

 

OTL logfile created on: 8/15/2014 5:01:35 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GDC\Desktop\anti-rootkit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 14.66 Gb Available Physical Memory | 92.06% Memory free
31.84 Gb Paging File | 30.65 Gb Available in Paging File | 96.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 8.97 Gb Free Space | 16.08% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 22.69 Gb Free Space | 2.44% Space Free | Partition Type: NTFS
Drive F: | 499.71 Mb Total Space | 494.48 Mb Free Space | 98.95% Space Free | Partition Type: FAT
 
Computer Name: GDC-PC | User Name: Admin -disaster only | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/08/14 21:57:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
PRC - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 20:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/19 15:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/08/06 10:24:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/06 10:23:57 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/07/14 16:49:12 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/08 09:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/02/25 17:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/18 03:25:46 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/12/29 17:48:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/14 18:53:44 | 000,303,360 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2010/12/14 20:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2009/10/13 20:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Stopped] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/14 16:30:31 | 000,030,312 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight)
DRV:64bit: - [2014/07/03 13:03:42 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/03 13:15:22 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/11/30 03:27:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/05/31 00:47:29 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/04/24 15:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/12/19 16:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 15:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/06 07:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/30 17:33:26 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/12 18:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2011/07/22 11:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2011/06/16 16:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011/05/25 07:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/05/25 07:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/05/16 10:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\4B91.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 22:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/07/28 21:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb)
DRV - [2014/07/31 00:16:08 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/27 01:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/06 12:30:16 | 000,000,000 | ---D | M]
 
[2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/30 01:00:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/15 14:14:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [KeePass 2 PreLoad] d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/15 14:03:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/08/15 14:03:35 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\temp
[2014/08/15 11:53:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/08/15 11:53:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/08/15 11:53:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/08/15 11:53:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/15 11:53:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/08/15 11:51:24 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/15 11:42:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/08/12 20:57:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/08/12 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/08/06 21:57:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
[2014/08/06 21:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/06 10:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 23:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/08/03 22:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/08/01 00:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/08/01 00:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/01 00:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/01 00:04:24 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Local\CrashDumps
[2014/07/31 23:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 23:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/07/31 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\Desktop\mbar
[2014/07/31 20:04:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/31 19:49:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/31 17:50:35 | 000,000,000 | ---D | C] -- C:\EEK
[2014/07/31 17:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/07/31 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/07/31 00:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2014/07/31 00:59:32 | 000,000,000 | ---D | C] -- C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2014/07/31 00:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2014/07/30 20:02:12 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/30 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/30 20:02:01 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/30 20:02:01 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/30 20:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieUserList
[2014/07/30 19:59:07 | 000,000,000 | -HSD | C] -- C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
[2014/07/30 19:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/15 14:24:17 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/15 14:24:17 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/15 14:24:17 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/15 14:15:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/15 14:14:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/08/15 13:42:41 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 13:42:41 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/15 13:35:34 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/15 13:35:33 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2014/08/14 16:30:31 | 000,030,312 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/08/14 16:24:01 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/08/14 16:11:15 | 514,927,041 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/08/14 16:03:06 | 000,331,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/14 01:14:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/14 00:00:00 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\Wise Turbo Checker.job
[2014/08/13 16:16:54 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/13 13:41:55 | 000,000,546 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/08/12 20:57:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:47:38 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/08/01 00:39:20 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2014/07/31 23:44:45 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/31 23:44:28 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/31 23:19:39 | 000,000,768 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140801-002457.backup
[2014/07/31 19:56:26 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | M] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/07/24 08:53:03 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/15 11:53:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/08/15 11:53:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/08/15 11:53:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/08/15 11:53:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/08/14 16:11:15 | 514,927,041 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/08/12 20:57:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/08/06 21:57:47 | 000,001,500 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.3.lnk
[2014/08/06 10:25:26 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk
[2014/08/01 00:39:04 | 000,000,452 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2014/07/31 17:50:43 | 000,000,546 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Emsisoft Emergency Kit.lnk
[2014/07/31 17:32:56 | 000,030,312 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/07/31 00:59:32 | 000,003,229 | ---- | C] () -- C:\Users\Admin -disaster only\Desktop\Sophos Virus Removal Tool.lnk
[2014/07/30 20:02:02 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/30 19:51:42 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/02/18 02:37:23 | 000,209,920 | ---- | C] () -- C:\Windows\iun3401.exe
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/02/17 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Ad-Aware Antivirus
[2014/05/06 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Double Dummy Solver
[2014/01/09 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Undefeated (Aldorlea Games)
[2014/08/14 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Admin -disaster only\AppData\Roaming\Wise Care 365
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DD5042D8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:7B532EF3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:321156F2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D169FA00
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8EBE034C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 
I was able to boot the computer normally. I should note that Avira Antivirus blocked a suspicious attempt to access the registry immediately.

  • 0

#28
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, booting normally is a good thing! ;)  Let me re-read the scans and figure out next steps.

 

BTW, you have a number of items Hitman Pro and stuff like that, that can actually cause crashes and false positives on a/v software, so I'm also going to have some recommendations for you as far as programs to keep and not, etc. (You could uninstall HitMan Pro right now if you're so inclined)

 

Cross you fingers, but I think we've got the worst of it behind us :thumbsup:


  • 0

#29
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, next steps.

 

Contrary to the old adage of "more is better", anti-virus and spyware don't work that way. You have at least the following although I might have missed something.

 

lavasoft
mbam
sophos
defender
avira
gfi av

 

Pick one a/v and one spyware. Uninstall the others. More than one of a/v and they start to interfere with each and miss things. Same with Spyware.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    
    
    
    
    
    :Commands
    
    [createrestorepoint]
    
    
    
    :otl
    
    [2013/11/16 03:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    
    O2 - BHO: (no name) - {45d30484-7ded-43d9-957a-d2fd1f046511} - No CLSID value found.
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}: NameServer = 8.8.8.8,8.8.8.4
    
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}: DhcpNameServer = 75.75.75.75 75.75.76.76
    
    O32 - AutoRun File - [2014/07/30 19:51:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    
    2014/07/30 19:51:42 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    
    2014/08/15 11:53:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    
    
    
    :commands
    
    [resethosts]
    
    [emptytemp]
    
    [reboot]
    
    
    
    
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    
    process;
    
    services-list;
    
    systemspecs;
    
    startupall;
    
    skipfix-iedefaults;
    
    firefoxlook;
    
    chromelook;
    
    filesrcm;
    
    installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
To summarize, you'll posting back the OTL Moved File log, adwCleaner log, JRT log and ZOEK log.
 
And, let me know how the computer is working too. :)

 


  • 0

#30
ihatesvchost.exe

ihatesvchost.exe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Thank you for your continuing assistance Biscuithd. I am really impressed with the progress we are making. I have started to parse down the number of anti-virus software. Currently running avira as main with spyware blaster & spyboy search & destory as suplementary. I'm not sure what the gfi av you referenced was.

 

I had to run the OTL fix twice because Avira blocked acess to the hosts the first time (2nd time I disabled it):

 

OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45d30484-7ded-43d9-957a-d2fd1f046511}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59336387-7222-43F9-89C2-7C834B5B6993}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D62A7623-BBF0-4091-92FD-FE47161508D5}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD2E990C-0CF0-4E92-A26A-91F8B846CC0F}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ED9ADDFF-B4BD-4DFD-B083-FE0988F18918}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EE3BC820-81E8-4451-B521-2CD5D6D4EF78}\\DhcpNameServer| /E : value set successfully!
File C:\autoexec.bat not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin -disaster only
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: GDC
->Temp folder emptied: 192517 bytes
->Temporary Internet Files folder emptied: 6965 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16377683 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 16.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08162014_125806

 

 

 

 

Adwcleaner:

# AdwCleaner v3.306 - Report created 16/08/2014 at 13:00:39
# Updated 15/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin -disaster only - GDC-PC
# Running from : C:\Users\GDC\Desktop\anti-rootkit\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207


*************************

AdwCleaner[R0].txt - [2615 octets] - [31/07/2014 19:49:17]
AdwCleaner[R1].txt - [821 octets] - [01/08/2014 01:31:29]
AdwCleaner[R2].txt - [853 octets] - [16/08/2014 13:00:39]
AdwCleaner[S0].txt - [2693 octets] - [31/07/2014 19:49:43]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [972 octets] ##########


JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin -disaster only on Sat 08/16/2014 at 13:04:30.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/16/2014 at 13:07:35.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ZOEK:

 

Zoek.exe v5.0.0.0 Updated 15-08-2014
Tool run by Admin -disaster only on Sat 08/16/2014 at 13:12:32.49.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\GDC\Desktop\anti-rootkit\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

8/16/2014 1:13:09 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

@BIOS  
7-Zip 9.20 (x64 edition)  
Adobe AIR  
Adobe Flash Player 14 Plugin  
Adobe Reader XI (11.0.07)  
Adobe Shockwave Player 12.0  
Agarest Generations of War Zero  
AMD Accelerated Video Transcoding  
AMD APP SDK Runtime  
AMD Catalyst Install Manager  
AMD Drag and Drop Transcoding  
AMD Media Foundation Decoders  
Avira  
Avira Free Antivirus  
Bog's Adventures in the Underworld v2.0  
Catalyst Control Center - Branding  
Catalyst Control Center  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
Common RTP 1.0  
Corsair USB Headset  
Creative Audio Control Panel  
Creative MediaSource 5  
Creative Software AutoUpdate  
Creative Sound Blaster Properties x64 Edition  
DAEMON Tools Lite  
DivX Setup  
Double Dummy Solver 10  
DROD 5: The Second Sky 5.0.0  
DROD: Journey to Rooted Hold 2.0.16  
DROD: The City Beneath 3.0.0  
Easy Tune 6 B11.0630.1  
Elements - Soul of Fire  
Etron USB3.0 Host Controller  
Futuremark SystemInfo  
Google Chrome  
Google Update Helper  
Heroes of Might and Magic V - Collectors Edition  
Heroine's Quest 1.1  
Host OpenAL  
Intel® Control Center  
Intel® Management Engine Components  
Intel® Processor Graphics  
Java 7 Update 65  
Java Auto Updater  
Junk Mail filter update  
KeePass Password Safe 2.23  
Knytt Underground 1.0  
LibreOffice 4.3.0.4  
Logitech Gaming Software 5.10  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Choice Guard  
Microsoft Office 2010  
Microsoft Office Click-to-Run 2010  
Microsoft Office Starter 2010 - English  
Microsoft Report Viewer Redistributable 2005  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Sync Framework Runtime Native v1.0 (x86)  
Microsoft Sync Framework Services Native v1.0 (x86)  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft XNA Framework Redistributable 3.1  
Microsoft XNA Framework Redistributable 4.0  
Microsoft XNA Framework Redistributable 4.0 Refresh  
Mozilla Firefox 31.0 (x86 en-US)  
MSVCRT  
NETGEAR WNDA3100v2 wireless USB 2.0 adapter  
ON_OFF Charge B11.0110.1  
PCSX2 - Playstation 2 Emulator  
ProPokerTools Odds Oracle 2.2.1  
Quest for Infamy   
Realtek Ethernet Controller Driver  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
SkypeT 6.18  
Smart 6 B11.0512.1  
Sophos Virus Removal Tool  
Sound Blaster X-Fi  
Spybot - Search & Destroy  
SpywareBlaster 5.0  
Steam  
swMSM  
The Book of Legends  
Ubisoft Game Launcher  
Undefeated  
VC80CRTRedist - 8.0.50727.6195  
VLC media player  
WinDirStat 1.1.2  
Windows Live Call  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Mail  
Windows Live Messenger  
Windows Live Movie Maker  
Windows Live Photo Gallery  
Windows Live Writer  
WinRAR 5.10 (64-bit)  
Wise Care 365 3.18  
Wise Care 365 version 2.83  

==== Running Processes ======================

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Users\GDC\Desktop\anti-rootkit\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [Avira.OE.ServiceHost] - Avira Service Host - "C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe"
R2 - [CTAudSvcService] - Creative Audio Service - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [SBSDWSCService] - SBSD Security Center Service - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\Windows\SysWow64\IntelCpHeciSvc.exe
S3 - [Creative Audio Engine Licensing Service] - Creative Audio Engine Licensing Service - "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe"
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [Futuremark SystemInfo Service] - Futuremark SystemInfo Service - "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V
S3 - [ose] - Office  Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S4 - [Steam Client Service] - Steam Client Service - "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 16302 MB
CPU Info: Intel® Core™ i5-2500 CPU @ 3.30GHz
CPU Speed: 3347.3 MHz
Sound Card: Not detected
Display Adapters: AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | AMD Radeon HD 6800 Series | Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (E: | J: | ) E: ATAPI   iHAS124   B      | J: DTSOFT  BDROM
Ports: COM1 LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  55.8GB | D:  931.5GB | Q:  0.0MB
Hard Disks - Free: C:  8.4GB | D:  20.3GB | Q:  0.0MB
Manufacturer *: Award Software International, Inc.
BIOS Info: AT/AT COMPATIBLE | 07/21/11 | GBT    - 42302e31
Time Zone: Eastern Standard Time
Motherboard *: Gigabyte Technology Co., Ltd. Z68AP-D3
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 31.0 (x86 en-US)
Google Chrome version: 36.0.1985.143
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_65 (32-bit)
Flash Player version: 14.0.0.145
Shockwave Player version: 12.0.2r122

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-08-15 15:53:13    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-15 15:53:13    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2014-08-15 15:53:13    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2014-08-15 15:53:13    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2014-08-15 15:53:13    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-14 20:11:15    20166F6255DC9187FCCF09C632636FB8    514927041    ----a-w-    C:\Windows\MEMORY.DMP
====== C:\Users\ADMIN-~1\AppData\Local\Temp ====
2014-08-16 17:04:16    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-08-16 16:59:14    BC88BD8A271968E1370D4E28182F7831    49744    ----a-w-    C:\Users\GDC\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-07-31 21:32:56    6D95A713F03A9AE56E99D00E809F2F90    30312    ----a-w-    C:\Windows\Sysnative\drivers\TrueSight.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-08-04 02:52:35    --------    d-----w-    C:\Program Files\7-Zip
======= C:\PROGRA~2 =====
2014-08-13 00:57:36    --------    d-----w-    C:\PROGRA~2\COMMON~1\Skype
2014-08-13 00:57:36    --------    d-----r-    C:\PROGRA~2\Skype
2014-08-07 01:57:30    --------    d-----w-    C:\PROGRA~2\LibreOffice 4
2014-08-01 04:44:56    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-07-31 04:59:31    --------    d-----w-    C:\PROGRA~2\Sophos
2014-07-30 23:50:57    --------    d-----w-    C:\PROGRA~2\COMMON~1\Wise Installation Wizard
=======  =====
====== C:\Users\Admin -disaster only\AppData\Roaming ======
2014-08-15 18:03:35    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2014-08-15 18:03:35    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2014-08-15 18:03:35    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2014-08-15 18:03:35    --------    d-----w-    C:\Users\Admin -disaster only\AppData\Local\temp
2014-08-13 18:20:21    --------    d-----w-    C:\Users\GDC\AppData\Local\adawarebp
2014-08-13 01:15:43    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\GDC\AppData\Locallow\seetla.dll
2014-08-13 00:57:42    --------    d-----w-    C:\Users\GDC\AppData\Local\Skype
2014-08-11 01:11:29    C19B088C565F70AA0B9B663ED0B586BC    300544    ----a-w-    C:\Users\GDC\AppData\Locallow\guwwekm.dll
2014-08-07 01:58:18    --------    d-----w-    C:\Users\GDC\AppData\Roaming\LibreOffice
2014-08-06 18:40:45    --------    d-----w-    C:\Users\GDC\AppData\Locallow\Temp
2014-08-04 03:30:50    --------    d-----w-    C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-01 21:12:16    --------    d-----w-    C:\Users\GDC\AppData\Roaming\Vertical_Drop_Heroes_HD
2014-08-01 20:00:08    --------    d-----w-    C:\Users\GDC\AppData\Local\CrashDumps
2014-08-01 04:48:03    --------    d-----w-    C:\Users\GDC\AppData\Roaming\vlc
2014-08-01 04:04:24    --------    d-----w-    C:\Users\Admin -disaster only\AppData\Local\CrashDumps
2014-07-31 23:54:30    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
2014-07-31 04:59:32    --------    d-----w-    C:\Users\Admin -disaster only\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-30 23:59:07    --------    d-sh--w-    C:\Users\Admin -disaster only\AppData\Local\EmieUserList
2014-07-30 23:59:07    --------    d-sh--w-    C:\Users\Admin -disaster only\AppData\Local\EmieSiteList
====== C:\Users\Admin -disaster only ======
2014-08-15 18:03:35    --------    d-----w-    C:\Users\Public\AppData
2014-08-13 00:57:36    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-07 01:57:47    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.3
2014-08-06 14:25:23    --------    d-----w-    C:\ProgramData\Package Cache
2014-08-04 03:30:50    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-08-04 02:52:35    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-08-01 04:45:08    --------    d-----w-    C:\ProgramData\Oracle
2014-08-01 04:44:52    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-31 21:43:29    --------    d-----w-    C:\ProgramData\HitmanPro
2014-07-31 21:32:54    --------    d-----w-    C:\ProgramData\RogueKiller
2014-07-31 04:59:33    --------    d-----w-    C:\ProgramData\Sophos

====== C: exe-files ==
2014-08-16 17:04:16    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\erunt\ERUNT.EXE
2014-08-16 16:49:36    7879CE94CFAFB7B25ECC9B6626026968    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-1520015183-56102371-4256460016-1001\$IDORIVS.exe
2014-08-16 16:48:56    C1D2EBEBC40491FD3C7E757A5AF27EAD    1288704    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-1520015183-56102371-4256460016-1001\$RDORIVS.exe
2014-08-16 16:47:54    59BEE71E552AFA5FD3E3DE48075EAA6F    1361203    ----a-w-    C:\Users\GDC\Desktop\anti-rootkit\AdwCleaner.exe
2014-08-15 15:53:13    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2014-08-15 15:53:13    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2014-08-15 15:53:13    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2014-08-15 15:53:13    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2014-08-15 15:53:13    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
2014-08-15 15:50:31    DC512E2D1B580899E27BF14E96DF6601    2100224    ----a-w-    C:\Users\GDC\Desktop\anti-rootkit\FRST64.exe
2014-08-15 15:28:11    9302D77A9F6683672A4F231DA2B86059    5185536    ----a-w-    C:\Users\GDC\Desktop\anti-rootkit\aswMBR.exe
2014-08-15 02:05:15    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\GDC\Desktop\anti-rootkit\OTL.exe
2014-08-13 20:15:28    C56CB929FDC62BA6AFA025C0DF95CA73    1836624    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe
=== C: other files ==
2014-08-16 17:04:16    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\TDL4.bat
2014-08-16 17:04:16    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\medfos.bat
2014-08-16 17:04:16    A87CD1BAC46CAC0EEEDB571F07077032    8104    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\modules.bat
2014-08-16 17:04:16    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\searchlnk.bat
2014-08-16 17:04:16    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\firefox.bat
2014-08-16 17:04:16    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\ev_clear.bat
2014-08-16 17:04:16    7D8282EB94B5D639B7378811C1924A8F    9516    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\runvalues.bat
2014-08-16 17:04:16    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\delorphans.bat
2014-08-16 17:04:16    5B92615B0CEA08D6BA1217C08CBB1443    15919    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\get.bat
2014-08-16 17:04:16    5B71358F97544D9DE58A9A0893079506    39458    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\prelim.bat
2014-08-16 17:04:16    53B191266B30D57F2F835ABBF54C68C5    13963    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\chrome.bat
2014-08-16 17:04:16    3BC04DEBBE9027060D51901133F60101    154678    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\misc.bat
2014-08-16 17:04:16    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\ask.bat
2014-08-16 17:04:16    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\iexplore.bat
2014-08-16 17:04:16    2F80D807DB405C8F6E0F3706B9FED710    10161    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\JRT.bat
2014-08-16 17:04:16    0D08FBD2E6F6C6AC6A504712C4CE6CE3    1226    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\FWPolicy.bat
2014-08-16 17:04:16    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Admin -disaster only\AppData\Local\temp\jrt\delfolders.bat
2014-08-15 21:06:06    42397264F5ECD1A8B17DA9E5425DA30E    1129    ----a-w-    C:\Users\GDC\AppData\Local\adawarebp\data\temp.zip
2014-08-15 18:02:28    A711985436EB5975D87A6A7E2017B815    261104    ----a-w-    C:\Qoobox\Quarantine\D\av1.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-1520015183-56102371-4256460016-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"SpybotSD TeaTimer"="d:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KeePass 2 PreLoad"="d:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe --preload"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"Avira Systray"="C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="C:\Users\GDC\Desktop\anti-rootkit\OTL.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHS1Sound"="C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd"
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe"
"*WerKernelReporting"="%SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="d:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Steam Client Service]


==== Startup Folders ======================

2013-02-03 03:33:51    946    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/29/2013 06:40 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/29/2013 06:40 PM]
C:\Windows\tasks\Wise Turbo Checker.job --a------ C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [07/07/2014 05:03 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Wise Turbo Checker" [C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5" [12/27/2012 01:03 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GDC\AppData\Roaming\Mozilla\Firefox\Profiles\4dyjk2ya.default
- Avira Browser Safety - %ProfilePath%\extensions\[email protected]
- DoNotTrackMe - %ProfilePath%\extensions\[email protected]
- Ghostery - %ProfilePath%\extensions\[email protected]
- Lightbeam - %ProfilePath%\extensions\[email protected]
- DuckDuckGo Plus - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
nneajnkjbffgblleaoojgaacokifdkhm - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 09:13 AM]
phegaokedjdajgnfphbnpkcfdgjbidko - No path found[]

Google Docs - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm
Ad-Aware Security Add-on - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phegaokedjdajgnfphbnpkcfdgjbidko
Gmail - GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Startpages ======================

C:\Users\GDC\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences
"homepage": "https://duckduckgo.com/",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2 folders=4 16449 bytes)

==== EOF on Sat 08/16/2014 at 13:14:39.34 ======================
 


Edited by ihatesvchost.exe, 16 August 2014 - 11:23 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP