Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible infection, programs running oddly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible infection, programs running oddly

Unread postby mrsunnybones » April 20th, 2014, 9:18 pm

Recently, my computer has been acting oddly, such as programs deleting themselves or randomly crashing. Also, my computer has had an increase of random blue screens. Now I can't run many of my programs as they just crash. Because these problems are very recent (within the last week), I've only tried a few things to remedy the problems.
1. I ran the microsoft security essential, but it came up with no results
2. CC cleaner to clean my registry
3. I tried to recover my computer to an earlier time, as I thought it was an update my computer received gone wrong.

I'm not sure if this is a virus or malware but I'm not entirely sure what else it could be. Thanks you for any help you're able to give!

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Eric at 21:10:28 on 2014-04-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16267.13285 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={11671379-DEC2-11E2-89DE-CDBE317362FD}
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: InfoSeeker: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\InfoSeeker\IE\common.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [BitTorrent] "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
dRunOnce: [osk.exe] osk.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\14355535 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\35E6F677D616E6370235F657C6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\A4A5940363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CDA85CDD-85A1-402C-9B51-56717BF694D8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CDA85CDD-85A1-402C-9B51-56717BF694D8}\A4A5940363 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 202.76.225.179 patch.playro2.com # RO2 Patch Server
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-1 4915040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-5 49152]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 hxsyol;hxsyol;E:\Aura\AuraKingdom\avital\hxsy64.sys [2014-2-19 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-2 342528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2013-6-2 1142376]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-6 1255736]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Tribes Ascend\HiPatchService.exe [2013-6-4 9216]
S4 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2012-4-30 377088]
S4 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2012-4-30 455424]
S4 RealtekSE;RealtekSE;C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [2013-6-2 36864]
.
=============== Created Last 30 ================
.
2014-04-21 01:02:29 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6619D01-7714-4ED0-AE73-EA117B5D1FBF}\offreg.dll
2014-04-21 00:57:02 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18B3FE9A-6720-4478-99A5-9878C6461127}\gapaengine.dll
2014-04-21 00:56:54 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6619D01-7714-4ED0-AE73-EA117B5D1FBF}\mpengine.dll
2014-04-21 00:54:05 -------- d-----w- C:\Windows\System32\MRT
2014-04-20 23:36:51 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-20 22:16:16 -------- d-----w- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2014-04-18 16:34:33 377088 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_2f5547231370d05de46b8475555ee825f9020_cab_1fc21e3b\RaRegistry.exe
2014-04-11 20:01:56 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-04-11 19:55:33 -------- d-----w- C:\Program Files (x86)\Raptr
2014-04-11 19:49:28 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-04-04 21:47:24 -------- d-----w- C:\Users\Eric\AppData\Local\Skype
.
==================== Find3M ====================
.
2014-04-19 04:06:37 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-19 04:06:37 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-31 01:13:47 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-31 00:13:30 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-29 01:00:14 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-09 22:23:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-11 05:07:41 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-31 22:25:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-25 05:19:42 268512 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 21:10:39.52 ===============


Attach file:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2013 4:41:27 PM
System Uptime: 4/20/2014 9:07:42 PM (0 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 12.659 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 1476.167 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 1260.892 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_84B51043&REV_01\4&10C350E0&0&00E0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_84B51043&REV_01\4&10C350E0&0&00E0
Service: RTL8192Ce
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Service:
.
==== System Restore Points ===================
.
RP270: 4/19/2014 1:12:51 PM - Windows Update
RP271: 4/20/2014 7:35:37 PM - Restore Operation
RP272: 4/20/2014 7:47:45 PM - Windows Update
RP273: 4/20/2014 8:35:43 PM - Restore Operation
RP274: 4/20/2014 8:53:57 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
A Virus Named TOM
AC3Filter 2.5b
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Aeria Ignite
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Application Profiles
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Arma 3 Alpha
ASPCA Reminder by We-Care.com v4.1.22.1
ASUS PCE-N10 WLAN Card Utilities & Driver
Aura Kingdom
Bastion
Battlefield 2
Battlefield 4™
Battlelog Web Plugins
BattlEye for OA Uninstall
BioShock
BitTorrent
Blacklight: Retribution
Brütal Legend
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Company of Heroes 2
Convert Audio Free FLAC to MP3 version 1.0
Counter-Strike
Counter-Strike: Global Offensive
Crysis 2 Maximum Edition
Day of Defeat
DayZ Commander
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Diablo III
Dota 2
Dropbox
Dust: An Elysian Tail
Eets Munchies
ESN Sonar
EVE Online (remove only)
EVEMon
Fallout 3 - Game of the Year Edition
FEZ
FTL version 1.03.3
GIGABYTE OC_GURU II
GOM Player
Google Chrome
Google Update Helper
Guild Wars 2
GunZ 2: The Second Duel
Hawken
Hi-Rez Studios Authenticate and Update Service
InfoSeeker
Intel(R) Processor Graphics
Internet Explorer Toolbar 4.8 by SweetPacks
Java 7 Update 51
Java Auto Updater
League of Legends
Left 4 Dead 2
LIMBO
Mark of the Ninja
MechWarrior Online
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mirror's Edge
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.5
NETGEAR WNDA4100 Genie
Nihilumbra
Notepad++
NVIDIA PhysX
NyxLauncherIS
Open Broadcaster Software
Origin
osu!
Outils de vérification linguistique 2013 de Microsoft Office - Français
Path of Exile
PlanetSide 2
Portal 2
PunkBuster Services
Ragnarok Online 2
Rising Storm/Red Orchestra 2 Multiplayer
Samsung Data Migration
Samsung SSD Magician
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2863910) 64-Bit Edition
Skype Click to Call
Skype™ 6.14
Spotify
Star Conflict
Starbound
StarCraft II
Steam
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 9
Thomas Was Alone
Tomb Raider
Tribes Ascend
Trine 2
TrueCrypt
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition
Ventrilo Client for Windows x64
VLC media player 2.0.7
Warframe
World of Tanks
XSplit Broadcaster
.
==== Event Viewer Messages From Past Week ========
.
4/20/2014 9:09:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/20/2014 9:08:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a00e475001, 0x000000000000d0a7, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042014-34413-01.
4/20/2014 8:49:22 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 8:39:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/20/2014 8:39:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/20/2014 8:37:08 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.173.73.0;1.173.73.0 Engine version: 1.1.10401.0
4/20/2014 8:37:05 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
4/20/2014 8:36:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8c5b014f-cbbd-11e2-bad2-806e6f6e6963}\System Volume Information\SystemRestore\New-system' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 8:32:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/20/2014 7:47:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.201.0).
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.10302.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.201.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.201.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 110.31.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.10302.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.73.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x80070643 Error description: Fatal error during installation.
4/20/2014 7:47:49 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 7:36:51 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
4/20/2014 7:33:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800318c3d8, 0xfffff8800318bc30, 0xfffff8800113487f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042014-23400-01.
4/20/2014 5:22:56 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/19/2014 1:13:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.138.0).
4/19/2014 1:13:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.138.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/19/2014 1:13:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.138.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/19/2014 1:13:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.73.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x80070643 Error description: Fatal error during installation.
4/18/2014 9:26:40 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer 8730WLS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}. The master browser is stopping or an election is being forced.
4/18/2014 12:34:38 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
4/18/2014 12:34:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver has successfully restarted.
4/18/2014 12:34:30 PM, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe
4/18/2014 12:34:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/18/2014 12:34:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
4/18/2014 12:34:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
.
==== End Of File ===========================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm
Advertisement
Register to Remove

Re: Possible infection, programs running oddly

Unread postby Gary R » April 27th, 2014, 8:24 am

Sorry you haven't been replied to before now.

Are you still having problems with your computer, if you are please run a new scan with DDS and post the new logs to this topic. Its been almost a week since your last post and things may have changed on your machine since the last scan.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » April 27th, 2014, 2:12 pm

Hey, thanks for the reply. My computer is still running oddly. Besides these things, not much else has changed (I havent gotten any new problems)
Here are the logs, Thanks:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2
Run by Eric at 14:10:39 on 2014-04-27
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16267.11831 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SndVol.exe
C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={11671379-DEC2-11E2-89DE-CDBE317362FD}
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: InfoSeeker: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\InfoSeeker\IE\common.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Spotify Web Helper] "C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [BitTorrent] "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
dRunOnce: [osk.exe] osk.exe
StartupFolder: C:\Users\Eric\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGABY~1.LNK - C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~4\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\14355535 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\35E6F677D616E6370235F657C6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}\A4A5940363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CDA85CDD-85A1-402C-9B51-56717BF694D8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{CDA85CDD-85A1-402C-9B51-56717BF694D8}\A4A5940363 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 202.76.225.179 patch.playro2.com # RO2 Patch Server
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
FF - plugin: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-3-1 4915040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-5 49152]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 hxsyol;hxsyol;E:\Aura\AuraKingdom\avital\hxsy64.sys [2014-2-19 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-22 111616]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-6-2 342528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2013-6-2 1142376]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-6 1255736]
S4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Tribes Ascend\HiPatchService.exe [2013-6-4 9216]
S4 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [2012-4-30 377088]
S4 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [2012-4-30 455424]
S4 RealtekSE;RealtekSE;C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [2013-6-2 36864]
.
=============== Created Last 30 ================
.
2014-04-27 16:30:39 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{60D0720F-BF2A-4EEE-9996-4D418680EF31}\mpengine.dll
2014-04-26 10:22:42 10651704 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-22 07:01:03 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-22 07:01:03 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-22 07:01:00 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-22 07:01:00 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-21 00:57:02 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{18B3FE9A-6720-4478-99A5-9878C6461127}\gapaengine.dll
2014-04-21 00:54:05 -------- d-----w- C:\Windows\System32\MRT
2014-04-20 22:16:16 -------- d-----w- C:\Users\Eric\AppData\Local\ElevatedDiagnostics
2014-04-18 16:34:33 377088 -c----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsMpEng.exe_2f5547231370d05de46b8475555ee825f9020_cab_1fc21e3b\RaRegistry.exe
2014-04-11 20:01:56 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-04-11 19:55:33 -------- d-----w- C:\Program Files (x86)\Raptr
2014-04-11 19:49:28 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-04-04 21:47:24 -------- d-----w- C:\Users\Eric\AppData\Local\Skype
.
==================== Find3M ====================
.
2014-04-19 04:06:37 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-04-19 04:06:37 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-03-29 01:00:14 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-03-11 13:52:30 133928 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-09 22:23:29 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-11 05:07:41 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-31 22:25:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
.
============= FINISH: 14:10:50.29 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/2/2013 4:41:27 PM
System Uptime: 4/24/2014 12:19:42 PM (74 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | CPUSocket | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 12.705 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 1475.199 GiB free.
F: is FIXED (NTFS) - 1397 GiB total, 1260.892 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_84B51043&REV_01\4&10C350E0&0&00E0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
PNP Device ID: PCI\VEN_10EC&DEV_8176&SUBSYS_84B51043&REV_01\4&10C350E0&0&00E0
Service: RTL8192Ce
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Service:
.
==== System Restore Points ===================
.
RP276: 4/25/2014 8:21:10 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
A Virus Named TOM
AC3Filter 2.5b
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Aeria Ignite
Akamai NetSession Interface
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
Application Profiles
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
Arma 3 Alpha
ASPCA Reminder by We-Care.com v4.1.22.1
ASUS PCE-N10 WLAN Card Utilities & Driver
Aura Kingdom
Bastion
Battlefield 2
Battlefield 4™
Battlelog Web Plugins
BattlEye for OA Uninstall
BioShock
BitTorrent
Blacklight: Retribution
Brütal Legend
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Company of Heroes 2
Convert Audio Free FLAC to MP3 version 1.0
Counter-Strike
Counter-Strike: Global Offensive
Crysis 2 Maximum Edition
Day of Defeat
DayZ Commander
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Diablo III
Dota 2
Dropbox
Dust: An Elysian Tail
Eets Munchies
ESN Sonar
EVE Online (remove only)
EVEMon
Fallout 3 - Game of the Year Edition
FEZ
FTL version 1.03.3
GIGABYTE OC_GURU II
GOM Player
Google Chrome
Google Update Helper
Guild Wars 2
GunZ 2: The Second Duel
Hawken
Hi-Rez Studios Authenticate and Update Service
InfoSeeker
Intel(R) Processor Graphics
Internet Explorer Toolbar 4.8 by SweetPacks
Java 7 Update 51
Java Auto Updater
League of Legends
Left 4 Dead 2
LIMBO
Mark of the Ninja
MechWarrior Online
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Mirror's Edge
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.5
NETGEAR WNDA4100 Genie
Nihilumbra
Notepad++
NVIDIA PhysX
NyxLauncherIS
Open Broadcaster Software
Origin
osu!
Outils de vérification linguistique 2013 de Microsoft Office - Français
Path of Exile
PlanetSide 2
Portal 2
PunkBuster Services
Ragnarok Online 2
Rising Storm/Red Orchestra 2 Multiplayer
Samsung Data Migration
Samsung SSD Magician
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2013 (KB2768005) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2810009) 64-Bit Edition
Security Update for Microsoft Word 2013 (KB2863910) 64-Bit Edition
Skype Click to Call
Skype™ 6.14
Spotify
Star Conflict
Starbound
StarCraft II
Steam
Team Fortress 2
TeamSpeak 3 Client
TeamViewer 9
Thomas Was Alone
Tomb Raider
Tribes Ascend
Trine 2
TrueCrypt
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition
Ventrilo Client for Windows x64
VLC media player 2.0.7
Warframe
World of Tanks
XSplit Broadcaster
.
==== Event Viewer Messages From Past Week ========
.
4/27/2014 4:21:18 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
4/26/2014 5:21:37 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer 8730WLS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}. The master browser is stopping or an election is being forced.
4/22/2014 3:18:31 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/21/2014 3:25:02 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
4/21/2014 3:24:54 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8c5b014f-cbbd-11e2-bad2-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6AF5A16D-9BF3-4CD7-8453-0FF2FBAE729C}' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 9:08:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041284, 0xfffff8a00e475001, 0x000000000000d0a7, 0xfffff781c0000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042014-34413-01.
4/20/2014 8:39:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/20/2014 8:39:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/20/2014 8:37:08 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Backup Error Code: 0x8050a004 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support. Signature version: 1.173.73.0;1.173.73.0 Engine version: 1.1.10401.0
4/20/2014 8:37:05 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
4/20/2014 8:36:46 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8c5b014f-cbbd-11e2-bad2-806e6f6e6963}\System Volume Information\SystemRestore\New-system' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 7:47:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.173.201.0).
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.1.10302.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.201.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.173.201.0 Previous Signature Version: 1.173.73.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.10502.0 Previous Engine Version: 1.1.10502.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 110.31.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.1.10302.0 Error code: 0x80096010 Error description: The digital signature of the object did not verify.
4/20/2014 7:47:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.173.73.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10502.0 Error code: 0x80070643 Error description: Fatal error during installation.
4/20/2014 7:47:49 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
4/20/2014 7:36:51 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
4/20/2014 7:33:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800318c3d8, 0xfffff8800318bc30, 0xfffff8800113487f). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042014-23400-01.
4/20/2014 5:22:56 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby Gary R » April 27th, 2014, 2:31 pm

OK, I'm looking over your new logs now, but I'm going out shortly, and I will be out for the rest of tonight, so it will probably be tomorrow morning (my time GMT) before I get back to you.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby Gary R » April 28th, 2014, 5:27 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, there's one or two indications of infection in your logs, but before we start removing them, I'd like to run a few extra scans first, so we've got a more complete picture of what we're up against.

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Finally ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield: (do not include Code: Select all)
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Summary of the logs I need from you in your next post:
  • AdwCleaner[R1].txt
  • FRST.txt
  • Addition.txt
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » April 28th, 2014, 1:53 pm

Thanks for the quick reply! Here are the logs in order that you specified: AdwCleaner

# AdwCleaner v3.205 - Report created 28/04/2014 at 13:45:09
# Updated 28/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Eric - ERIC-PC
# Running from : C:\Users\Eric\Desktop\adwcleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\invalidprefs.js
File Found : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\bingp.xml
File Found : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml
Folder Found : C:\AI_RecycleBin
Folder Found : C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\SearchProtectINT
Key Found : HKCU\Software\wnlt
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\SearchProtectINT
Key Found : [x64] HKCU\Software\wnlt
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\dynconie.dynconieobject
Key Found : HKLM\SOFTWARE\Classes\dynconie.dynconieobject.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{781CA792-9B6E-400B-B36F-15C097D2CA54}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={11671379-DEC2-11E2-89DE-CDBE317362FD}

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\prefs.js ]

Line Found : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3608 octets] - [28/04/2014 13:38:43]
AdwCleaner[R1].txt - [3668 octets] - [28/04/2014 13:43:52]
AdwCleaner[R2].txt - [3558 octets] - [28/04/2014 13:45:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [3618 octets] ##########
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » April 28th, 2014, 1:54 pm

:FRST64

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Eric (administrator) on ERIC-PC on 28-04-2014 13:46:52
Running from C:\Users\Eric\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Spotify Web Helper] => C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [BitTorrent] => C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe [1236832 2014-04-23] (BitTorrent Inc.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\MountPoints2: {57164eec-c8f1-11e3-a0b2-f685580efd11} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B82EAFF7A5FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st= ... 045&barid={11671379-DEC2-11E2-89DE-CDBE317362FD}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... 6398251&q={searchTerms}&SSPV=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll ()
BHO-x32: InfoSeeker - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\InfoSeeker\IE\common.dll (Big Water Applications, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 202.76.225.179 patch.playro2.com # RO2 Patch Server
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @softnyxNpruntime - E:\SoftnyxGame\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

Chrome:
=======
CHR Extension: (Sad Panda) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2014-01-05]
CHR Extension: (AdBlock) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Eric\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-05] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S4 HiPatchService; E:\Tribes Ascend\HiPatchService.exe [9216 2013-07-17] (Hi-Rez Studios)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()
S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
S4 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek)

==================== Drivers (Whitelisted) ====================

S3 hxsyol; E:\Aura\AuraKingdom\avital\hxsy64.sys [86352 2013-11-26] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GunBod; \??\E:\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 13:46 - 2014-04-28 13:47 - 00017482 _____ () C:\Users\Eric\Downloads\FRST.txt
2014-04-28 13:46 - 2014-04-28 13:46 - 02061824 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-04-28 13:46 - 2014-04-28 13:46 - 00000000 ____D () C:\FRST
2014-04-28 13:44 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Desktop\adwcleaner (1).exe
2014-04-28 13:38 - 2014-04-28 13:45 - 00000000 ____D () C:\AdwCleaner
2014-04-28 13:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-28 13:37 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Downloads\adwcleaner (1).exe
2014-04-28 13:35 - 2014-04-28 13:35 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-28 13:35 - 2014-04-28 13:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERIC-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\RegBackup
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-28 13:34 - 2014-04-28 13:34 - 03944112 _____ () C:\Users\Eric\Downloads\tweaking.com_registry_backup_setup.exe
2014-04-22 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 13:53 - 2014-04-21 13:53 - 01376768 _____ () C:\Users\Eric\Downloads\7z920-x64 (2).msi
2014-04-21 13:52 - 2014-04-21 13:52 - 08842241 _____ () C:\Users\Eric\Downloads\245 again.7z
2014-04-20 21:10 - 2014-04-27 14:11 - 00018651 _____ () C:\Users\Eric\Desktop\attach.txt
2014-04-20 21:10 - 2014-04-27 14:10 - 00021596 _____ () C:\Users\Eric\Desktop\dds.txt
2014-04-20 21:09 - 2014-04-20 21:09 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-04-20 21:08 - 2014-04-20 21:08 - 00279688 _____ () C:\Windows\Minidump\042014-34413-01.dmp
2014-04-20 21:02 - 2014-04-20 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eric\Downloads\HijackThis.exe
2014-04-20 21:02 - 2014-04-20 21:02 - 00011462 _____ () C:\Users\Eric\Downloads\hijackthis.log
2014-04-20 21:01 - 2014-04-20 21:01 - 00000222 _____ () C:\Users\Eric\Desktop\PlanetSide 2.url
2014-04-20 20:54 - 2014-04-20 20:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 20:54 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-12 16:25 - 2014-04-12 16:25 - 00015913 _____ () C:\Users\Eric\Documents\TaxStateReturn2013_Form_EL101.htm
2014-04-11 16:01 - 2014-04-11 16:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-11 15:55 - 2014-04-11 15:56 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-11 15:39 - 2014-04-11 15:39 - 01007930 _____ () C:\Users\Eric\Downloads\amddriverdownload_installer.exe
2014-04-09 12:15 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 12:15 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 12:15 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 12:15 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 12:15 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 12:15 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 12:15 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 12:15 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:15 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:15 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:15 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:15 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 12:15 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\Users\Eric\AppData\Local\Skype
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-04-28 13:47 - 2014-04-28 13:46 - 00017482 _____ () C:\Users\Eric\Downloads\FRST.txt
2014-04-28 13:46 - 2014-04-28 13:46 - 02061824 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-04-28 13:46 - 2014-04-28 13:46 - 00000000 ____D () C:\FRST
2014-04-28 13:46 - 2013-06-02 16:21 - 01958253 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 13:45 - 2014-04-28 13:38 - 00000000 ____D () C:\AdwCleaner
2014-04-28 13:45 - 2013-06-20 13:09 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\BitTorrent
2014-04-28 13:41 - 2013-06-04 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-28 13:37 - 2014-04-28 13:44 - 01310283 _____ () C:\Users\Eric\Desktop\adwcleaner (1).exe
2014-04-28 13:37 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Downloads\adwcleaner (1).exe
2014-04-28 13:37 - 2013-06-02 21:27 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Skype
2014-04-28 13:35 - 2014-04-28 13:35 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-28 13:35 - 2014-04-28 13:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERIC-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\RegBackup
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-28 13:34 - 2014-04-28 13:34 - 03944112 _____ () C:\Users\Eric\Downloads\tweaking.com_registry_backup_setup.exe
2014-04-28 13:18 - 2013-06-02 05:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-28 12:51 - 2013-06-02 22:14 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Spotify
2014-04-28 04:18 - 2013-06-02 05:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-27 14:11 - 2014-04-20 21:10 - 00018651 _____ () C:\Users\Eric\Desktop\attach.txt
2014-04-27 14:10 - 2014-04-20 21:10 - 00021596 _____ () C:\Users\Eric\Desktop\dds.txt
2014-04-27 12:33 - 2013-07-28 01:00 - 00024111 _____ () C:\Windows\setupact.log
2014-04-27 00:31 - 2013-06-02 22:15 - 00000000 ____D () C:\Users\Eric\AppData\Local\Spotify
2014-04-26 22:58 - 2013-06-03 00:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-24 08:14 - 2014-02-19 20:55 - 00000000 ____D () C:\Users\Eric\AppData\Local\Akamai
2014-04-22 03:42 - 2014-02-12 04:45 - 00000000 ____D () C:\Windows\rescache
2014-04-22 03:22 - 2009-07-14 00:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 03:22 - 2009-07-14 00:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 03:21 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 03:17 - 2013-06-04 18:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-22 03:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 03:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 13:53 - 2014-04-21 13:53 - 01376768 _____ () C:\Users\Eric\Downloads\7z920-x64 (2).msi
2014-04-21 13:52 - 2014-04-21 13:52 - 08842241 _____ () C:\Users\Eric\Downloads\245 again.7z
2014-04-20 21:10 - 2013-11-28 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-20 21:09 - 2014-04-20 21:09 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-04-20 21:08 - 2014-04-20 21:08 - 00279688 _____ () C:\Windows\Minidump\042014-34413-01.dmp
2014-04-20 21:08 - 2013-06-20 13:02 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 21:08 - 2013-06-03 03:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-20 21:02 - 2014-04-20 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eric\Downloads\HijackThis.exe
2014-04-20 21:02 - 2014-04-20 21:02 - 00011462 _____ () C:\Users\Eric\Downloads\hijackthis.log
2014-04-20 21:01 - 2014-04-20 21:01 - 00000222 _____ () C:\Users\Eric\Desktop\PlanetSide 2.url
2014-04-20 20:55 - 2014-04-20 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 20:47 - 2013-06-02 16:41 - 00000000 ____D () C:\Users\Eric
2014-04-20 20:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-20 20:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-20 19:36 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-19 00:06 - 2013-06-03 07:04 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-19 00:06 - 2013-06-03 07:04 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-12 20:27 - 2013-06-03 03:55 - 00000000 ____D () C:\ProgramData\Origin
2014-04-12 16:25 - 2014-04-12 16:25 - 00015913 _____ () C:\Users\Eric\Documents\TaxStateReturn2013_Form_EL101.htm
2014-04-12 03:01 - 2013-09-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 16:01 - 2014-04-11 16:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-11 16:01 - 2013-06-02 14:13 - 00000000 ____D () C:\ProgramData\AMD
2014-04-11 15:56 - 2014-04-11 15:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-11 15:48 - 2013-08-26 18:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-11 15:39 - 2014-04-11 15:39 - 01007930 _____ () C:\Users\Eric\Downloads\amddriverdownload_installer.exe
2014-04-11 15:03 - 2013-06-26 19:17 - 00000000 ____D () C:\Users\Eric\AppData\Local\Arma 3
2014-04-11 13:46 - 2013-06-26 19:17 - 00000000 ____D () C:\Users\Eric\Documents\Arma 3
2014-04-09 23:34 - 2013-09-16 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-04-06 19:32 - 2013-06-08 19:41 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Bioshock
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\Users\Eric\AppData\Local\Skype
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-04 17:47 - 2013-06-02 21:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-04 17:47 - 2013-06-02 21:27 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 03:00 - 2013-10-16 03:00 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-03 03:00 - 2013-06-04 14:48 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:00 - 2013-06-04 14:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 03:00 - 2013-06-04 14:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-31 03:51 - 2014-04-20 20:54 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe


Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_10.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_5.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_6.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Eric\AppData\Local\Temp\DownloadManager.exe
C:\Users\Eric\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Eric\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Eric\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Eric\AppData\Local\Temp\nsa13A8.exe
C:\Users\Eric\AppData\Local\Temp\nsj416B.exe
C:\Users\Eric\AppData\Local\Temp\nsj5D29.exe
C:\Users\Eric\AppData\Local\Temp\nso4534.exe
C:\Users\Eric\AppData\Local\Temp\nsp5B26.exe
C:\Users\Eric\AppData\Local\Temp\nsz4350.exe
C:\Users\Eric\AppData\Local\Temp\nsz5F0E.exe
C:\Users\Eric\AppData\Local\Temp\oi_{B1713E89-00EF-4C06-A54F-F65DA83D1F9E}.exe
C:\Users\Eric\AppData\Local\Temp\raptrpatch.exe
C:\Users\Eric\AppData\Local\Temp\raptr_stub.exe
C:\Users\Eric\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Eric\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Eric\AppData\Local\Temp\sonarinst.exe
C:\Users\Eric\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eric\AppData\Local\Temp\tmp627E.exe
C:\Users\Eric\AppData\Local\Temp\tmp9C9F.exe
C:\Users\Eric\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 03:10

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Eric at 2014-04-28 13:47:14
Running from C:\Users\Eric\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version: - Misfits Attic)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ASPCA Reminder by We-Care.com v4.1.22.1 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.1 - We-Care.com)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.9 - )
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version: - )
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version: - DICE)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30889 - BitTorrent Inc.)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version: - )
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F68634D8-574F-42B2-B6D0-9B447EA9581E}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.2.3 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.5.4162 - battleclinic.com)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
GIGABYTE OC_GURU II (x32 Version: 1.20.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment)
Hawken (HKCU\...\Hawken) (Version: - Meteor Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InfoSeeker (HKLM-x32\...\InfoSeeker) (Version: 2.6.17 - Big Water Applications, LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
MechWarrior Online (HKLM-x32\...\{6e1168d7-2c3b-442d-99b0-e3d234179efc}) (Version: 1.4.2.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version: - Beautifun Games)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version: - Softnyx co.,ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version: - Gravity, Inc.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - Star Gem Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.10.26585 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D5412C67-998B-4246-A668-AB522D9F63FE}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F8580E12-045B-471B-AF74-98C977347F4E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{686A7FD7-2496-49C8-A0BE-D8A1CF1A32ED}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{39E58ED8-B687-49BD-88F9-968563F51F8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{00A8F3D3-B596-4E04-A180-C9EB4EC87762}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{12087F1E-35F9-4620-9157-BD9C3CFFA2E2}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F9FAC8C0-20D9-4DC7-9A56-13B02BD4B724}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{D7038FAE-BD4E-45A4-B9F2-338BEF63BDA3}) (Version: 1.3.1309.1602 - SplitMediaLabs)

==================== Restore Points =========================

26-04-2014 00:21:10 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-06-05 14:21 - 00000879 ____A C:\Windows\system32\Drivers\etc\hosts
202.76.225.179 patch.playro2.com # RO2 Patch Server

==================== Scheduled Tasks (whitelisted) =============

Task: {06F4C671-78DA-4003-803C-9FCFD0AA72D0} - System32\Tasks\{AC259DDE-F5A5-4B54-B117-66299C955B2C} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/en/a ... rogressBar
Task: {393D58DC-2A7F-4D3A-8052-7F5206DBB5A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: {5FFB0865-B354-4612-A297-30D70018E401} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {80927702-72BF-4089-A4FA-59C3D584FB2B} - System32\Tasks\Asrsetup => D:\ASRSetup.exe
Task: {984B75CA-CBA4-41F7-88F4-3958ADFD365B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BC2ED81E-795F-411C-AE9D-F44752EFF325} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DE0A0247-6F7B-4B76-954F-3EE60E2B2096} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F007C043-615D-4476-A6D5-AD4406FC1C61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {F82DC514-7284-4401-A5DC-7942503B17D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-03 07:04 - 2014-03-09 18:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-12 20:09 - 2014-03-12 20:09 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-06-02 05:01 - 2012-09-17 04:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00602680 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-05-07 10:26 - 2013-05-07 10:26 - 01302080 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-06-02 21:10 - 2014-04-25 11:32 - 05650424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe
2013-08-20 17:14 - 2013-07-10 16:56 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exe
2014-03-12 20:10 - 2014-03-12 20:10 - 08884904 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2013-01-09 10:09 - 2013-01-09 10:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2012-09-04 13:34 - 2012-09-04 13:34 - 01066856 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-08 21:20 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-20 20:57 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-20 20:57 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2014-04-20 20:58 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-04-20 20:58 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-04-20 20:58 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-20 20:58 - 2014-02-25 17:57 - 00119488 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-04-20 20:58 - 2013-06-14 19:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2013-06-02 22:15 - 2014-04-03 22:44 - 36966968 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00886840 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00108600 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libegl.dll
2013-12-13 13:41 - 2013-12-13 13:41 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2014-04-08 21:20 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2013-09-06 15:51 - 2014-04-25 11:32 - 01532920 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\RiotLauncher.dll
2013-08-20 17:14 - 2013-07-10 16:55 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RealtekSE => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: BitTorrent => "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2014 05:26:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0056447a
Faulting process id: 0x1e50
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3

Error: (04/26/2014 07:28:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/26/2014 07:28:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/25/2014 10:01:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: GameOverlayUI.exe, version: 2.13.4.49, time stamp: 0x530d0f3d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x14a8
Faulting application start time: 0xGameOverlayUI.exe0
Faulting application path: GameOverlayUI.exe1
Faulting module path: GameOverlayUI.exe2
Report Id: GameOverlayUI.exe3

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/24/2014 06:34:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/24/2014 06:34:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/23/2014 06:11:14 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/23/2014 01:31:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (04/27/2014 04:21:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/26/2014 05:21:37 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/26/2014 04:57:33 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/26/2014 03:35:52 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/25/2014 11:29:28 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The backup browser is stopping.

Error: (04/24/2014 11:27:21 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/24/2014 09:08:11 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/23/2014 00:23:37 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/22/2014 10:25:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/22/2014 10:25:17 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (04/26/2014 05:26:21 PM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050056447a1e5001cf617789d79368C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll690db943-cd89-11e3-9603-c7fad4661228

Error: (04/26/2014 07:28:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/26/2014 07:28:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/25/2014 10:01:21 PM) (Source: Application Error)(User: )
Description: GameOverlayUI.exe2.13.4.49530d0f3dntdll.dll6.1.7601.18247521ea8e7c0000374000ce75314a801cf60f091cae5faC:\Program Files (x86)\Steam\GameOverlayUI.exeC:\Windows\SysWOW64\ntdll.dlla95b77a8-cce6-11e3-9603-c7fad4661228

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/24/2014 06:34:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/24/2014 06:34:01 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/23/2014 06:11:14 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/23/2014 01:31:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 16267.08 MB
Available physical RAM: 11029.82 MB
Total Pagefile: 32532.34 MB
Available Pagefile: 24075.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:12.65 GB) NTFS
Drive e: (HDD) (Fixed) (Total:1862.92 GB) (Free:1475.99 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:1260.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F13C9D28)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198732414976) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: F13C9D50)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: A9EC7FBC)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » April 28th, 2014, 1:54 pm

:SystemLook

SystemLook 04.09.10 by jpshortstuff
Log created at 13:48 on 28/04/2014 by Eric
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
No files found.

Searching for "*conduit*"
C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml --a---- 861 bytes [06:17 04/01/2014] [06:17 04/01/2014] 9606B042EEA553031B6A30EAFFA04566

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
@="IUccUserSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
@="IUccUserSearchQueryEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
@="_IUccUserSearchQueryEvents"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QAccessibleFactoryInterface:]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.com":"q","search.etype.com":"query","isea
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP22CA2215-240F-46C8-95DE-88ABF6398251&q={searchTerms}&SSPV="
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks\script_storage]
"WSG_whiteList"="{"search.babylon.com":"q","search.imesh.net":"q","www.search-results.com":"q","home.mywebsearch.com":"searchfor","search.mywebsearch.com":"searchfor","search.mindspark.com":"searchfor","search.conduit.com":"q","search.zugo.com":"p","www2.mystart.com":"q","www.mystart.com":"q","www.bigseekpro.com":"q","bigseekpro.com":"q","bigspeedpro.com":"q","search.esnips.com":"searchQuery","search.foxtab.com":"q","search.brothersoft.com":"keyword","search.softonic.com":"q","www.dogpile.com":"q","search.infospace.com":"q","search.iobit.com":"q","search.iminent.com":"","search.facemoods.com":"s","www.plusnetwork.com":"q","www.alothome.com":"q","alothome.com":"q","search.alothome.com":"q","search.chatvibes.com":"q","search.blekko.com":"","www.searchnu.com":"q","searchnu.com":"q","search.icq.co
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP22CA2215-240F-46C8-95DE-88ABF6398251&q={searchTerms}&SSPV="
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"

-= EOF =-
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby Gary R » April 28th, 2014, 4:24 pm

  • Click Start
  • Type msconfig.exe in the Search programs and files box, then hit Enter
  • A System Configuration box will open.
  • Click on the Startup tab.
  • Click Enable all
  • Click OK

Now run a new scan with FRST and post me the 2 new logs that are created.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » May 1st, 2014, 12:05 pm

Sorry for the late reply, here is the new scan: FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2014
Ran by Eric (administrator) on ERIC-PC on 01-05-2014 12:04:50
Running from C:\Users\Eric\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE
(BitTorrent Inc.) C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\Eric\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\SndVol.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Spotify Web Helper] => C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-03] (Spotify Ltd)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [BitTorrent] => C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe [1236832 2014-04-23] (BitTorrent Inc.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eric\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\MountPoints2: {57164eec-c8f1-11e3-a0b2-f685580efd11} - G:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA4100 Genie.lnk
ShortcutTarget: NETGEAR WNDA4100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA4100\WNDA4100.EXE (NETGEAR)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Eric\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7B82EAFF7A5FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st= ... 045&barid={11671379-DEC2-11E2-89DE-CDBE317362FD}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... 6398251&q={searchTerms}&SSPV=
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll ()
BHO-x32: InfoSeeker - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\InfoSeeker\IE\common.dll (Big Water Applications, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 202.76.225.179 patch.playro2.com # RO2 Patch Server
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.msn.com/?pc=U018&ocid=U018DHP&dt=062913
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @softnyxNpruntime - E:\SoftnyxGame\SoftnyxGame\NyxLauncherIS\npSoftnyx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

Chrome:
=======
CHR Extension: (Sad Panda) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2014-01-05]
CHR Extension: (AdBlock) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-05]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-05]
CHR Extension: (Skype Click to Call) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Eric\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-08-24]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-05] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 HiPatchService; E:\Tribes Ascend\HiPatchService.exe [9216 2013-07-17] (Hi-Rez Studios)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-03-09] ()
S4 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2012-04-30] (Ralink Technology, Corp.)
S4 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2012-04-30] (Ralink Technology, Corp.)
S4 RealtekSE; C:\Program Files (x86)\ASUS\PCE-N10 WLAN Card Utilities\RtlService.exe [36864 2011-06-23] (Realtek)

==================== Drivers (Whitelisted) ====================

S3 hxsyol; E:\Aura\AuraKingdom\avital\hxsy64.sys [86352 2013-11-26] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GunBod; \??\E:\SoftnyxGame\GunBoundIS\avital\gunbod64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 19:48 - 2014-04-28 19:48 - 00004684 _____ () C:\Users\Eric\Downloads\46D5.tmp
2014-04-28 13:48 - 2014-04-28 13:52 - 00033368 _____ () C:\Users\Eric\Downloads\SystemLook.txt
2014-04-28 13:48 - 2014-04-28 13:48 - 00096256 _____ () C:\Users\Eric\Downloads\SystemLook_x64.exe
2014-04-28 13:48 - 2014-04-28 13:48 - 00052712 _____ () C:\Users\Eric\Desktop\Addition.txt
2014-04-28 13:48 - 2014-04-28 13:48 - 00037014 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-04-28 13:47 - 2014-04-28 13:47 - 00052712 _____ () C:\Users\Eric\Downloads\Addition.txt
2014-04-28 13:46 - 2014-05-01 12:04 - 00017571 _____ () C:\Users\Eric\Downloads\FRST.txt
2014-04-28 13:46 - 2014-05-01 12:04 - 00000000 ____D () C:\FRST
2014-04-28 13:46 - 2014-04-28 13:46 - 02061824 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-04-28 13:44 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Desktop\adwcleaner (1).exe
2014-04-28 13:38 - 2014-04-28 13:45 - 00000000 ____D () C:\AdwCleaner
2014-04-28 13:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-04-28 13:37 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Downloads\adwcleaner (1).exe
2014-04-28 13:35 - 2014-04-28 13:35 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-28 13:35 - 2014-04-28 13:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERIC-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\RegBackup
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-28 13:34 - 2014-04-28 13:34 - 03944112 _____ () C:\Users\Eric\Downloads\tweaking.com_registry_backup_setup.exe
2014-04-22 03:01 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 03:01 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 03:01 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 03:01 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 03:00 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-22 03:00 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-22 03:00 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 03:00 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-22 03:00 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 03:00 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 03:00 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 03:00 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 03:00 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 03:00 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-22 03:00 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 03:00 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 03:00 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 03:00 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 03:00 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 03:00 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 03:00 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 03:00 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 03:00 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 03:00 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 03:00 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 03:00 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 03:00 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 03:00 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 03:00 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 03:00 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 03:00 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 03:00 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 03:00 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 03:00 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 03:00 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 03:00 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 03:00 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 03:00 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 03:00 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 03:00 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 03:00 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 03:00 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 03:00 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 03:00 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 03:00 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 03:00 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 03:00 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 13:53 - 2014-04-21 13:53 - 01376768 _____ () C:\Users\Eric\Downloads\7z920-x64 (2).msi
2014-04-21 13:52 - 2014-04-21 13:52 - 08842241 _____ () C:\Users\Eric\Downloads\245 again.7z
2014-04-20 21:10 - 2014-04-27 14:11 - 00018651 _____ () C:\Users\Eric\Desktop\attach.txt
2014-04-20 21:10 - 2014-04-27 14:10 - 00021596 _____ () C:\Users\Eric\Desktop\dds.txt
2014-04-20 21:09 - 2014-04-20 21:09 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-04-20 21:08 - 2014-04-20 21:08 - 00279688 _____ () C:\Windows\Minidump\042014-34413-01.dmp
2014-04-20 21:02 - 2014-04-20 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eric\Downloads\HijackThis.exe
2014-04-20 21:02 - 2014-04-20 21:02 - 00011462 _____ () C:\Users\Eric\Downloads\hijackthis.log
2014-04-20 21:01 - 2014-04-20 21:01 - 00000222 _____ () C:\Users\Eric\Desktop\PlanetSide 2.url
2014-04-20 20:54 - 2014-04-20 20:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 20:54 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-12 16:25 - 2014-04-12 16:25 - 00015913 _____ () C:\Users\Eric\Documents\TaxStateReturn2013_Form_EL101.htm
2014-04-11 16:01 - 2014-04-11 16:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-11 15:55 - 2014-04-11 15:56 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-11 15:39 - 2014-04-11 15:39 - 01007930 _____ () C:\Users\Eric\Downloads\amddriverdownload_installer.exe
2014-04-09 12:15 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 12:15 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 12:15 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 12:15 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 12:15 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 12:15 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 12:15 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 12:15 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 12:15 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 12:15 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 12:15 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 12:15 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 12:15 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 12:15 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\Users\Eric\AppData\Local\Skype
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== One Month Modified Files and Folders =======

2014-05-01 12:04 - 2014-04-28 13:46 - 00017571 _____ () C:\Users\Eric\Downloads\FRST.txt
2014-05-01 12:04 - 2014-04-28 13:46 - 00000000 ____D () C:\FRST
2014-05-01 12:03 - 2013-06-20 13:09 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\BitTorrent
2014-05-01 11:46 - 2013-06-03 00:59 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-01 11:41 - 2013-06-04 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 11:25 - 2013-06-02 21:27 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Skype
2014-05-01 11:18 - 2013-06-02 05:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 10:11 - 2013-06-02 22:14 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Spotify
2014-05-01 04:26 - 2013-06-02 05:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-30 12:30 - 2013-06-02 16:21 - 01535148 _____ () C:\Windows\WindowsUpdate.log
2014-04-30 04:39 - 2013-06-02 21:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-28 21:10 - 2009-07-14 00:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-28 21:10 - 2009-07-14 00:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-28 19:48 - 2014-04-28 19:48 - 00004684 _____ () C:\Users\Eric\Downloads\46D5.tmp
2014-04-28 16:38 - 2013-12-16 23:40 - 00000000 ____D () C:\Windows\pss
2014-04-28 16:38 - 2013-06-02 16:41 - 00000000 ___RD () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-28 13:52 - 2014-04-28 13:48 - 00033368 _____ () C:\Users\Eric\Downloads\SystemLook.txt
2014-04-28 13:48 - 2014-04-28 13:48 - 00096256 _____ () C:\Users\Eric\Downloads\SystemLook_x64.exe
2014-04-28 13:48 - 2014-04-28 13:48 - 00052712 _____ () C:\Users\Eric\Desktop\Addition.txt
2014-04-28 13:48 - 2014-04-28 13:48 - 00037014 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-04-28 13:47 - 2014-04-28 13:47 - 00052712 _____ () C:\Users\Eric\Downloads\Addition.txt
2014-04-28 13:46 - 2014-04-28 13:46 - 02061824 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-04-28 13:45 - 2014-04-28 13:38 - 00000000 ____D () C:\AdwCleaner
2014-04-28 13:37 - 2014-04-28 13:44 - 01310283 _____ () C:\Users\Eric\Desktop\adwcleaner (1).exe
2014-04-28 13:37 - 2014-04-28 13:37 - 01310283 _____ () C:\Users\Eric\Downloads\adwcleaner (1).exe
2014-04-28 13:35 - 2014-04-28 13:35 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-04-28 13:35 - 2014-04-28 13:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ERIC-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\RegBackup
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-04-28 13:35 - 2014-04-28 13:35 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-28 13:34 - 2014-04-28 13:34 - 03944112 _____ () C:\Users\Eric\Downloads\tweaking.com_registry_backup_setup.exe
2014-04-27 14:11 - 2014-04-20 21:10 - 00018651 _____ () C:\Users\Eric\Desktop\attach.txt
2014-04-27 14:10 - 2014-04-20 21:10 - 00021596 _____ () C:\Users\Eric\Desktop\dds.txt
2014-04-27 12:33 - 2013-07-28 01:00 - 00024111 _____ () C:\Windows\setupact.log
2014-04-27 00:31 - 2013-06-02 22:15 - 00000000 ____D () C:\Users\Eric\AppData\Local\Spotify
2014-04-24 08:14 - 2014-02-19 20:55 - 00000000 ____D () C:\Users\Eric\AppData\Local\Akamai
2014-04-22 03:42 - 2014-02-12 04:45 - 00000000 ____D () C:\Windows\rescache
2014-04-22 03:21 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 03:17 - 2013-06-04 18:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-22 03:17 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 03:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 13:53 - 2014-04-21 13:53 - 01376768 _____ () C:\Users\Eric\Downloads\7z920-x64 (2).msi
2014-04-21 13:52 - 2014-04-21 13:52 - 08842241 _____ () C:\Users\Eric\Downloads\245 again.7z
2014-04-20 21:10 - 2013-11-28 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-20 21:09 - 2014-04-20 21:09 - 00688992 ____R (Swearware) C:\Users\Eric\Desktop\dds.scr
2014-04-20 21:08 - 2014-04-20 21:08 - 00279688 _____ () C:\Windows\Minidump\042014-34413-01.dmp
2014-04-20 21:08 - 2013-06-20 13:02 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 21:08 - 2013-06-03 03:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-20 21:02 - 2014-04-20 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Eric\Downloads\HijackThis.exe
2014-04-20 21:02 - 2014-04-20 21:02 - 00011462 _____ () C:\Users\Eric\Downloads\hijackthis.log
2014-04-20 21:01 - 2014-04-20 21:01 - 00000222 _____ () C:\Users\Eric\Desktop\PlanetSide 2.url
2014-04-20 20:55 - 2014-04-20 20:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-20 20:47 - 2013-06-02 16:41 - 00000000 ____D () C:\Users\Eric
2014-04-20 20:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-04-20 20:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-04-20 19:36 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-19 00:06 - 2013-06-03 07:04 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-19 00:06 - 2013-06-03 07:04 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-12 20:27 - 2013-06-03 03:55 - 00000000 ____D () C:\ProgramData\Origin
2014-04-12 16:25 - 2014-04-12 16:25 - 00015913 _____ () C:\Users\Eric\Documents\TaxStateReturn2013_Form_EL101.htm
2014-04-12 03:01 - 2013-09-16 12:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-11 16:01 - 2014-04-11 16:01 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-04-11 16:01 - 2013-06-02 14:13 - 00000000 ____D () C:\ProgramData\AMD
2014-04-11 15:56 - 2014-04-11 15:55 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-04-11 15:48 - 2013-08-26 18:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-11 15:39 - 2014-04-11 15:39 - 01007930 _____ () C:\Users\Eric\Downloads\amddriverdownload_installer.exe
2014-04-11 15:03 - 2013-06-26 19:17 - 00000000 ____D () C:\Users\Eric\AppData\Local\Arma 3
2014-04-11 13:46 - 2013-06-26 19:17 - 00000000 ____D () C:\Users\Eric\Documents\Arma 3
2014-04-09 23:34 - 2013-09-16 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-04-06 19:32 - 2013-06-08 19:41 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Bioshock
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\Users\Eric\AppData\Local\Skype
2014-04-04 17:47 - 2014-04-04 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-04 17:47 - 2013-06-02 21:27 - 00000000 ____D () C:\ProgramData\Skype
2014-04-03 03:00 - 2013-10-16 03:00 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-04-03 03:00 - 2013-06-04 14:48 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:00 - 2013-06-04 14:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 03:00 - 2013-06-04 14:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe


Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_10.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_5.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_6.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Eric\AppData\Local\Temp\DownloadManager.exe
C:\Users\Eric\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Eric\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Eric\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Eric\AppData\Local\Temp\nsa13A8.exe
C:\Users\Eric\AppData\Local\Temp\nsj416B.exe
C:\Users\Eric\AppData\Local\Temp\nsj5D29.exe
C:\Users\Eric\AppData\Local\Temp\nso4534.exe
C:\Users\Eric\AppData\Local\Temp\nsp5B26.exe
C:\Users\Eric\AppData\Local\Temp\nsz4350.exe
C:\Users\Eric\AppData\Local\Temp\nsz5F0E.exe
C:\Users\Eric\AppData\Local\Temp\oi_{B1713E89-00EF-4C06-A54F-F65DA83D1F9E}.exe
C:\Users\Eric\AppData\Local\Temp\raptrpatch.exe
C:\Users\Eric\AppData\Local\Temp\raptr_stub.exe
C:\Users\Eric\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Eric\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Eric\AppData\Local\Temp\sonarinst.exe
C:\Users\Eric\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eric\AppData\Local\Temp\tmp627E.exe
C:\Users\Eric\AppData\Local\Temp\tmp9C9F.exe
C:\Users\Eric\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 05:04

==================== End Of Log ============================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby mrsunnybones » May 1st, 2014, 12:06 pm

Here is the addition (it doesnt seem to have changed?)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Eric at 2014-04-28 13:47:14
Running from C:\Users\Eric\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Virus Named TOM (HKLM-x32\...\Steam App 207650) (Version: - Misfits Attic)
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
ARMA 2 Operation Arrowhead Uninstall (HKLM-x32\...\ARMA 2 Operation Arrowhead) (Version: - )
ArmA 2 Uninstall (HKLM-x32\...\ArmA 2) (Version: - )
Arma 3 Alpha (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
ASPCA Reminder by We-Care.com v4.1.22.1 (HKLM-x32\...\{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}) (Version: 4.1.22.1 - We-Care.com)
ASUS PCE-N10 WLAN Card Utilities & Driver (HKLM-x32\...\{556BEFE2-30FF-4113-98F4-01234396DF2B}) (Version: 1.0.0.9 - )
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version: - )
Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)
Battlefield 2 (HKLM-x32\...\Steam App 24860) (Version: - DICE)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30889 - BitTorrent Inc.)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version: - )
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment)
Convert Audio Free FLAC to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
Day of Defeat (HKLM-x32\...\Steam App 30) (Version: - Valve)
DayZ Commander (HKLM-x32\...\{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}) (Version: 0.92.79 - Dotjosh Studios)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F68634D8-574F-42B2-B6D0-9B447EA9581E}) (Version: - Microsoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.8.16603 - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.2.3 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
Eets Munchies (HKLM-x32\...\Steam App 214550) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.8.5.4162 - battleclinic.com)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
GIGABYTE OC_GURU II (x32 Version: 1.20.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.50.5145 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - MAIET Entertainment)
Hawken (HKCU\...\Hawken) (Version: - Meteor Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InfoSeeker (HKLM-x32\...\InfoSeeker) (Version: 2.6.17 - Big Water Applications, LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Internet Explorer Toolbar 4.8 by SweetPacks (HKLM-x32\...\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}) (Version: 4.8.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LIMBO (HKLM-x32\...\Steam App 48000) (Version: - Playdead)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
MechWarrior Online (HKLM-x32\...\{6e1168d7-2c3b-442d-99b0-e3d234179efc}) (Version: 1.4.2.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mumble 1.2.5 (HKLM-x32\...\{C7BC557D-8C8B-4F5F-83AB-D20C58CF4575}) (Version: 1.2.5 - Thorvald Natvig)
NETGEAR WNDA4100 Genie (HKLM-x32\...\InstallShield_{422FB885-2E3D-4F0C-8C47-BF4336B5318B}) (Version: 1.2.0.10 - NETGEAR)
NETGEAR WNDA4100 Genie (x32 Version: 1.2.0.10 - NETGEAR) Hidden
Nihilumbra (HKLM-x32\...\Steam App 252670) (Version: - Beautifun Games)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NyxLauncherIS (HKLM-x32\...\NyxLauncherIS_is1) (Version: - Softnyx co.,ltd.)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version: - Gravity, Inc.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Star Conflict (HKLM-x32\...\Steam App 212070) (Version: - Star Gem Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.10.26585 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tribes Ascend (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}) (Version: 1.0.1268.1 - Hi-Rez Studios)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D5412C67-998B-4246-A668-AB522D9F63FE}) (Version: - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{614E655F-A0ED-435A-8E0C-A81EE4BA7BC7}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A2275591-C3AA-4A6C-A696-F958B6C65B3E}) (Version: - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E759A69-FA72-4B3C-BE2F-D1194764D31E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F8580E12-045B-471B-AF74-98C977347F4E}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{686A7FD7-2496-49C8-A0BE-D8A1CF1A32ED}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{259F7CA1-7A87-4E60-85A9-0A55E60FF254}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{43EB1F58-DAA0-4F61-A4EE-C5651F85A047}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{76CACE05-7A19-4EAC-87D7-5BFF63AF7CDF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FEFF9FF6-FF61-455E-A8CC-3A1311A657AD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3FF4EA9F-3505-4726-A974-6593A968FFCC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9406D70B-2D9C-4613-A75A-F35B66BA8AFA}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA390537-AA88-450F-A240-5FB4648A124A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8D57F4A-0824-4043-89E7-3C6280B67A47}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AC4470FB-8011-4F16-B5D4-E0A34DE10C87}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D8B3D175-48B8-413F-8484-4D81E744B51C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{39E58ED8-B687-49BD-88F9-968563F51F8E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C809B1D6-BD31-4496-BCFE-4567E0854F5F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{856D47BC-036C-4692-8702-D6CCA8F428D0}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4FD8F672-3206-469C-B9F0-D6E72F7ACAB2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0554C4-62FE-4F66-BC87-1EE1EAC675EF}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F33ABF6A-3007-47E8-8E38-506A18E54641}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D97AACA3-9AEA-43FF-8CBA-93BED0443FC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{A54917FC-2C84-40F2-9525-7549BE08DE40}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B38036CB-BAF6-41D4-8810-FD016453ABB9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2A286156-257B-4528-9DB5-B4D4D53211BC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{92833C80-DC88-4A22-8630-407F810EF57B}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{602346D6-8E2F-4B0E-820A-CD62AC5B0DC9}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{00A8F3D3-B596-4E04-A180-C9EB4EC87762}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F2187E8D-C68A-4655-8551-1932878A5581}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9353CD85-4B19-45C4-8DBA-1391926351F6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F6EF67-B93C-4B7A-A2EB-E179E3436C69}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6D170CB5-8D22-4D1B-A811-B899FE588946}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AFB7E303-C8CA-4A08-AD3F-44A562B3C809}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{12087F1E-35F9-4620-9157-BD9C3CFFA2E2}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{DF3798F3-F45C-44DA-83B7-229A9EBC9654}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FE06DACB-AE2C-4DB7-B95D-97A320E59F45}) (Version: - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BBD4F4CE-65D4-4CEB-AE19-E5296A57AA6C}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2837C624-A972-43CF-BCE5-0AE2EFED72E3}) (Version: - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F9FAC8C0-20D9-4DC7-9A56-13B02BD4B724}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
XSplit Broadcaster (HKLM-x32\...\{D7038FAE-BD4E-45A4-B9F2-338BEF63BDA3}) (Version: 1.3.1309.1602 - SplitMediaLabs)

==================== Restore Points =========================

26-04-2014 00:21:10 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-06-05 14:21 - 00000879 ____A C:\Windows\system32\Drivers\etc\hosts
202.76.225.179 patch.playro2.com # RO2 Patch Server

==================== Scheduled Tasks (whitelisted) =============

Task: {06F4C671-78DA-4003-803C-9FCFD0AA72D0} - System32\Tasks\{AC259DDE-F5A5-4B54-B117-66299C955B2C} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/en/a ... rogressBar
Task: {393D58DC-2A7F-4D3A-8052-7F5206DBB5A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: {5FFB0865-B354-4612-A297-30D70018E401} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {80927702-72BF-4089-A4FA-59C3D584FB2B} - System32\Tasks\Asrsetup => D:\ASRSetup.exe
Task: {984B75CA-CBA4-41F7-88F4-3958ADFD365B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BC2ED81E-795F-411C-AE9D-F44752EFF325} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DE0A0247-6F7B-4B76-954F-3EE60E2B2096} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F007C043-615D-4476-A6D5-AD4406FC1C61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {F82DC514-7284-4401-A5DC-7942503B17D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-03 07:04 - 2014-03-09 18:23 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-12 20:09 - 2014-03-12 20:09 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-06-02 05:01 - 2012-09-17 04:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00602680 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-05-07 10:26 - 2013-05-07 10:26 - 01302080 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2013-06-02 21:10 - 2014-04-25 11:32 - 05650424 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\LoLLauncher.exe
2013-08-20 17:14 - 2013-07-10 16:56 - 00074752 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exe
2014-03-12 20:10 - 2014-03-12 20:10 - 08884904 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2013-03-08 01:17 - 2013-03-08 01:17 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2013-01-09 10:09 - 2013-01-09 10:09 - 00118784 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\Ralink.dll
2012-09-04 13:34 - 2012-09-04 13:34 - 01066856 _____ () C:\Program Files (x86)\NETGEAR\WNDA4100\RaWLAPI.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-08 21:20 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-08 21:20 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-20 20:57 - 2013-12-12 18:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-20 20:57 - 2013-11-04 21:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2014-04-20 20:58 - 2014-02-10 22:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-04-20 20:58 - 2014-02-25 17:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-04-20 20:58 - 2014-01-10 19:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-20 20:58 - 2014-02-25 17:57 - 00119488 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-04-20 20:58 - 2013-06-14 19:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-04-20 20:58 - 2013-06-14 19:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi
2013-06-02 22:15 - 2014-04-03 22:44 - 36966968 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00886840 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-19 19:36 - 2014-04-03 22:44 - 00108600 _____ () C:\Users\Eric\AppData\Roaming\Spotify\Data\libegl.dll
2013-12-13 13:41 - 2013-12-13 13:41 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
2014-04-08 21:20 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2013-09-06 15:51 - 2014-04-25 11:32 - 01532920 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.206\deploy\RiotLauncher.dll
2013-08-20 17:14 - 2013-07-10 16:55 - 04774248 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RealtekSE => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\startupfolder: C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: BitTorrent => "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent

==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Description: Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192Ce
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/26/2014 05:26:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: LolClient.exe, version: 0.0.0.0, time stamp: 0x515663e0
Faulting module name: Adobe AIR.dll, version: 3.7.0.1530, time stamp: 0x5156646c
Exception code: 0xc0000005
Fault offset: 0x0056447a
Faulting process id: 0x1e50
Faulting application start time: 0xLolClient.exe0
Faulting application path: LolClient.exe1
Faulting module path: LolClient.exe2
Report Id: LolClient.exe3

Error: (04/26/2014 07:28:29 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/26/2014 07:28:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/25/2014 10:01:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: GameOverlayUI.exe, version: 2.13.4.49, time stamp: 0x530d0f3d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x14a8
Faulting application start time: 0xGameOverlayUI.exe0
Faulting application path: GameOverlayUI.exe1
Faulting module path: GameOverlayUI.exe2
Report Id: GameOverlayUI.exe3

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/24/2014 06:34:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/24/2014 06:34:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/23/2014 06:11:14 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/23/2014 01:31:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.


System errors:
=============
Error: (04/27/2014 04:21:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/26/2014 05:21:37 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/26/2014 04:57:33 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/26/2014 03:35:52 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/25/2014 11:29:28 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The backup browser is stopping.

Error: (04/24/2014 11:27:21 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/24/2014 09:08:11 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer 8730WLS
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{62C529AC-BC63-42C5-850C-2BD80E4FAAD4}.
The master browser is stopping or an election is being forced.

Error: (04/23/2014 00:23:37 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/22/2014 10:25:18 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (04/22/2014 10:25:17 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.


Microsoft Office Sessions:
=========================
Error: (04/26/2014 05:26:21 PM) (Source: Application Error)(User: )
Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050056447a1e5001cf617789d79368C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.83\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dll690db943-cd89-11e3-9603-c7fad4661228

Error: (04/26/2014 07:28:29 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/26/2014 07:28:28 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/25/2014 10:01:21 PM) (Source: Application Error)(User: )
Description: GameOverlayUI.exe2.13.4.49530d0f3dntdll.dll6.1.7601.18247521ea8e7c0000374000ce75314a801cf60f091cae5faC:\Program Files (x86)\Steam\GameOverlayUI.exeC:\Windows\SysWOW64\ntdll.dlla95b77a8-cce6-11e3-9603-c7fad4661228

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/25/2014 00:48:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/24/2014 06:34:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/24/2014 06:34:01 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.Config0

Error: (04/23/2014 06:11:14 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/23/2014 01:31:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.Config0


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 16267.08 MB
Available physical RAM: 11029.82 MB
Total Pagefile: 32532.34 MB
Available Pagefile: 24075.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:12.65 GB) NTFS
Drive e: (HDD) (Fixed) (Total:1862.92 GB) (Free:1475.99 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:1260.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F13C9D28)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-198732414976) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: F13C9D50)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: A9EC7FBC)
Partition 1: (Not Active) - (Size=-698723990528) - (Type=07 NTFS)

==================== End Of Log ============================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Possible infection, programs running oddly

Unread postby Gary R » May 2nd, 2014, 7:03 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby Gary R » May 2nd, 2014, 7:24 pm

OK, lets get started cleaning your machine now ....

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Bit Torrent


Use of P2P is the quickest way to contract an infection I know. In return for our help this forum requires you remove all P2P programs from your computer.

Reboot your computer once it's uninstalled.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and clcik Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (do not include Code: Select all)
Code: Select all
(BitTorrent Inc.) C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\Run: [BitTorrent] => C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe [1236832 2014-04-23] (BitTorrent Inc.)
HKU\S-1-5-21-3290706055-244381115-3958062109-1000\...\MountPoints2: {57164eec-c8f1-11e3-a0b2-f685580efd11} - G:\VZW_Software_upgrade_assistant.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st= ... 045&barid= {11671379-DEC2-11E2-89DE-CDBE317362FD}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx? ... 6398251&q= {searchTerms}&SSPV=
BHO-x32: InfoSeeker - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\InfoSeeker\IE\common.dll (Big Water Applications, LLC)
Hosts: 202.76.225.179 patch.playro2.com # RO2 Patch Server
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-04-28 19:48 - 2014-04-28 19:48 - 00004684 _____ () C:\Users\Eric\Downloads\46D5.tmp
2014-05-01 12:03 - 2013-06-20 13:09 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\BitTorrent
C:\ProgramData\uninstaller.exe
C:\Users\Eric\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_10.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_5.exe
C:\Users\Eric\AppData\Local\Temp\1_Offer_6.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Eric\AppData\Local\Temp\6_Offer_17.exe
C:\Users\Eric\AppData\Local\Temp\DownloadManager.exe
C:\Users\Eric\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Eric\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Eric\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Eric\AppData\Local\Temp\nsa13A8.exe
C:\Users\Eric\AppData\Local\Temp\nsj416B.exe
C:\Users\Eric\AppData\Local\Temp\nsj5D29.exe
C:\Users\Eric\AppData\Local\Temp\nso4534.exe
C:\Users\Eric\AppData\Local\Temp\nsp5B26.exe
C:\Users\Eric\AppData\Local\Temp\nsz4350.exe
C:\Users\Eric\AppData\Local\Temp\nsz5F0E.exe
C:\Users\Eric\AppData\Local\Temp\oi_{B1713E89-00EF-4C06-A54F-F65DA83D1F9E}.exe
C:\Users\Eric\AppData\Local\Temp\raptrpatch.exe
C:\Users\Eric\AppData\Local\Temp\raptr_stub.exe
C:\Users\Eric\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Eric\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Eric\AppData\Local\Temp\sonarinst.exe
C:\Users\Eric\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eric\AppData\Local\Temp\tmp627E.exe
C:\Users\Eric\AppData\Local\Temp\tmp9C9F.exe
C:\Users\Eric\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Eric\AppData\Local\Temp\xmlUpdater.exe
MSCONFIG\Services: Updater By SweetPacks => 2
MSCONFIG\startupreg: BitTorrent => "C:\Users\Eric\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\zk6ohs48.default\searchplugins\conduit-search.xml
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Updater By SweetPacks"
Reg: Reg.exe delete "HKEY_CURRENT_USER\Software\Trolltech"
Reg: Reg.exe delete "HKEY_USERS\S-1-5-21-3290706055-244381115-3958062109-1000\Software\Trolltech"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"
Reg: Reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}"

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt
  • ESET.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Possible infection, programs running oddly

Unread postby Gary R » May 6th, 2014, 7:31 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware