Hello, I received some help from you guys a few weeks ago for a malware problem. The first attempt seemed to work but it returned a few days later. You guys quickly eliminated the second threat and everything seemed fine for a few weeks until now. Now it seems worse than the previous two attacks combined. I'm an experienced PC user so I don't go around clicking [bleep] phishing attempts so I'm assuming there were some remnants of the virus hiding dormant in my system. Is there any hope at this point? Or should I just wipe my hard drives and start fresh? I have built all of my gaming rigs own my own since 1999 and I've never experienced this. Please help or at least advise me on what i should do. thanks.
Need Expert help! malware back for a 3rd time! [Solved]
Started by
killerquagmire
, Dec 20 2014 12:35 AM
-
This topic is locked
#2
Posted 20 December 2014 - 08:53 AM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
Greetings,
Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world!
I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:
Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world!
I am Pyxis and I will be assisting you. As such, I would like to stress the following reminders:- It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
- Ensure you take extra caution to precisely follow my instructions. Please only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
- Since the cleaning process is quite delicate, your timely response is crucial. Topics are marked inactive and thus closed within 3 full days of no activity. If you deem I have overlooked your thread--which is in a matter of more than 48 hours--please send me a PM and I will get back to you shortly.
- Step 1
Download both versions of Farbar Recovery Scan Tool by Farbar from the links below and save them to your desktop.
'32-bit'
'64-bit'- Simply double-click the program icon to run it. It will ask for administrator privileges. If the first one you tried does not work, try the other version.
- The program will initialize. Press Yes to accept the disclaimer.
- Put a check on Addition.
- Press the Scan button after.
- It will produce FRST.txt and Addition.txt on your desktop once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the logs in your next reply.
- Step 2
Download 'SecurityCheck by screen317' and save it to your desktop.- Simply double-click the program icon to run it. It will ask for administrator privileges.
- A black window will appear. Press any key to continue.
- Wait for it to finish. It won't take long.
- A log will automatically pop-up after once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- Addition.txt (Farbar Recovery Scan Tool)
- FRST.txt (Farbar Recovery Scan Tool)
- checkup.txt (SecurityCheck)
#3
Posted 21 December 2014 - 02:40 PM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Step 1:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Zues (administrator) on ZUES-PC on 21-12-2014 14:37:45
Running from D:\Downloads
Loaded Profile: Zues (Available profiles: Zues & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft® Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WkCalRem.exe
(TuneUp Software) D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Dropbox, Inc.) C:\Users\Zues\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4838912 2012-04-01] (FNet Co., Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2013-07-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [Microsoft Works Portfolio] => C:\Program Files (x86)\Microsoft Works\WksSb.exe [311350 2000-08-15] (Microsoft® Corporation)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [MoneyStartUp] => C:\Program Files (x86)\Microsoft Money\System\Money Startup.exe [24625 2000-07-19] (Microsoft Corporation)
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [swnyrqr] => regsvr32.exe /s "C:\Users\Zues\AppData\Local\Logitech\swnyrqr.dll" <===== ATTENTION
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\Users\Zues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-153555263-3126299475-2757101510-1000 -> {4563F9FB-9733-4368-B860-4329AF9114B4} URL = https://search.yahoo...p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> d:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab
DPF: HKLM-x32 {DED4D168-AEEE-4E0C-B699-36A9A320ED5E} http://www.cyberlink...dateAdvisor.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...30321/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Zues\AppData\Roaming\Mozilla\Firefox\Profiles\jxdft5p2.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo...&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> d:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.122.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-153555263-3126299475-2757101510-1000: amazon.com/AmazonMP3DownloaderPlugin -> d:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-153555263-3126299475-2757101510-1000: ubisoft.com/uplaypc -> d:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Zues\AppData\Roaming\Mozilla\Firefox\Profiles\jxdft5p2.default\searchplugins\yahoo_ff.xml
FF Extension: Webroot Password Manager - C:\Users\Zues\AppData\Roaming\Mozilla\Firefox\Profiles\jxdft5p2.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2013-12-11]
FF Extension: Adblock Plus - C:\Users\Zues\AppData\Roaming\Mozilla\Firefox\Profiles\jxdft5p2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-14]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-01]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - d:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-01-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2013-11-14]
FF HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-03-17]
CHR Extension: (Webroot Password Manager) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2012-11-15]
CHR Extension: (Gmail) - C:\Users\Zues\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Zues\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.32.crx [2014-03-07]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - d:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; D:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-08-06] ()
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-11-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-04-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2014-02-12] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2014-02-12] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-09-02] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-20] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-28] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\EnGenius\Common\RaRegistry.exe [185632 2009-10-20] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\EnGenius\Common\RaRegistry64.exe [212256 2009-10-20] (Ralink Technology, Corp.)
R2 TuneUp.UtilitiesSvc; D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-02-09] (TuneUp Software)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770728 2014-12-10] (Webroot)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [139352 2013-07-31] (SlySoft, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R3 AsrHidFilter; C:\Windows\System32\DRIVERS\AsrHidFilter.sys [17928 2011-02-17] (ASRock Inc.)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 CrystalSysInfo; D:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-12] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2012-04-20] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-04-01] (FNet Co., Ltd.)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-07] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 SaiH8000; C:\Windows\System32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
R3 TuneUpUtilitiesDrv; D:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
S3 WinRing0_1_2_0; D:\Downloads\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-12-10] (Webroot)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [32456 2014-02-12] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 14:37 - 2014-12-21 14:37 - 00000000 ____D () C:\FRST
2014-12-21 14:03 - 2014-12-21 14:05 - 00001052 _____ () C:\Users\Public\Desktop\The Sims 4.lnk
2014-12-21 14:03 - 2014-12-21 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-12-21 02:47 - 2014-12-21 03:32 - 00016896 _____ () C:\Users\Zues\Documents\crystal.wps
2014-12-20 16:17 - 2014-12-20 16:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-20 00:14 - 2014-11-22 04:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-20 00:14 - 2014-11-22 04:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-18 10:37 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:37 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-13 17:05 - 2014-12-13 17:05 - 00000000 ____D () C:\Users\Zues\AppData\Local\{514F7C19-ECAA-4B14-8D4B-CCBB68A97513}
2014-12-11 22:01 - 2014-12-11 22:28 - 00001066 _____ () C:\Users\Zues\Desktop\Skyrim (SKSE).lnk
2014-12-11 21:48 - 2014-12-11 21:48 - 00000783 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-12-10 16:12 - 2014-12-10 16:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-09 23:27 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-09 23:27 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 16:13 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 16:13 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 16:13 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 16:13 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 16:13 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 16:13 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 16:13 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 16:13 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 16:13 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 16:13 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 16:13 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 16:13 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 16:13 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 16:13 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 16:13 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 16:13 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 16:13 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 16:13 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 16:13 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 16:13 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 16:13 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 16:13 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 16:13 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 16:13 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 16:13 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 16:13 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 16:13 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 16:13 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 16:13 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 16:13 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 16:13 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 16:13 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 16:13 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 16:13 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 16:13 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 16:13 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 16:13 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 16:13 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 16:13 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 16:13 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 16:13 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 16:13 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 16:13 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 16:13 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 16:13 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 16:13 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 16:13 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 16:13 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 16:13 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 16:13 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 16:13 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 16:13 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 16:13 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 16:13 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 16:13 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 16:13 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 16:13 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 16:13 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 16:13 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 16:13 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 16:13 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 16:13 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 16:13 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 16:13 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 16:13 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 16:13 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 16:13 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 16:13 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 16:13 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 16:13 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 16:13 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 16:13 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 16:13 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 16:13 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-03 16:53 - 2014-12-03 16:54 - 00000000 ____D () C:\Users\Zues\AppData\Local\{343ED417-0356-48EB-95A1-696B0F5A9FC3}
2014-12-03 16:49 - 2014-12-03 16:49 - 00000000 ____D () C:\Users\Zues\AppData\Local\{E274035F-3EEB-4F99-9037-55B0D4E5C364}
2014-11-30 20:40 - 2014-11-30 20:40 - 00000000 ____D () C:\Users\Zues\AppData\Roaming\NVIDIA
2014-11-28 14:01 - 2014-11-28 14:12 - 00000000 ____D () C:\Users\Zues\Documents\Gray
2014-11-26 22:18 - 2014-11-26 22:18 - 00000000 ____D () C:\Users\Zues\AppData\Local\{6CCBC787-9208-49AD-8B15-126ED1F0FB59}
2014-11-24 21:32 - 2014-11-24 21:38 - 00000000 ____D () C:\Users\Zues\Documents\Assassin's Creed Unity
2014-11-24 21:31 - 2014-11-24 21:31 - 00016525 _____ () C:\Windows\DirectX.log
2014-11-24 03:06 - 2014-12-21 13:43 - 00011975 _____ () C:\Windows\setupact.log
2014-11-24 03:06 - 2014-12-21 13:43 - 00001072 _____ () C:\Windows\PFRO.log
2014-11-24 01:17 - 2014-11-24 01:17 - 00000233 _____ () C:\Users\Zues\Desktop\Assassin’s Creed Unity.url
2014-11-24 01:17 - 2014-11-24 01:17 - 00000233 _____ () C:\Users\Zues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Assassin’s Creed Unity.url
2014-11-24 01:16 - 2014-11-24 01:16 - 00000917 _____ () C:\Users\Zues\Desktop\Uplay.lnk
2014-11-23 23:01 - 2014-12-21 13:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-23 23:01 - 2014-11-12 15:56 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-23 23:01 - 2014-11-12 15:56 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-23 23:01 - 2014-11-12 15:56 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-23 23:01 - 2014-11-12 15:56 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-23 23:01 - 2014-11-12 15:56 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-23 23:01 - 2014-11-12 15:56 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-23 23:01 - 2014-11-12 14:46 - 00615624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-23 23:01 - 2014-11-11 04:29 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-23 23:00 - 2014-11-17 16:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-23 23:00 - 2014-11-17 16:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-23 23:00 - 2014-11-17 16:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-23 23:00 - 2014-11-12 18:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-23 23:00 - 2014-11-12 18:20 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-21 14:28 - 2014-03-17 12:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 14:23 - 2012-04-01 05:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-21 14:07 - 2012-04-22 17:01 - 00000000 ____D () C:\Users\Zues\Documents\Electronic Arts
2014-12-21 14:04 - 2012-04-01 03:58 - 01877551 _____ () C:\Windows\WindowsUpdate.log
2014-12-21 14:03 - 2013-09-30 16:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-21 14:03 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-21 13:50 - 2009-07-13 22:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-21 13:50 - 2009-07-13 22:45 - 00023824 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-21 13:49 - 2009-07-13 23:13 - 00007132 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-21 13:47 - 2012-04-01 05:46 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-21 13:47 - 2012-04-01 04:30 - 00000000 ____D () C:\ProgramData\Origin
2014-12-21 13:43 - 2014-10-12 09:58 - 00000000 ___RD () C:\Users\Zues\iCloudDrive
2014-12-21 13:43 - 2014-03-17 12:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 13:43 - 2013-01-22 10:38 - 00000000 ____D () C:\Users\Zues\AppData\Roaming\Dropbox
2014-12-21 13:43 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-21 13:43 - 2009-03-03 23:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-21 13:34 - 2012-06-13 07:14 - 00000000 ____D () C:\ProgramData\WRData
2014-12-21 13:33 - 2012-06-28 16:10 - 00000000 ____D () C:\Users\Zues\AppData\Local\Logitech
2014-12-21 12:55 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-21 02:00 - 2012-04-01 23:00 - 00000000 ____D () C:\Users\Zues\AppData\Local\Adobe
2014-12-20 00:41 - 2013-10-31 12:26 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-16 17:02 - 2013-09-06 04:51 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe online update program
2014-12-15 13:28 - 2013-11-05 18:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-13 16:07 - 2013-07-31 18:09 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-13 16:07 - 2013-07-31 18:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-13 12:32 - 2013-07-31 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-13 11:58 - 2012-04-01 05:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-13 11:58 - 2012-04-01 05:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-13 11:58 - 2012-04-01 04:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-12 18:12 - 2014-11-07 01:13 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 18:12 - 2014-11-07 01:13 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 18:12 - 2014-11-07 01:13 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 18:12 - 2014-11-07 01:13 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-12 01:25 - 2013-10-31 12:26 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-12-12 01:23 - 2011-09-29 12:35 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-12-12 00:42 - 2012-04-01 04:20 - 00000000 ____D () C:\Users\Zues\AppData\Local\Skyrim
2014-12-11 23:13 - 2013-01-22 10:38 - 00000000 ____D () C:\Users\Zues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 21:51 - 2013-03-05 21:34 - 00000000 ____D () C:\Users\Zues\Documents\SimCity
2014-12-11 21:48 - 2014-07-09 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-12-10 18:07 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 17:13 - 2012-06-13 07:14 - 00114176 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-12-10 16:12 - 2014-05-05 22:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 16:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 16:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-09 23:31 - 2013-08-09 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-09 23:28 - 2012-04-01 03:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-30 20:39 - 2014-06-07 16:27 - 00000000 ____D () C:\Users\Zues\AppData\Roaming\.minecraft
2014-11-24 01:09 - 2012-07-22 18:35 - 00000000 ____D () C:\Windows\Minidump
2014-11-23 23:28 - 2012-04-01 04:25 - 00000000 ____D () C:\Users\Zues\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-23 23:01 - 2013-05-24 16:56 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-23 23:01 - 2012-04-01 03:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-23 23:01 - 2012-04-01 03:25 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-23 23:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help
2014-11-23 15:09 - 2012-04-04 12:44 - 00153256 ____N (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-11-22 04:46 - 2014-11-07 01:13 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-11-21 17:20 - 2014-11-16 17:52 - 00001080 _____ () C:\Windows\system32\settingsbkup.sfm
2014-11-21 17:20 - 2014-11-16 17:52 - 00001080 _____ () C:\Windows\system32\settings.sfm
2014-11-21 02:23 - 2014-10-27 11:38 - 00000000 ____D () C:\Users\Zues\Desktop\desktop shortcuts
Some content of TEMP:
====================
C:\Users\Zues\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxj3fx.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 13:42
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
Ran by Zues at 2014-12-21 14:38:08
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
3DMark (HKLM-x32\...\Steam App 223850) (Version: - Futuremark)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.3.5.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\SOE-C:/Users/Zues/AppData/Local/Sony Online Entertainment/ApplicationUpdater) (Version: - Sony Online Entertainment)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.2.2.000 - Asmedia Technology)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock RapidStart v1.0.5 (HKLM\...\ASRock RapidStart_is1) (Version: - ASRock Inc.)
ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.)
ASRock XFast RAM v2.0.28 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Batman: Arkham City™ (x32 Version: 1.0.0003.131 - WB Games) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BitTorrent (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
CPUID CPU-Z 1.60 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creation Kit (HKLM-x32\...\Steam App 202480) (Version: - bgs.bethsoft.com)
Creative 3DMIDI Player (HKLM-x32\...\3DMIDI) (Version: 1.11 - Creative Technology Limited)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.43 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative System Information (HKLM-x32\...\SysInfo) (Version: - )
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.5012.58 - CyberLink Corp.)
D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Davis's Drug Guide For Nurses, 13e (HKLM-x32\...\DavisDrugGuideForNurses13e) (Version: 1.0 - F.A. Davis)
Davis's Drug Guide For Nurses, 13e (x32 Version: 1.0 - F.A. Davis) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.22 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
Dropbox (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
DVD Rebuilder (HKLM-x32\...\{0186F98B-19A2-4791-8ECA-BD7870FD0C65}_is1) (Version: Free v0.98.2 - jdobbs softworks and rockas association)
DVDFab 8.2.2.9 (18/06/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EnGenius 11n Wireless USB Adapter (HKLM-x32\...\{F912EF57-65C8-48E8-911F-7FCAF8ADD62E}) (Version: 1.5.5.0 - EnGenius)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVGA OC Scanner X 2.0.1 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)
EVGA Precision X 3.0.1 (HKLM-x32\...\PrecisionX) (Version: 3.0.1 - EVGA Corporation)
ffdshow v1.1.3882 [2011-06-13] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3882.0 - )
Fraps (HKLM-x32\...\Fraps) (Version: - )
F-Stream Tuning v0.1.73.31001 (HKLM-x32\...\F-Stream Tuning_is1) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{E114E635-F06E-43B4-A800-74A22536B1B0}) (Version: 4.30.472.0 - Futuremark)
GameFly Download Manager (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\7998bdbe8c95db7f) (Version: 1.0.0.84 - GameFly)
gamelauncher-ps2-live (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\SOE-) (Version: - Sony Online Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Landmark Beta (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\SOE-Landmark Beta) (Version: 1.0.3.183 - Sony Online Entertainment)
Learn to Read with Phonics 1st and 2nd Grade (HKLM-x32\...\Learn to Read with Phonics 1st and 2nd Grade) (Version: - )
LG Cloud version 0.994 (HKLM\...\LG Cloud_is1) (Version: 0.994 - )
Logitech GamePanel Software 3.03.133 (HKLM\...\{6CC95B76-D380-46B2-9022-9353938E48BA}) (Version: 3.03.133 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
MediaCoder x64 0.8.18.5356 (HKLM\...\MediaCoder x64) (Version: 0.8.18.5356 - Broad Intelligence)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Money 2001 (HKLM-x32\...\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}) (Version: 9.0.0.0 - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6.0 (HKLM-x32\...\{F8D0829C-9C6F-11D3-8080-00C04FA329AA}) (Version: 06.00.1829 - Microsoft Corporation)
Microsoft Works and Money 2001 Setup Launcher (HKLM-x32\...\Works2001Setup) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
Plex Media Server (HKLM-x32\...\{1A7638A1-E022-4F99-ADF3-F46DB04689C1}) (Version: 0.9.722 - Plex, Inc.)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
ROCCAT Kone XTD Mouse Driver (HKLM-x32\...\{7133137D-DF48-4522-AD88-13C82B7D0A63}) (Version: - Roccat GmbH)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SilvestriRN5e (HKLM-x32\...\SilvestriRN5e) (Version: - Elsevier)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
The Testament of Sherlock Holmes (HKLM-x32\...\Steam App 205650) (Version: - Frogwares)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.7.2 - Electronic Arts)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Total War: Rome II Additional Depots (HKLM-x32\...\Steam App 243660) (Version: - )
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3010.5 - TuneUp Software)
TuneUp Utilities 2012 (x32 Version: 12.0.3010.5 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3010.5 - TuneUp Software) Hidden
Unknown Device Identifier 8.00 (HKLM\...\Unknown Device Identifier_is1) (Version: - Huntersoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VitalSource Bookshelf (HKLM-x32\...\{ACBF0550-A317-4C22-AC93-0DDB73087412}) (Version: 6.01.0018 - Ingram Content Group)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.6.28 - Webroot)
Widevine Media Transformer Plugin 5.0.0 (HKLM-x32\...\transformer_ie) (Version: 5.0.0.4679 - Widevine Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Works Suite OS Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden
XFast LAN v6.61 (HKLM\...\XFast LAN) (Version: 6.61 - cFos Software GmbH, Bonn)
XFastUsb (HKLM-x32\...\XFastUsb) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Zues\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Zues\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Zues\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Zues\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Zues\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Zues\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
12-12-2014 14:22:35 Windows Update
13-12-2014 12:32:00 Windows Update
18-12-2014 10:52:58 Windows Update
20-12-2014 16:17:03 Windows Update
21-12-2014 14:03:29 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
21-12-2014 14:03:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2014-11-06 01:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FC62325-86CC-4412-A467-0044ECD4D1CB} - System32\Tasks\Norton WSC Integration => d:\Program Files (x86)\Norton 360\Engine\6.2.1.5\WSCStub.exe
Task: {150BE75D-FEE8-4AF3-9947-F30CD5C54446} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {1A6687BF-4E22-4F69-B942-2B799414A540} - System32\Tasks\Norton 360\Norton Error Processor => d:\Program Files (x86)\Norton 360\Engine\6.2.1.5\SymErr.exe
Task: {1BF6753E-AB18-4101-8ED8-C3FB556F9D87} - System32\Tasks\{917EC329-177F-4E10-9FB3-CD5B0D9C1ECD} => pcalua.exe -a C:\Users\Zues\Desktop\bios\ME_Win7-64_Win7_Vista64_Vista_XP64_XP(v8.0.2.1410_1.5M)\ME(v8.0.2.1410_1.5M)\setup.exe -d C:\Users\Zues\Desktop\bios\ME_Win7-64_Win7_Vista64_Vista_XP64_XP(v8.0.2.1410_1.5M)\ME(v8.0.2.1410_1.5M)
Task: {23CBB1B2-BD0D-4267-AB78-97ED5A2B894B} - System32\Tasks\Google Updater and Installer => C:\Users\Zues\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {30735416-FDA8-4F97-B407-CE3F2E3A6A71} - System32\Tasks\{3CEE358A-587A-40BD-8F5E-B3F6D37223BE} => pcalua.exe -a D:\Downloads\ME_Win7-64_Win7_Vista64_Vista_XP64_XP(v8.0.2.1410_1.5M)\ME(v8.0.2.1410_1.5M)\setup.exe -d D:\Downloads\ME_Win7-64_Win7_Vista64_Vista_XP64_XP(v8.0.2.1410_1.5M)\ME(v8.0.2.1410_1.5M)
Task: {3968BDAA-9280-49AA-9908-74CB25EDD195} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {3C371308-887F-4043-994D-488138F62B42} - System32\Tasks\{511B7713-94D3-4447-879D-79EF3E3F0CB7} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/202480
Task: {4BDC026A-12D0-4FD1-93D3-7B1B91539A91} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => D:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-02-09] (TuneUp Software)
Task: {57AE68D0-60D8-4FA4-BC1B-7DCB6C0277D1} - System32\Tasks\AdobeAAMUpdater-1.0-Zues-PC-Zues => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {6159DD7B-0D7A-48E2-B9FF-FCF3641EB5E9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {62C35AB1-AC67-43A3-9212-1B7EAE36B30C} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe
Task: {6D241CEC-475F-4E35-95AB-A21CC6F3B423} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {6EC71B4C-34C6-45E0-B276-D23B6A3CFCE7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-13] (Adobe Systems Incorporated)
Task: {705683C3-7F51-47E9-9EF0-1CB3B867F3C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {7B7552FD-C4D8-4EF1-8404-9D172290E2BF} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2009-11-18] (Hewlett-Packard)
Task: {A25089DB-926E-42B0-977D-66B2EB537FFC} - System32\Tasks\Norton 360\Norton Error Analyzer => d:\Program Files (x86)\Norton 360\Engine\6.2.1.5\SymErr.exe
Task: {B928328E-DB8A-4291-B2B4-39AEB63E60E9} - System32\Tasks\Amazon Music Helper => C:\Users\Zues\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-11-24] ()
Task: {C4460CC7-9543-4291-BB32-87A14B7BC448} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2012-11-29] ()
Task: {DF8A40D9-D751-45DD-9D1B-0EA3DB07BD49} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2B83377-2A51-4CDB-AA8D-EA878E7DC8CB} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {EB9440A6-5629-4FE4-854E-1770C2AA19EE} - System32\Tasks\Works Update Detect => C:\Program Files (x86)\Microsoft Works\WkDetect.exe [2000-08-15] (Microsoft® Corporation)
Task: {FC91D58C-09CD-48DC-93D5-E8881C9B5E15} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-11-23 23:01 - 2014-11-12 15:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-14 21:09 - 2013-08-06 01:36 - 00085568 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2013-10-31 12:25 - 2014-08-28 23:18 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2012-06-22 07:39 - 2012-01-05 16:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-14 21:09 - 2011-11-04 01:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2014-08-31 09:06 - 2014-11-11 12:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-31 09:06 - 2014-11-11 12:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-31 09:06 - 2014-11-11 12:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 16:10 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-21 12:43 - 2014-11-18 14:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-31 09:06 - 2014-11-11 12:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-31 09:06 - 2014-11-11 12:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-07-14 21:45 - 2014-11-18 14:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-10-21 18:22 - 2014-10-21 18:22 - 00750080 _____ () C:\Users\Zues\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-21 13:43 - 2014-12-21 13:43 - 00043008 _____ () c:\users\zues\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfxj3fx.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00047616 _____ () C:\Users\Zues\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00863744 _____ () C:\Users\Zues\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 18:22 - 2014-10-21 18:22 - 00200704 _____ () C:\Users\Zues\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-10-23 02:54 - 2012-06-17 10:20 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\hiddriver.dll
2014-02-28 19:14 - 2014-02-28 19:14 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2012-04-01 03:40 - 2009-06-29 10:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-05-13 12:48 - 2014-11-11 12:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-16 09:39 - 2014-12-20 00:00 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-11-07 19:51 - 2014-12-20 00:00 - 00060928 _____ () C:\Program Files (x86)\Origin\audio\qtaudio_windows.dll
2014-12-10 16:29 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 16:29 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 16:29 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 16:29 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Zues^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
========================= Accounts: ==========================
Administrator (S-1-5-21-153555263-3126299475-2757101510-500 - Administrator - Disabled)
Guest (S-1-5-21-153555263-3126299475-2757101510-501 - Limited - Disabled)
Zues (S-1-5-21-153555263-3126299475-2757101510-1000 - Administrator - Enabled) => C:\Users\Zues
==================== Faulty Device Manager Devices =============
Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/21/2014 02:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4ce7a46b
Faulting module name: jscript9.dll, version: 11.0.9600.17496, time stamp: 0x546fe6d5
Exception code: 0xc0000005
Fault offset: 0x000243fc
Faulting process id: 0x51c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/21/2014 02:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc5e1
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x3404
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/21/2014 01:59:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x0000000000003d53
Faulting process id: 0x6b0
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3
Error: (12/21/2014 01:49:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (12/21/2014 01:49:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
Error: (12/21/2014 01:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc959
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202a2
Faulting process id: 0x40c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Zues-PC.local already in use; will try Zues-PC-2.local instead
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Zues-PC.local. Addr 192.168.1.143
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.109:5353 4 Zues-PC.local. Addr 192.168.1.109
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Zues-PC.local. AAAA FE80:0000:0000:0000:DCF8:B8D6:BBD0:4DC9
System errors:
=============
Error: (12/21/2014 02:25:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (12/21/2014 01:59:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/21/2014 01:44:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (12/21/2014 01:36:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (12/21/2014 01:36:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (12/21/2014 01:29:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (12/21/2014 01:29:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (12/21/2014 01:05:53 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7Variable String to Large
Error: (12/21/2014 01:05:53 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7NVRM: Graphics TEX Exception on (GPC 3, TPC 1): TEX NACK / Page Fault
Error: (12/21/2014 01:05:53 PM) (Source: nvlddmkm) (EventID: 13) (User: )
Description: \Device\Video7NVRM: Graphics TEX Exception on (GPC 3, TPC 1): TEX LAYOUT
Microsoft Office Sessions:
=========================
Error: (12/21/2014 02:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964ce7a46bjscript9.dll11.0.9600.17496546fe6d5c0000005000243fc51c01d01d5ba82c6dd6C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\jscript9.dll06cd28bf-8950-11e4-b2f6-002522fecc75
Error: (12/21/2014 02:12:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc5e1MSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c340401d01d5966687e7dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlla643ba9e-894d-11e4-b2f6-002522fecc75
Error: (12/21/2014 01:59:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fmsvcrt.dll7.0.7601.177444eeb033fc00000050000000000003d536b001d01d5665b36b2cC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\msvcrt.dllda2e0764-894b-11e4-b2f6-002522fecc75
Error: (12/21/2014 01:49:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (12/21/2014 01:49:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
Error: (12/21/2014 01:47:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc959MSHTML.dll11.0.9600.17496546ff2f9c00000fd001202a240c401d01d56a2225eddC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll20718d04-894a-11e4-b2f6-002522fecc75
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Zues-PC.local already in use; will try Zues-PC-2.local instead
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Zues-PC.local. Addr 192.168.1.143
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.109:5353 4 Zues-PC.local. Addr 192.168.1.109
Error: (12/21/2014 01:43:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Zues-PC.local. AAAA FE80:0000:0000:0000:DCF8:B8D6:BBD0:4DC9
CodeIntegrity Errors:
===================================
Date: 2014-11-06 01:11:50.033
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-06 01:11:50.003
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-03 22:32:04.881
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.587
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.460
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.432
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-01-03 22:32:04.397
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\gpapi.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 32%
Total physical RAM: 16279.78 MB
Available physical RAM: 10920.74 MB
Total Pagefile: 32557.73 MB
Available Pagefile: 25069.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Mushkin) (Fixed) (Total:223.57 GB) (Free:41.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Western Digital) (Fixed) (Total:596.17 GB) (Free:71.31 GB) NTFS
Drive f: (Sims3EP05) (CDROM) (Total:5.3 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6284C42A)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: C2E2C322)
Partition 1: (Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#4
Posted 21 December 2014 - 02:44 PM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Step 2:
Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Webroot SecureAnywhere
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 2.0.3.1025
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.246 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox 31.0 Firefox out of Date!
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 54% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
#5
Posted 22 December 2014 - 12:05 PM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
Hi killerquagmire,
Looks like we are dealing with Poweliks.
Looks like we are dealing with Poweliks.
- Step 1
Copy and paste the following into Notepad and save as fixlist.txt to your desktop:CloseProcesses: EmptyTemp: HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [swnyrqr] => regsvr32.exe /s "C:\Users\Zues\AppData\Local\Logitech\swnyrqr.dll" <===== ATTENTION HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks! HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1 HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-153555263-3126299475-2757101510-1000 -> {4563F9FB-9733-4368-B860-4329AF9114B4} URL = https://search.yahoo...p={searchTerms} FF Keyword.URL: https://search.yahoo...&type=282369&p= CHR HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Zues\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found] U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U0 SR; No ImagePath U2 srservice; No ImagePath 2014-12-13 17:05 - 2014-12-13 17:05 - 00000000 ____D () C:\Users\Zues\AppData\Local\{514F7C19-ECAA-4B14-8D4B-CCBB68A97513} 2014-12-03 16:53 - 2014-12-03 16:54 - 00000000 ____D () C:\Users\Zues\AppData\Local\{343ED417-0356-48EB-95A1-696B0F5A9FC3} 2014-12-03 16:49 - 2014-12-03 16:49 - 00000000 ____D () C:\Users\Zues\AppData\Local\{E274035F-3EEB-4F99-9037-55B0D4E5C364} 2014-11-26 22:18 - 2014-11-26 22:18 - 00000000 ____D () C:\Users\Zues\AppData\Local\{6CCBC787-9208-49AD-8B15-126ED1F0FB59} CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks? HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION! HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION! HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!- Run your copy of FRST. It is important to ensure it is located in your desktop.
- Press the Fix button.
- It will produce a log (fixlog.txt) once done.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log(s) in your next reply.
- Step 2
Download 'RogueKiller by Tigzy' and save it to your desktop.- Ensure all programs and windows are closed before proceeding.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Wait for its initial scan to complete.
- Click Accept once done.
- Click the Scan button after.
- Once the scan has finished, click the Report button.
- A log will pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- The log will also be made available at C:\ProgramData\RogueKiller\Logs\RKreport_SCN_MMDDYYYY_HHMMSS.log.
- Step 3
You currently have the following outdated program(s) installed. I highly recommend that you perform an update. You will find the download link(s) for the new version(s) below.Note: Please untick any optional offers Adobe products might come with. Uninstall the previous version(s) before installing the updated one(s). If you run into any errors, let me know.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- fixlog.txt (Farbar Recovery Scan Tool)
- RKreport_SCN_MMDDYYYY_HHMMSS.log (RogueKiller)
#6
Posted 22 December 2014 - 01:26 PM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Im getting an error when i try to run the fix:
AutoIT Error
Line 9878 (File "C:\Users\Zeus\Desktop\FRST64.exe"):
Error: Error in Expression
Note: I had FRST64.exe in my downloads folder when I posted the original FRST.txt log here. I moved it to desktop before I ran the fix. Not sure if it had any bearing on the error.
#7
Posted 22 December 2014 - 10:40 PM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
Hi killerquagmire,
Could you download a fresh copy of FRST 'here' to your desktop? Disable Webroot SecureAnywhere by right-clicking on it via the System Tray > Shut down Protection. Now, perform the above steps again (including saving a copy of the script).
Let me know what happens.
Could you download a fresh copy of FRST 'here' to your desktop? Disable Webroot SecureAnywhere by right-clicking on it via the System Tray > Shut down Protection. Now, perform the above steps again (including saving a copy of the script).
Let me know what happens.
#8
Posted 23 December 2014 - 11:24 AM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Step 1:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by Zues at 2014-12-23 11:09:07 Run:4
Running from C:\Users\Zues\Desktop
Loaded Profile: Zues (Available profiles: Zues & DefaultAppPool)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
EmptyTemp:
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Run: [swnyrqr] => regsvr32.exe /s "C:\Users\Zues\AppData\Local\Logitech\swnyrqr.dll" <===== ATTENTION
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-153555263-3126299475-2757101510-1000 -> {4563F9FB-9733-4368-B860-4329AF9114B4} URL = https://search.yahoo...p={searchTerms}
FF Keyword.URL: https://search.yahoo...&type=282369&p=
CHR HKU\S-1-5-21-153555263-3126299475-2757101510-1000\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Zues\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [Not Found]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
2014-12-13 17:05 - 2014-12-13 17:05 - 00000000 ____D () C:\Users\Zues\AppData\Local\{514F7C19-ECAA-4B14-8D4B-CCBB68A97513}
2014-12-03 16:53 - 2014-12-03 16:54 - 00000000 ____D () C:\Users\Zues\AppData\Local\{343ED417-0356-48EB-95A1-696B0F5A9FC3}
2014-12-03 16:49 - 2014-12-03 16:49 - 00000000 ____D () C:\Users\Zues\AppData\Local\{E274035F-3EEB-4F99-9037-55B0D4E5C364}
2014-11-26 22:18 - 2014-11-26 22:18 - 00000000 ____D () C:\Users\Zues\AppData\Local\{6CCBC787-9208-49AD-8B15-126ED1F0FB59}
CustomCLSID: HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
*****************
Processes closed successfully.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swnyrqr => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CtxfiReg => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => Value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4563F9FB-9733-4368-B860-4329AF9114B4} => Key not found.
HKCR\CLSID\{4563F9FB-9733-4368-B860-4329AF9114B4} => Key not found.
Firefox Keyword.URL deleted successfully.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\SOFTWARE\Google\Chrome\Extensions\dkjaldeegndmngnahlmdbfnejdobkmil => Key not found.
AppMgmt => Service not found.
catchme => Service not found.
SR => Service not found.
srservice => Service not found.
"C:\Users\Zues\AppData\Local\{514F7C19-ECAA-4B14-8D4B-CCBB68A97513}" => File/Directory not found.
"C:\Users\Zues\AppData\Local\{343ED417-0356-48EB-95A1-696B0F5A9FC3}" => File/Directory not found.
"C:\Users\Zues\AppData\Local\{E274035F-3EEB-4F99-9037-55B0D4E5C364}" => File/Directory not found.
"C:\Users\Zues\AppData\Local\{6CCBC787-9208-49AD-8B15-126ED1F0FB59}" => File/Directory not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.
HKU\.DEFAULT\Software\Classes\.exe => Key not found.
HKU\.DEFAULT\Software\Classes\exefile => Key not found.
HKU\S-1-5-19\Software\Classes\.exe => Key not found.
HKU\S-1-5-19\Software\Classes\exefile => Key not found.
HKU\S-1-5-20\Software\Classes\.exe => Key not found.
HKU\S-1-5-20\Software\Classes\exefile => Key not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\.exe => Key not found.
HKU\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Classes\exefile => Key not found.
EmptyTemp: => Removed 1.2 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:18:55 ====
#9
Posted 23 December 2014 - 11:29 AM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Step 2:
RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Zues [Administrator]
Mode : Scan -- Date : 12/23/2014 11:28:03
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 19 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-153555263-3126299475-2757101510-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E48DEE28-5FF7-4D07-91EE-B8326270EB6B} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E48DEE28-5FF7-4D07-91EE-B8326270EB6B} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E48DEE28-5FF7-4D07-91EE-B8326270EB6B} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\System32\drivers\TDI.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\System32\Drivers\AnyDVD.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHlpa64 @ Unknown (\SystemRoot\System32\drivers\TDI.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom1 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\System32\Drivers\AnyDVD.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MKNSSDCR240GB ATA Device +++++
--- User ---
[MBR] 1213550a4a924292d3873cab77b0a950
[BSP] e4c476f43568379c7b2da335344fa32a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 228934 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD6401AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 4510c24a2fcf22b9d0a81ecdbeebf7ec
[BSP] bf86990bbb82e53460c501d5c942ec58 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610478 MB
User = LL1 ... OK
User = LL2 ... OK
#10
Posted 24 December 2014 - 02:37 PM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
Hi killerquagmire,
That looks better. How is your computer running? I hope you did not disregard the updates--those vulnerable components were most likely the reason you got reinfected.
That looks better. How is your computer running? I hope you did not disregard the updates--those vulnerable components were most likely the reason you got reinfected.
- Step 1
Download the free version of 'Malwarebytes Anti-Malware by Malwarebytes Corporation' and save it to your desktop.- Double-click mbam-setup-*.exe and proceed to installing the program.
- Accept the License Agreement.
- At the end, untick Enable free trial of Malwarebytes Anti-Malware Premium and ensure Launch Malwarebytes' Anti-Malware is checked.
- Click Finish after.
- Once the program has loaded, navigate to the Settings tab and select Detection and Protection.
- Tick the Scan For Rootkits box.
- Go back to the Dashboard and select Update Now. Click Scan Now after.
- Updates can sometimes still be present. Be sure to select Update Now again if you are prompted.
- Once the scan is complete, click Apply Actions.
- If you are prompted to reboot, allow it by pressing Yes.
- Navigate to the program's History tab to retrieve the log.
- Click Application Logs and double-click on the most recent Scan Log.
- Export the log to your desktop as a .TXT file.
- You can also choose to directly copy the log by selecting Copy to Clipboard.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Double-click mbam-setup-*.exe and proceed to installing the program.
- Step 2
Run a free 'ESET Online Scan by ESET' by firstly saving the file to your desktop.- Double-click esetsmartinstaller_enu.exe. Accept the Terms of Use then click on Start.
- Ensure the following settings are followed before clicking Start (you may or may not see the software warning at the very bottom):
- The virus signature database will begin to download. Wait for the scan to end--it may take several hours.
- Upon completion, select List of found threats > Export to text file....
- Press Back and put a check on the following:
- Uninstall application on close
- Delete quarantined files
- Click Finish.
- Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
- Logs to Post
In summary of the above, I will need you to post the following log(s):- log.txt (ESET Online Scan)
- mbam-log-YYYY-MM-DD (HH-MM-SS).xml (Malwarebytes Anti-Malware)
#11
Posted 27 December 2014 - 06:54 AM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Running much better. I uninstalled firefox and updated adobe.
Step 1:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/27/2014
Scan Time: 5:17:17 AM
Logfile: malwarebytes.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.27.04
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Zues
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397666
Time Elapsed: 4 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
#12
Posted 27 December 2014 - 06:55 AM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
Step 2:
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
#13
Posted 28 December 2014 - 05:14 AM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
Thank you for your cooperation. Your logs show no sign of infection. Congratulations, your system is now clean. Below are the last few steps for you to accomplish.
► Remove Special Tools with DelFix by Xplode
Below are the last few steps for you to accomplish.► Remove Special Tools with DelFix by Xplode
- Download 'DelFix by Xplode' and save it to your desktop.
- Simply double-click the program icon to run it. It will ask for administrator privileges.
- Ensure the following options are checked:
- Remove Disinfection Tools
- Create Registry Backup
- Purge System Restore
- Press Run.
- A log will automatically pop-up. Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
#14
Posted 28 December 2014 - 03:57 PM
killerquagmire
- Topic Starter
-
- Member
-
- 32 posts
Member
# DelFix v10.8 - Logfile created 28/12/2014 at 15:55:52
# Updated 29/07/2014 by Xplode
# Username : Zues - ZUES-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\FRST
Deleted : C:\Users\Zues\Desktop\Addition.txt
Deleted : C:\Users\Zues\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Zues\Desktop\Fixlog.txt
Deleted : C:\Users\Zues\Desktop\FRST.txt
Deleted : C:\Users\Zues\Desktop\FRST64.exe
Deleted : C:\Users\Zues\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Zues\Desktop\SecurityCheck.exe
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #58 [Windows Update | 12/18/2014 16:52:58]
Deleted : RP #59 [Windows Update | 12/20/2014 22:17:03]
Deleted : RP #60 [Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 | 12/21/2014 20:03:29]
Deleted : RP #61 [Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 | 12/21/2014 20:03:39]
New restore point created !
########## - EOF - ##########
#15
Posted 29 December 2014 - 04:44 AM
Pyxis
-
- Malware Removal
-
- 1,228 posts
Trusted Helper
I will now proceed to giving to tips on how to maintain your system as it is. Anytime you encounter an infection again, please do not hesitate to go back here at Geeks to Go.
► Remove, Disable, or Update Java
As Java is the 'most exploited program at this time', I recommend that you remove it unless you need it. If so, it is prudent to 'disable it in your web browser(s)' while ensuring your copy is always up-to-date. Older versions are prone to exploits and vulnerabilities.
★ Updating
★ Scanning
If you have any unresolved issues with regard to this thread or you need more
please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system.
► Remove, Disable, or Update Java
As Java is the 'most exploited program at this time', I recommend that you remove it unless you need it. If so, it is prudent to 'disable it in your web browser(s)' while ensuring your copy is always up-to-date. Older versions are prone to exploits and vulnerabilities.
- Download the latest 'Java' installation and save it to your desktop.
- You need to uninstall any previous Java installations.
- For Windows XP: Navigate to Start > Control Panel > Add or Remove Programs.
- For Windows Vista: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
- For Windows 7: Navigate to Start > Control Panel > Programs and Features or Uninstall a Program.
- For Windows 8: Navigate to Start > Start Context Menu > Programs and Features or Uninstall a Program.
- Search the list for previous installations of Java such as all versions below:
- Java™ 7 Update 71
- Proceed to uninstalling the old versions and install the one you've just downloaded.
- You need to uninstall any previous Java installations.
★ Updating
Ensuring that you have one anti-virus installed in your system is a good way to prevent being infected. You must always make sure to update your anti-virus every day; anti-virus companies see to to it that the latest definition updates are distributed to be up to par with the propagation of malware. Your anti-virus is useless if you do not update it.
★ Scanning
Set a scanning routine. Ensure that you do a full scan with your anti-virus monthly. This is part of maintaining a clean system--a scanning routine proves to be effective. You can never be sure when your computer has caught an infection.
If you have any unresolved issues with regard to this thread or you need more
please ask me. I would assist you further, should it be required. Otherwise, enjoy your clean system. 
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
