Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Games crash when i try to open them and they also crash sound driver


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Run Autoruns again and uncheck the yellow highlighted entries.  

 

 

Go into Control Panel, (View by: Large Icons)  Indexing Options, Advanced, Rebuild.

 

Let's change to a better anti-virus

 

Download and Save:

 

http://files.avast.c...virus_setup.exe

 

Uninstall Microsoft Security Essentials

 

Reboot

 

Right click on the setup file and Run As Admin.  (Decline offers of Chrome, Google Toolbar, Dropbox).  Once it is installed and updated let it run a boot-time scan while you sleep:

 

First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scans.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

  • 0

Advertisements


#32
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Attached File  AutoRuns2.zip   142.14KB   88 downloads  ? with unchecked yellows

 

 Btw is having a lot of tabs while browsing on google chrome the problem? Friends always freak out when i have so many tabs open at all times. Computer also randomly wakes up when i put it to sleep. It doesn't seem to sleep.

 

Isn't picking avast over MSE just a preference?

 

Will follow rest tomorrow after work.


  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Microsoft has backburnered MSE and don't even offer it on Win 8.  Instead they use a beefed up Windows Defender.  It's been going down in the ratings this last year.  I want to run Avast's boot-time scan to make sure there is nothing hiding.  You should run it while you sleep as it takes 6 hours or so.  If you really want to you can uninstall Avast and reinstall MSE afterward but I don't recommend it.

 

Each Chrome tab uses some memory so I'm sure there is a point where it will start to slow you down when Windows has to start storing stuff on the pagefile.  Best not to have lots of tabs open when trying to play CPU intensive games.

 

For your sleep problem:

 

Right click on Computer and select Manage then Device Manager.  Click on the arrow in front of Network Adapters to open it.  Underneath should be your wireless and wired adapters.  Right click on each and select Properties then Power Management.  There is usually an option to allow the adapter to wake the computer.  Make sure it is turned off. 


  • 0

#34
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Yeah I should close my tabs until i upgrade into a stronger pc. I haven't kept up with ratings for anti-virus but I always used it as the most convenient and best option. I don't know avast is pretty fine too. 


Edited by Ren12, 18 January 2015 - 04:14 AM.

  • 0

#35
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

http://gyazo.com/635...bb009ac0cc129ff looks like it found some stuff hmm

 

01/18/2015 05:16 Scan of C: Scan of *STARTUP File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe_1415979211752.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389861175056.vir is infected by Win32:Conduit-A [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir|>$R2\$PLUGINSDIR\SPTool.dll is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir is infected by Win64:Conduit-A [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe_1415979211785.vir is infected by Win32:Conduit-B [PUP], Moved to chest File C:\AdwCleaner\Quarantine\C\Users\Renato\AppData\Roaming\OpenCandy\C95FEE8E3C704CC7A44955B427B6B026\setup__1392.exe.vir is infected by Win32:Amonetize-Q [PUP], Moved to chest File C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\bhop_mario_fxd.bsp.bz20000|>{bzip}|>scripts\soundscapes_bhop_mario_fxd.txt Error 42125 {ZIP archive is corrupted.} File C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\ct_urban_height.vtf.bz20000|>{bzip} Error 42130 {BZIP2 archive is corrupted.} File C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\mg_ipods_all_in_one_final.bsp.bz20000|>{bzip} Error 42130 {BZIP2 archive is corrupted.} File C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\mg_pauls_multigames_v2_fix.bsp.bz20000|>{bzip} Error 42130 {BZIP2 archive is corrupted.} File C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\download\maps\bhop_mario_fxd.bsp.bz2|>bhop_mario_fxd.bsp|>scripts\soundscapes_bhop_mario_fxd.txt Error 42125 {ZIP archive is corrupted.} File C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\tf\cache\cp_bestinclass_v2.bsp.bz20000|>{bzip} Error 42130 {BZIP2 archive is corrupted.} File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0000.dta is infected by Win32:Alureon-BCW [Trj], Moved to chest File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0002.dta is infected by Win32:[email protected] [Rtk], Moved to chest File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0003.dta is infected by Win64:Malware-gen, Moved to chest File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0008.dta is infected by MBR:Alureon-B [Rtk], Moved to chest File C:\Users\Renato\AppData\LocalLow\PowerChallenge\PowerSoccer\arenas.zip.part|>arenas\non-cm\objects\small_rafter.object Error 42125 {ZIP archive is corrupted.} Number of searched folders: 84266 Number of tested files: 1609049 Number of infected files: 15

 

 

 

When i was copy pasting you one of the logs earlier before I did notice the logs saying something weird about tdss killer. but since you didn't say anything I thought it was whatever. Well this explains it?


Edited by Ren12, 18 January 2015 - 02:21 PM.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

You mean these:

 

File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0000.dta is infected by Win32:Alureon-BCW [Trj], Moved to chest 

File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0002.dta is infected by Win32:[email protected] [Rtk], Moved to chest  

File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0003.dta is infected by Win64:Malware-gen, Moved to chest  

File C:\TDSSKiller_Quarantine\04.08.2012_16.11.42\tdlfs0000\tsk0008.dta is infected by MBR:Alureon-B [Rtk], Moved to chest  

 

These are in TDSSKiller's quarantine which means it found them and removed them already.  So no more threat.  Nasty virus tho.  It often corrupts the antivirus and replaces it with its own infected file.

 

Anything which has Quarantine in its path has already been removed but Avast did not know that.  I don't think it found a live virus.  There are a few corrupt archives left.  I usually just manually remove them since they may cause a crash or some other problem if you try to use them.  The actual file is the path before the | so we need to remove the following files:

 

 

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\bhop_mario_fxd.bsp.bz20000

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\ct_urban_height.vtf.bz20000

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\mg_ipods_all_in_one_final.bsp.bz20000

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\cache\mg_pauls_multigames_v2_fix.bsp.bz20000

C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\cstrike\download\maps\bhop_mario_fxd.bsp.bz2

C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\tf\cache\cp_bestinclass_v2.bsp.bz20000

C:\Users\Renato\AppData\LocalLow\PowerChallenge\PowerSoccer\arenas.zip.part

 

 

Don't know what they do or how important they were but they are worthless now.  Perhaps you can download new copies?  Were any of these used in the games that were crashing?

 

 

 

We haven't really run tdsskiller in this session.  Let's run combofix and aswmbr to make sure your Alureon infection is gone.

 

 

 
Download aswMBR.exe  to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and  click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply
 
ComboFix
 
:!: It must be saved to your desktop, do not run it from your browser:!:
 
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well.  See: http://www.bleepingc...opic114351.html
 
:!: Turn off your screen saver so you can see what is going on
 
Download and Save this file --  to your Desktop -- from either of these two sources:
 
Rightclick on ComboFix and select Run As Administrator to start the program.  
 
 
 
    * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    
    
    * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
 
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
If you get an error about a registry value when you try to run a program, then just reboot to clear it.

  • 0

#37
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Attached File  aswMBR.txt   1.59KB   141 downloads

 

I deleted the files manually. And furtantely they werent the games that were giving me problems better off without them. Computer still doesn't fall asleep after i put it to sleep even after changing the power management. 

 

 

Also, for some odd reason the volume mixer/adjuster is gone from the bottom right of the taskbar. 


Edited by Ren12, 21 January 2015 - 11:15 PM.

  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

aswmbr looks good.  Can you rerun autoruns?  The one you sent last time was empty.


  • 0

#39
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Will do combofix a bit later today. 

 

Attached File  AutoRuns 3.arn   3.49MB   87 downloads

 

how come it turned out empty. oh well


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

You may not have waited for the scanning to finish before making the log.


  • 0

Advertisements


#41
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Hope the late reply isn't bothering you. Combofix kinda scared me haha powerful software. Should I uninstall all the previous programs downloaded. 

 

ComboFix 15-01-22.02 - Renato 01/24/2015   0:26.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8184.6022 [GMT -5:00]
Running from: c:\users\Renato\Desktop\ComboFix0.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Renato\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-24 to 2015-01-24  )))))))))))))))))))))))))))))))
.
.
2015-01-24 05:45 . 2015-01-24 05:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-01-24 05:45 . 2015-01-24 05:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-23 09:06 . 2015-01-23 09:06 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FBE1679-DA2C-43B1-99D8-269FB5AF7EE2}\offreg.dll
2015-01-23 08:58 . 2014-12-15 09:13 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FBE1679-DA2C-43B1-99D8-269FB5AF7EE2}\mpengine.dll
2015-01-18 10:00 . 2015-01-18 10:00 -------- d-----w- c:\users\Renato\AppData\Roaming\AVAST Software
2015-01-18 09:57 . 2015-01-18 09:56 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-01-18 09:57 . 2015-01-18 09:56 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-18 09:57 . 2015-01-18 09:56 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-01-18 09:57 . 2015-01-18 09:56 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-18 09:57 . 2015-01-18 09:58 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-01-18 09:57 . 2015-01-18 09:56 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-18 09:57 . 2015-01-18 09:56 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-18 09:56 . 2015-01-18 09:58 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-18 09:56 . 2015-01-18 09:56 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-18 09:56 . 2015-01-18 09:56 43152 ----a-w- c:\windows\avastSS.scr
2015-01-18 09:55 . 2015-01-18 09:55 -------- d-----w- c:\program files\AVAST Software
2015-01-18 09:19 . 2015-01-18 09:55 -------- d-----w- c:\programdata\AVAST Software
2015-01-18 03:51 . 2015-01-18 03:51 -------- d-----w- c:\users\Renato\AppData\Local\Apps
2015-01-14 06:32 . 2015-01-14 06:32 -------- d-----w- c:\program files\7-Zip
2015-01-13 21:02 . 2015-01-23 05:02 3353776 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-11 06:45 . 2015-01-14 00:42 -------- d-----w- c:\windows\system32\catroot2
2015-01-11 06:34 . 2015-01-11 06:34 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2015-01-11 04:49 . 2015-01-11 04:49 -------- d-----w- C:\RegBackup
2015-01-11 04:46 . 2015-01-11 04:46 -------- d-----w- c:\program files (x86)\Tweaking.com
2015-01-04 00:23 . 2015-01-04 00:23 -------- d-sh--w- c:\users\Renato\AppData\Local\EmieUserList
2015-01-04 00:23 . 2015-01-04 00:23 -------- d-sh--w- c:\users\Renato\AppData\Local\EmieSiteList
2015-01-04 00:23 . 2015-01-04 00:23 -------- d-sh--w- c:\users\Renato\AppData\Local\EmieBrowserModeList
2015-01-04 00:21 . 2015-01-04 00:21 -------- d-----w- c:\users\Renato\AppData\Local\AMD
2015-01-04 00:21 . 2015-01-04 00:21 -------- d-----w- c:\programdata\ATI
2015-01-04 00:08 . 2015-01-04 00:08 -------- d-----w- c:\users\Renato\AppData\Roaming\Raptr
2015-01-04 00:08 . 2015-01-04 00:08 -------- d-----w- c:\program files (x86)\Raptr
2015-01-04 00:08 . 2015-01-04 00:08 -------- d-----w- c:\program files (x86)\AMD AVT
2015-01-04 00:08 . 2015-01-04 00:08 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2015-01-04 00:06 . 2015-01-04 00:08 -------- d-----w- c:\programdata\AMD
2015-01-04 00:03 . 2015-01-04 00:03 -------- d-----w- c:\program files\Common Files\ATI Technologies
2015-01-04 00:01 . 2015-01-04 00:02 -------- d-----w- c:\programdata\Package Cache
2015-01-03 23:59 . 2015-01-04 00:07 -------- d-----w- c:\program files\AMD
2015-01-03 23:57 . 2015-01-03 23:57 -------- d-----w- C:\AMD
2015-01-03 21:42 . 2015-01-04 00:38 -------- d-----w- C:\FRST
2015-01-03 21:27 . 2015-01-03 21:27 -------- d-----w- c:\windows\ERUNT
2015-01-03 21:05 . 2015-01-03 21:11 -------- d-----w- C:\AdwCleaner
2015-01-01 05:13 . 2015-01-01 05:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-01-01 04:59 . 2015-01-01 04:59 -------- d-----w- c:\users\Renato\AppData\Local\Skype
2015-01-01 04:58 . 2015-01-01 05:13 -------- d-----r- c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-23 05:02 . 2013-03-07 23:05 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-23 05:02 . 2013-03-07 23:05 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 14:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-17 18:58 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-17 18:58 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-10 08:14 . 2013-02-15 03:17 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-09 20:49 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 20:49 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 20:49 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 20:49 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 20:49 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 20:49 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 20:49 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-09 20:49 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 20:48 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 20:48 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 20:48 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 20:48 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 20:48 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 20:48 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 20:48 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 20:48 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 20:48 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 20:48 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 20:48 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 20:48 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 20:48 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 20:48 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 20:48 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 20:48 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 20:48 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 20:48 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 20:48 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 20:48 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 20:48 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 20:48 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 20:48 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 20:48 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 20:48 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 20:48 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 20:48 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 20:48 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 20:48 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 20:48 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 20:48 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 20:48 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 20:48 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 20:48 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 20:48 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 20:48 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 20:48 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 20:48 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 20:48 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 20:48 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2011-06-01 06:18 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2011-06-01 06:18 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-11-21 02:44 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2011-06-01 06:17 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2011-06-01 07:01 1348928 ----a-w- c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2011-06-01 07:02 1127496 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2011-06-01 06:43 11076784 ----a-w- c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2011-06-01 06:52 9401480 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-11-21 02:43 7558816 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-11-21 02:43 7077776 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-11-21 02:43 8379720 ----a-w- c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-11-21 02:43 8369408 ----a-w- c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-11-21 02:41 294600 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40 18959360 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:36 . 2014-11-21 02:36 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-11-21 02:35 . 2014-11-21 02:35 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-11-21 02:33 . 2014-11-21 02:33 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-11-21 02:33 . 2014-11-21 02:33 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-11-21 02:33 . 2014-11-21 02:33 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-11-21 02:33 . 2014-11-21 02:33 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-11-21 02:33 . 2014-11-21 02:33 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33 47899136 ----a-w- c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32 40987136 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24 28354560 ----a-w- c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19 23621632 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19 49664 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19 38912 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18 5837312 ----a-w- c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-11-21 02:16 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desura"="c:\program files (x86)\Desura\desura.exe" [2012-02-16 2529096]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-06-06 43304]
"Octoshape Streaming Services"="c:\users\Renato\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Spotify Web Helper"="c:\users\Renato\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-12-13 1676344]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
"Spotify"="c:\users\Renato\AppData\Roaming\Spotify\spotify.exe" [2014-12-13 6737976]
"uTorrent"="c:\users\Renato\AppData\Roaming\uTorrent\uTorrent.exe" [2015-01-20 1377872]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2013-10-30 2990304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-06-06 251744]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2010-09-02 206120]
"VerizonServicepoint.exe"="c:\program files (x86)\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-21 767176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
.
c:\users\Renato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys;c:\windows\SYSNATIVE\drivers\ahcix64s.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/07 10:18];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Verizon\VSP\ServicepointService.exe;c:\program files (x86)\Verizon\VSP\ServicepointService.exe [x]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-15 00:51 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 05:02]
.
2013-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3591711946-2265182465-2123470179-1001Core.job
- c:\users\Renato\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 17:18]
.
2013-02-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3591711946-2265182465-2123470179-1001UA.job
- c:\users\Renato\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-10 17:18]
.
2015-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 04:23]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-10 04:23]
.
2015-01-21 c:\windows\Tasks\HPCeeScheduleForRenato.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
2013-02-02 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-18 09:56 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 3432448]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 163568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-12-17 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=586617A001CCE12F21600B83&src_id=30305&camp_id=3534&tb_version=1.1.3001.0(B)
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Renato\AppData\Roaming\Mozilla\Firefox\Profiles\04uebt4x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
Completion time: 2015-01-24  00:50:31
ComboFix-quarantined-files.txt  2015-01-24 05:50
.
Pre-Run: 58,091,356,160 bytes free
Post-Run: 58,431,799,296 bytes free
.
- - End Of File - - C88FBD52222471F4D4A42239D4C51905

  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Combofix looks good.  Autoruns is still empty.  Are you waiting until the scanning stops and it says ready in the bottom right?  Try saving the file as autoruns.txt.  This is a bit harder to read but you should be able to open it in notepad to check it before you attach it.


  • 0

#43
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Attached File  AutoRuns0.zip   146.57KB   89 downloads

Yeah, i waited each time till it said ready. 

err my fault i forgot to do the whole zip thingy. Derp .


Edited by Ren12, 24 January 2015 - 01:37 PM.

  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

The zip just makes it easier to attach.  Used to be the forum wouldn't allow files with the .arn extension and they were limited to 2 meg but since it's working that's not it. 

 

Are games still crashing your PC?  What game?


  • 0

#45
Ren12

Ren12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Okay, so after the combofix I thought everything was fixed. Counter strike global offensive was playing fine which I previously couldn't play. Skype also seemed to be working it's more important since it's a form of communication.

 

However, I tried opening a different game (Dota 2) and it crashed. The game opened up as a small window that I couldn't maximize and then crashed. Which then proceeded to do the usual: mess up sound and crash other games I tried to open (cs). 

 

Maybe I should just stick to one game LOL. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP