Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Interpol\Police Virus plus some error messages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 18th, 2014, 11:50 am

Greetings! I was recently infected by a virus that blocks my screen into this: http://tinypic.com/r/121sqw3/8
Also, I noticed it disabled my Security Center: http://tinypic.com/r/29bzup2/8 and prevents from enabling: http://tinypic.com/r/2d7avdh/8

It also disabled and erased all the system restore points.

I was able to remove it (partially) and created a new restore point but I started to get error messages on startup: Runn dll window saying "Windows cannot find the file C:\ProgramData\XXXXX.cpp" The file was simillar to this one, that now appeared and started the virus again: http://tinypic.com/r/ofbyhy/8

Sounds like a virus or malware that got removed but the virus put these shortcuts to itself to load itself up after a reboot.

Some paths and files that I deleted that seemed the source of the infection prior to the return of the virus: C:\ProgramData\Microsoft\Secure\Icons\iconscachehelper.dll
C:\ProgramData\Microsoft\Secure\Icons\temp\*.*

I hope that I provided enough info, Thank you :)

Logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17420 BrowserJavaVersion: 10.55.2
Run by Daniel at 15:45:22 on 2014-11-18
.
============== Running Processes ================
.
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [F.lux] "H:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Edcntion] regsvr32.exe H:\Users\Daniel\AppData\Local\Edcntion\LanServices.dll
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [AvastUI.exe] "C:\Security\Avast!\AvastUI.exe" /nogui
dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2AC7FCF4-EF02-4679-8C9E-78A84D3E7831} : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{69B3614F-2670-42A5-8C5B-70E5478D89B4} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\Windows\SysWOW64\appinit_dll.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Security\Avast!\aswWebRepIE64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2012/12/29 14:02:16]
R? ALSysIO;ALSysIO
R? androidusb;SAMSUNG Android Composite ADB Interface Driver
R? AsrAppCharger;AsrAppCharger
R? aswHwid;avast! HardwareID
R? aswMonFlt;aswMonFlt
R? aswRvrt;avast! Revert
R? aswSnx;aswSnx
R? aswSP;aswSP
R? aswStm;aswStm
R? aswVmm;avast! VM Monitor
R? athur;Wireless Network Adapter Service
R? avast! Antivirus;avast! Antivirus
R? AvastVBoxSvc;AvastVBox COM Service
R? BEService;BattlEye Service
R? c2cautoupdatesvc;Skype Click to Call Updater
R? c2cpnrsvc;Skype Click to Call PNR Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? CoordinatorServiceHost;SW Distributed TS Coordinator Service
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? CT20XUT.SYS;CT20XUT.SYS
R? CT20XUT;CT20XUT
R? CTEXFIFX.SYS;CTEXFIFX.SYS
R? CTEXFIFX;CTEXFIFX
R? CTHWIUT.SYS;CTHWIUT.SYS
R? CTHWIUT;CTHWIUT
R? EagleX64;EagleX64
R? EaseUS Agent;EaseUS Agent Service
R? EasyAntiCheat;EasyAntiCheat
R? epmntdrv;epmntdrv
R? EUDSKACS;EUDSKACS
R? EUFDDISK;EUFDDISK
R? EuGdiDrv;EuGdiDrv
R? EvoSvc;Evolve Service
R? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
R? FNETTBOH_305;FNETTBOH_305
R? GfExperienceService;NVIDIA GeForce Experience Service
R? Guard Agent;Guard Agent Service
R? HiPatchService;Hi-Rez Studios Authenticate and Update Service
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface
R? Intel(R) ME Service;Intel(R) ME Service
R? ISCTAgent;ISCT Always Updated Agent
R? jhi_service;Intel(R) Dynamic Application Loader Host Interface Service
R? LucidSvc;LucidSvc
R? MBfilt;MBfilt
R? NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8
R? nlsX86cc;Nalpeiron Licensing Service
R? NvNetworkService;NVIDIA Network Service
R? NvStreamKms;NvStreamKms
R? NvStreamSvc;NVIDIA Streamer Service
R? nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
R? Origin Client Service;Origin Client Service
R? ose64;Office 64 Source Engine
R? pwdrvio;pwdrvio
R? pwdspio;pwdspio
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? RivaTuner64;RivaTuner64
R? SkypeUpdate;Skype Updater
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? ssadmdfl;SAMSUNG Android USB Modem (Filter)
R? ssadmdm;SAMSUNG Android USB Modem Drivers
R? ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM)
R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? UNS;Intel(R) Management and Security Application User Notification Service
R? V0420VID;Live! Cam Vista IM (VF0420)
R? VBoxAswDrv;VBoxAsw Support Driver
R? VirtuWDDM;VirtuWDDM
R? WatAdminSvc;Windows Activation Technologies Service
R? WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001)
S? asahci64;asahci64
S? asmthub3;ASMedia USB3 Hub Service
S? asmtxhci;ASMEDIA XHCI Service
S? AsrRamDisk;AsrRamDisk
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? EUBAKUP;EUBAKUP
S? EUBKMON;EUBKMON
S? EvolveVirtualAdapter;Evolve Virtual Miniport Driver
S? FNETURPX;FNETURPX
S? ikbevent;Intel Upper keyboard Class Filter Driver
S? imsevent;Intel Upper Mouse Class Filter Driver
S? ISCT;Intel(R) Smart Connect Technology Device Driver
S? iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver
S? iusb3hub;Intel(R) USB 3.0 Hub Driver
S? iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver
S? k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0
S? PxHlpa64;PxHlpa64
.
=============== Created Last 30 ================
.
2014-11-18 15:05:07 181248 ----a-w- C:\ProgramData\EF3DFE0A.cpp
2014-11-16 18:52:14 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80FF2A14-DEBF-47A2-A62A-2EB627CBD691}\offreg.dll
2014-11-16 18:25:44 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-14 16:05:16 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2014-11-14 16:05:16 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2014-11-14 16:05:16 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2014-11-14 16:05:16 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2014-11-14 16:05:16 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2014-11-14 16:05:15 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2014-11-14 16:05:15 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2014-11-14 14:47:47 -------- d-----w- C:\Windows\SysWow64\vbox
2014-11-14 14:47:47 -------- d-----w- C:\Windows\System32\vbox
2014-11-14 14:44:41 43152 ----a-w- C:\Windows\avastSS.scr
2014-11-14 13:55:16 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80FF2A14-DEBF-47A2-A62A-2EB627CBD691}\mpengine.dll
2014-11-14 00:18:27 -------- d-sh--w- H:\Users\Daniel\AppData\Local\EmieBrowserModeList
2014-11-13 15:57:07 -------- d-----w- H:\Users\Daniel\AppData\Local\Edcntion
2014-11-13 15:57:05 -------- d-----w- H:\Users\Daniel\AppData\Local\Uclpmedia
2014-11-13 15:46:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-08 20:14:19 -------- d-----w- H:\Users\Daniel\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2014-10-23 00:06:54 -------- d-----w- H:\Users\Daniel\AppData\Local\David_Rudie
2014-10-22 23:57:25 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-10-22 15:19:13 -------- d-----w- H:\Users\Daniel\AppData\Local\CSO
2014-10-22 15:19:13 -------- d-----w- C:\ProgramData\Nexon
2014-10-22 15:18:59 -------- d-----w- C:\ProgramData\Package Cache
2014-10-22 14:05:36 5680856 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 14:05:36 5382328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-22 14:05:36 26366648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-10-22 14:01:38 3643576 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2014-10-22 14:01:20 7764184 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2014-10-22 14:01:20 7538872 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2014-10-22 14:01:20 654512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-10-22 14:01:20 36816576 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
.
==================== Find3M ====================
.
2014-11-18 15:22:41 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2014-11-17 23:18:24 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-14 14:44:41 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-11-14 14:44:41 83280 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-11-14 14:44:41 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-11-14 14:44:41 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-11-14 14:44:41 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-11-14 14:44:41 116728 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-11-14 14:44:40 1050432 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-11-14 00:34:40 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 00:34:40 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 04:04:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-06 04:03:50 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-06 03:47:03 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-06 03:46:12 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-06 03:46:12 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-06 03:44:28 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-06 03:30:22 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-11-06 03:30:08 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-06 03:29:18 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-06 03:28:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-06 03:23:57 6040064 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-06 03:13:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-06 03:13:36 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-06 03:12:44 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-06 03:10:58 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-06 03:07:29 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-06 02:59:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-11-06 02:58:38 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-06 02:42:36 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-06 02:39:39 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-06 02:38:25 2124288 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-06 02:21:49 4298240 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-06 02:21:25 2051072 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-06 02:20:37 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-06 02:17:24 2365440 ----a-w- C:\Windows\System32\wininet.dll
2014-11-06 01:52:35 1892864 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-05 17:56:54 304640 ----a-w- C:\Windows\System32\generaltel.dll
2014-11-05 17:56:36 228864 ----a-w- C:\Windows\System32\aepdu.dll
2014-11-05 17:52:22 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-28 06:34:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
2014-10-11 02:37:39 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-11 02:37:35 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2014-10-11 02:37:35 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
2014-10-01 11:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 11:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 11:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-26 15:40:13 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-19 09:42:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-09-19 09:42:51 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-09-19 09:42:49 342016 ----a-w- C:\Windows\System32\schannel.dll
2014-09-19 09:42:47 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-09-19 09:42:47 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2014-09-19 09:42:44 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-19 09:42:41 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-09-19 09:23:55 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-09-19 09:23:52 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-09-19 09:23:46 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-09-19 09:23:42 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-19 09:23:36 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-17 02:13:36 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-09-17 02:13:36 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-09-17 02:12:40 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-09-17 02:12:39 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-09-13 21:53:36 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-09-13 21:53:36 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-09-13 21:53:34 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-09-13 21:53:34 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-09-13 21:53:34 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 00:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 15:46:39,44 ===============

.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
7 Days To Die version 9.1
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Reader 9
Afterfall InSanity Extended Edition
Age of Empires II HD (c) Microsoft Studios version 1
Age of Mythology
Age of Mythology - The Titans Expansion
Alien Swarm
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.181
ASRock XFast RAM v2.0.9
Audacity 2.0.3
Avast Free Antivirus
Battle.net
BFME2 Widescreen Enhanced 1.0
bl
BleachBit
BOINC
Bonjour
Broadcom NetLink Controller
Camtasia Studio 8
CCleaner
Corel PaintShop Pro X5
Counter-Strike Nexon: Zombies
CPUID CPU-Z 1.67.1
Crash Time II
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00)
Cry of Fear
Crysis 2 Maximum Edition
Crysis(R)
CrystalDiskInfo 5.2.0
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
DAEMON Tools Lite
Dead Space
Definition Update for Microsoft Office 2013 (KB2899506) 64-Bit Edition
Deus Ex: Human Revolution - Director's Cut
Don't Starve
Dropbox
EaseUS Todo Backup Free 6.5
Evolve
F.E.A.R. 3
f.lux
Fallout 3
Ferramentas de Verificação do Microsoft Office 2013 - Português
FormatFactory 3.0.1
Fraps (remove only)
FTL version 1.5.10
GameSpy Comrade
Google Chrome
Google Earth Plug-in
Google Update Helper
GTA San Andreas
GTA2
Guitar Hero III
Hazard Ops
Hearthstone
Hi-Rez Studios Authenticate and Update Service
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
ICA
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Smart Connect Technology 2.0 x64
Intel® Trusted Connect Service Client
IPM_PSP_COM
Java 7 Update 55
Java Auto Updater
Launcher omfg.gg
League of Legends
Left 4 Dead 2
LG Tool Kit
LightScribe System Software
LOLReplay
Magic Workstation 0.94f
Magic Workstation 0.97 Update
Magicka: Wizard Wars
Malwarebytes Anti-Malware version 2.0.3.1025
MediaCoder x64 0.8.20.5380
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft ASP.NET MVC 4 Runtime
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Groove MUI (English) 2013
Microsoft Halo
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 2003 Web Components
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visual Basic for Applications 7.1 (x64)
Microsoft Visual Basic for Applications 7.1 (x64) English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Middle-earth. Shadow of Mordor
MPC-HC 1.6.8 (64-bit)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MTG GamePack for Magic Workstation
Mumble 1.2.5
Need for Speed(TM) Hot Pursuit
Need for Speed™ Carbon
Network64
Nitro Pro 8
NVIDIA 3D Vision Controller Driver 344.11
NVIDIA 3D Vision Driver 344.11
NVIDIA Control Panel 344.11
NVIDIA GeForce Experience 2.1.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.11
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.42
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.42
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
Open Broadcaster Software
OpenAL
OpenTTD 1.4.1
Origin
Outils de vérification linguistique 2013 de Microsoft Office - Français
PAYDAY: The Heist
ph
Pid
Populous
PS_AIO_07_B110_SW_Min
PSPPContent
PSPPHelp
PSPPro64
PunkBuster Services
QuickTime
RaidCall
Raptr
Realtek High Definition Audio Driver
Receiver
Recuva
Revo Uninstaller 1.95
Rise of Nations
RivaTuner Statistics Server 5.2.0
Robocraft
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Setup
SHIELD Streaming
SHIELD Wireless Controller Driver
SketchUp 2014
Skype Click to Call
Skype™ 6.21
Smite
Sniper Elite: Nazi Zombie Army
Soldier of Fortune II - Double Helix GOLD
SolidWorks 2013 x64 Edition SP03
SolidWorks eDrawings 2013 x64 Edition SP03
SolidWorks Explorer 2013 SP03 x64 Edition
SolidWorks Plastics 2013 SP03 x64 Edition
Source SDK Base 2007
SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
TechPowerUp GPU-Z
Teleglitch: Die More Edition
TERA
TeraCopy 2.27
The Battle for Middle-earth (tm) II
Toolbox
Torchlight II (c) Runic Games version 1
TP-LINK Wireless Client Utility
Trine 2
Unity Web Player
Unturned
Update for Microsoft Access 2013 (KB2863859) 64-Bit Edition
Update for Microsoft Excel 2013 (KB2899509) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2899507) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881008) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889857) 64-Bit Edition
Update for Microsoft Office 2013 (KB2889940) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899493) 64-Bit Edition
Update for Microsoft Office 2013 (KB2899510) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2899513) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2899504) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2889936) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2899500) 64-Bit Edition
Viber
VIRTU MVP 2.0 3.0.108
VirtualCloneDrive
Volume Panel
VSO ConvertXToDVD
Weird Worlds: Return to Infinite Space
XFastUSB
Xiph.Org Ogg Codecs 0.83.17220 32-bit
XSplit
Xvid Video Codec
YouWave for Android
Zeus & Poseidon
Zoo Tycoon: Complete Collection
.
==== End Of File ===========================
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am
Advertisement
Register to Remove

Re: Interpol\Police Virus plus some error messages

Unread postby nunped » November 22nd, 2014, 8:15 am

Hello mebseven, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol\Police Virus plus some error messages

Unread postby nunped » November 22nd, 2014, 10:08 am

Hi Mebseven,

Please proceed with the following scans:
Step 1 - Scan with FRST
Please download FRST ... by Farbar, from the link below and save it to your Desktop.
For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Step 2 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  • Press the Report button to produce the scan report.
  • A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.

Step 3 - CKScanner
Please download CKScanner ... Save it to your desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  1. Right-click on the CKScanner.exe icon and select "Run as Administrator", then click the Search For Files button.
  2. When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  3. Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  4. Please copy/paste the contents of ckfiles.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 22nd, 2014, 10:56 am

Hello nunped, thank you for your assistance!

Step 1 - Scan with FRST:

The scan always stops at "Processing Files: Extra Check", the taskman says it is still running but the window does not respond to any commands. Anyway the logs were still created, the last one seems empty.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by Daniel (administrator) on FOXY on 22-11-2014 14:40:41
Running from H:\Users\Daniel\Desktop
Loaded Profile: Daniel (Available profiles: Daniel)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Security\Avast!\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Hi-Rez Studios) I:\Games\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(AVAST Software) C:\Security\Avast!\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() H:\Performance\CoreTemp64\Core Temp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Flux Software LLC) H:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(AVAST Software) C:\Security\Avast!\avastui.exe
(Dropbox, Inc.) H:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
(Avast Software) C:\Security\Avast!\ng\vbox\AvastVBoxSVC.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2012-12-27] (FNet Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Security\Avast!\AvastUI.exe [5226600 2014-11-21] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3726059491-1955422105-1958324113-1004\...\Run: [F.lux] => H:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
AppInit_DLLs: c:\Windows\System32\appinit_dll.dll => c:\Windows\System32\appinit_dll.dll [531688 2013-11-26] (Lucidlogix Inc.)
AppInit_DLLs-x32: c:\Windows\SysWOW64\appinit_dll.dll => c:\Windows\SysWOW64\appinit_dll.dll [482536 2013-11-26] (Lucidlogix Inc.)
Startup: H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> H:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Security\Avast!\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3726059491-1955422105-1958324113-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-3726059491-1955422105-1958324113-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3726059491-1955422105-1958324113-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x966589886931CE01
HKU\S-1-5-21-3726059491-1955422105-1958324113-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> {02AE141D-D7E9-44c5-B07D-B1D24119F032} URL = http://www.google.com/cse?cx=partner-pu ... 6579318&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> {2ADCD301-7362-42c5-9D07-91FCD5BF5736} URL = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Security\Avast!\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3726059491-1955422105-1958324113-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> H:\Users\Daniel\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-3726059491-1955422105-1958324113-1004: @unity3d.com/UnityPlayer,version=1.0 -> H:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Security\Avast!\WebRep\FF
FF Extension: Avast Online Security - C:\Security\Avast!\WebRep\FF [2014-08-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "www.google.com"
CHR Plugin: (Shockwave Flash) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - H:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Profile: H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (wareztuga.tv streamer) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj [2014-10-24]
CHR Extension: (HD for YouTube™) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-01-26]
CHR Extension: (YouTube) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Pesquisa do Google) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (AdBlock) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-19]
CHR Extension: (TweetDeck by Twitter) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-02-03]
CHR Extension: (Social Fixer for Facebook) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-01-26]
CHR Extension: (New Tab Reloaded) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn [2014-10-20]
CHR Extension: (AntiGameOrigin) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2014-03-28]
CHR Extension: (Google Wallet) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-12]
CHR Extension: (Late Night) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2014-10-20]
CHR Extension: (Gmail) - H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Security\Avast!\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Security\Avast!\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
U3 AvastVBoxSvc; C:\Security\Avast!\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-17] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [294912 2010-09-30] (Creative Technology Ltd) [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S4 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-06-19] (EasyAntiCheat Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-07-28] (Echobit LLC)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 Guard Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
U2 HiPatchService; i:\games\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed]
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 LucidSvc; C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe [20712 2013-11-26] (LucidLogix)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-03-25] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 Origin Client Service; I:\Origin\OriginClientService.exe [1900400 2014-11-16] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2014-10-11] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S4 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-03-17] (SolidWorks) [File not signed]
S2 Winmgmt; C:\PROGRA~3\A0EFD3FE.dot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-21] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () [File not signed]
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () [File not signed]
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2013-03-07] (Echobit, LLC)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-09-26] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-12-27] (FNet Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-18] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2013-12-18] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [107072 2007-05-31] (Creative Technology Ltd.)
R2 VBoxAswDrv; C:\Security\Avast!\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-11-22] ()
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
R3 ALSysIO; \??\H:\Users\Daniel\AppData\Local\Temp\ALSysIO64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 14:40 - 2014-11-22 14:40 - 00027433 _____ () H:\Users\Daniel\Desktop\FRST.txt
2014-11-22 14:38 - 2014-11-22 14:39 - 00000010 _____ () H:\Users\Daniel\Desktop\BD.txt
2014-11-22 14:28 - 2014-11-22 14:28 - 00000373 _____ () H:\Users\Daniel\Downloads\Addition.txt
2014-11-22 14:27 - 2014-11-22 14:40 - 00000000 ____D () C:\FRST
2014-11-22 14:27 - 2014-11-22 14:28 - 00050432 _____ () H:\Users\Daniel\Downloads\FRST.txt
2014-11-22 14:26 - 2014-11-22 14:27 - 02118144 _____ (Farbar) H:\Users\Daniel\Desktop\FRST64.exe
2014-11-22 13:58 - 2014-11-22 13:58 - 00000000 ____D () H:\Users\Daniel\Desktop\fotos hoquei
2014-11-22 13:50 - 2014-11-22 13:50 - 06822889 _____ () H:\Users\Daniel\Downloads\enviodefotos.zip
2014-11-19 03:11 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 03:11 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 03:11 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 03:11 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 23:31 - 2014-11-22 13:35 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-11-18 23:30 - 2014-11-18 23:30 - 00001556 _____ () C:\Windows\system32\.crusader
2014-11-18 22:37 - 2014-11-18 23:31 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-18 22:36 - 2014-11-18 22:37 - 11222744 _____ (SurfRight B.V.) H:\Users\Daniel\Downloads\HitmanPro_x64.exe
2014-11-18 15:47 - 2014-11-18 15:53 - 00010329 _____ () H:\Users\Daniel\Desktop\attach.txt
2014-11-18 15:47 - 2014-11-18 15:46 - 00019243 _____ () H:\Users\Daniel\Desktop\dds.txt
2014-11-18 15:17 - 2014-11-18 15:17 - 00688992 ____R (Swearware) H:\Users\Daniel\Desktop\dds.scr
2014-11-16 18:49 - 2014-11-18 23:30 - 00000000 ____D () H:\Users\Daniel\Downloads\backups
2014-11-16 18:48 - 2014-11-16 18:48 - 00013660 _____ () H:\Users\Daniel\Downloads\hijackthis.log
2014-11-16 18:47 - 2014-11-16 18:47 - 00388608 _____ (Trend Micro Inc.) H:\Users\Daniel\Downloads\HijackThis.exe
2014-11-16 18:43 - 2014-11-22 14:07 - 00960389 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 18:41 - 2014-11-22 13:35 - 00005752 _____ () C:\Windows\PFRO.log
2014-11-16 18:41 - 2014-11-22 13:35 - 00002016 _____ () C:\Windows\setupact.log
2014-11-16 18:41 - 2014-11-16 18:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-15 15:30 - 2014-11-15 15:30 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
2014-11-15 15:29 - 2014-11-15 15:29 - 06353936 _____ () H:\Users\Daniel\Downloads\BleachBit-1.4-setup.exe
2014-11-15 15:13 - 2014-11-15 15:20 - 00000000 ____D () C:\Windows\erdnt
2014-11-15 14:44 - 2014-11-15 14:44 - 02998656 _____ (Enigma Software Group USA, LLC.) H:\Users\Daniel\Downloads\sh-remover.exe
2014-11-14 14:48 - 2014-11-14 14:48 - 02140160 _____ () H:\Users\Daniel\Downloads\adwcleaner_4.101.exe
2014-11-14 14:47 - 2014-11-14 14:47 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-14 14:47 - 2014-11-14 14:47 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-14 14:44 - 2014-11-14 14:44 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-14 14:44 - 2014-11-14 14:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-14 00:18 - 2014-11-14 00:18 - 00000000 __SHD () H:\Users\Daniel\AppData\Local\EmieBrowserModeList
2014-11-13 15:57 - 2014-11-14 13:52 - 00000000 ____D () H:\Users\Daniel\AppData\Local\Uclpmedia
2014-11-13 15:47 - 2014-11-07 19:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 15:47 - 2014-11-07 19:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 15:47 - 2014-11-06 04:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 15:47 - 2014-11-06 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 15:47 - 2014-11-06 03:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 15:47 - 2014-11-06 03:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 15:47 - 2014-11-06 03:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 15:47 - 2014-11-06 03:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 15:47 - 2014-11-06 03:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 15:47 - 2014-11-06 03:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 15:47 - 2014-11-06 03:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 15:47 - 2014-11-06 03:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 15:47 - 2014-11-06 03:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 15:47 - 2014-11-06 02:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 15:47 - 2014-11-06 02:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 15:47 - 2014-11-06 02:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 15:47 - 2014-11-06 02:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 15:47 - 2014-11-06 02:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 15:47 - 2014-11-06 02:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 15:47 - 2014-11-06 02:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 15:47 - 2014-11-06 01:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 15:47 - 2014-11-06 01:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 15:47 - 2014-11-05 17:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 15:47 - 2014-11-05 17:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 15:47 - 2014-11-05 17:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 15:47 - 2014-10-14 02:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 15:47 - 2014-10-14 02:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 15:47 - 2014-10-14 02:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 15:47 - 2014-10-14 02:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 15:47 - 2014-10-14 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 15:47 - 2014-10-14 01:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 15:47 - 2014-10-14 01:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 15:47 - 2014-10-14 01:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 15:47 - 2014-10-14 01:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 15:46 - 2014-11-06 04:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 15:46 - 2014-11-06 04:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 15:46 - 2014-11-06 03:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 15:46 - 2014-11-06 03:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 15:46 - 2014-11-06 03:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 15:46 - 2014-11-06 03:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 15:46 - 2014-11-06 03:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 15:46 - 2014-11-06 03:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 15:46 - 2014-11-06 03:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 15:46 - 2014-11-06 03:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 15:46 - 2014-11-06 03:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 15:46 - 2014-11-06 03:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 15:46 - 2014-11-06 03:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 15:46 - 2014-11-06 03:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 15:46 - 2014-11-06 03:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 15:46 - 2014-11-06 03:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 15:46 - 2014-11-06 03:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 15:46 - 2014-11-06 03:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 15:46 - 2014-11-06 03:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 15:46 - 2014-11-06 02:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 15:46 - 2014-11-06 02:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 15:46 - 2014-11-06 02:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 15:46 - 2014-11-06 02:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 15:46 - 2014-11-06 02:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 15:46 - 2014-11-06 02:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 15:46 - 2014-11-06 02:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 15:46 - 2014-11-06 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 15:46 - 2014-11-06 02:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 15:46 - 2014-11-06 02:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 15:46 - 2014-11-06 02:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 15:46 - 2014-11-06 02:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 15:46 - 2014-11-06 02:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 15:46 - 2014-11-06 01:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 15:46 - 2014-11-06 01:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 15:46 - 2014-10-25 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 15:46 - 2014-10-25 01:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 15:46 - 2014-10-18 02:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 15:46 - 2014-10-18 01:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 15:46 - 2014-10-14 02:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 15:46 - 2014-10-14 01:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 15:46 - 2014-10-10 00:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 15:46 - 2014-10-03 02:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 15:46 - 2014-10-03 02:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 15:46 - 2014-10-03 02:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 15:46 - 2014-10-03 02:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 15:46 - 2014-10-03 02:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 15:46 - 2014-10-03 01:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 15:46 - 2014-10-03 01:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 15:46 - 2014-10-03 01:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 15:46 - 2014-09-19 09:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 15:46 - 2014-09-19 09:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 15:46 - 2014-08-21 06:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 15:46 - 2014-08-21 06:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 15:46 - 2014-08-21 06:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 15:46 - 2014-08-21 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 15:46 - 2014-08-12 02:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 15:46 - 2014-08-12 01:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 01:22 - 2014-11-11 01:22 - 46860733 _____ (Hi-Rez Studios) H:\Users\Daniel\Downloads\InstallHiRezGamesEnglish.exe
2014-11-10 23:18 - 2014-11-10 23:18 - 00033077 _____ () H:\Users\Daniel\Downloads\Guardians of the Galaxy 2014.torrent
2014-11-10 23:16 - 2014-11-10 23:16 - 00033973 _____ () H:\Users\Daniel\Downloads\guardians.of.the.galaxy.(2014).por.1cd.(5889234).zip
2014-11-10 23:15 - 2014-11-10 23:15 - 00125892 _____ () H:\Users\Daniel\Downloads\[kickass.to]guardians.of.the.galaxy.2014.dvdrip.xvid.ac3.evo.torrent
2014-11-09 22:21 - 2014-11-09 22:21 - 00042114 _____ () H:\Users\Daniel\Downloads\captain.america.the.winter.soldier.(2014).por.1cd.(5772203).zip
2014-11-09 22:09 - 2014-11-09 22:09 - 00260144 _____ () H:\Users\Daniel\Downloads\guardi-ees-da-gal-axia-guardians-of-the-galaxy-torrent--hdrip-dual--_udio-2014.exe
2014-11-09 22:08 - 2014-11-09 22:08 - 00020811 _____ () H:\Users\Daniel\Downloads\Captain.America.The.Winter.Soldier.2014.1080p.BrRip.x264.YIFY.1069894.seventorrents.com.torrent
2014-11-08 20:16 - 2014-11-08 20:16 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BFME2 Widescreen Enhanced 1.0
2014-11-08 20:14 - 2014-11-08 20:24 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2014-10-28 19:27 - 2014-10-28 19:27 - 00820339 _____ () H:\Users\Daniel\Downloads\sata.zip
2014-10-24 01:57 - 2014-10-24 01:57 - 00081891 _____ () H:\Users\Daniel\Downloads\wareztugatv-streamer (1).crx
2014-10-23 15:53 - 2014-10-23 15:53 - 00235086 _____ () H:\Users\Daniel\Downloads\enbseries_generic_v0076.zip
2014-10-23 15:48 - 2014-10-23 15:48 - 00036061 _____ () H:\Users\Daniel\Downloads\enbinjector_v0004.zip
2014-10-23 15:45 - 2014-10-23 15:45 - 00281567 _____ () H:\Users\Daniel\Downloads\SweetFX-Configurator_standalone_1.3.3.zip
2014-10-23 00:06 - 2014-10-23 00:06 - 01076695 _____ () H:\Users\Daniel\Downloads\WidescreenFixer-r716.7z
2014-10-23 00:06 - 2014-10-23 00:06 - 00000000 ____D () H:\Users\Daniel\AppData\Local\David_Rudie

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-22 14:27 - 2014-08-13 14:36 - 00004144 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-22 13:59 - 2011-12-06 00:46 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Dropbox
2014-11-22 13:45 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-22 13:45 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-22 13:35 - 2012-12-27 02:53 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-11-22 13:35 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-22 03:32 - 2011-10-18 17:48 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Mumble
2014-11-22 02:44 - 2014-08-13 14:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-22 01:38 - 2014-06-18 01:22 - 00000000 ____D () H:\Users\Daniel\AppData\Local\Battle.net
2014-11-21 17:17 - 2012-12-24 00:57 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Little Inferno
2014-11-20 05:44 - 2011-06-15 15:29 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Skype
2014-11-18 22:20 - 2014-08-12 14:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 23:30 - 2012-12-27 14:30 - 00000000 ____D () H:\Users\Daniel\AppData\Local\CrashDumps
2014-11-17 16:44 - 2010-11-15 15:42 - 00000000 ____D () H:\Users\Daniel\Documents\MEEC
2014-11-17 14:23 - 2009-07-14 05:13 - 00800072 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 20:03 - 2012-12-27 03:12 - 00000000 ____D () H:\Users\Daniel\AppData\Local\Apps\2.0
2014-11-16 14:01 - 2009-07-14 02:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-16 13:08 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Web
2014-11-15 15:27 - 2014-08-13 14:17 - 00000000 ____D () C:\Security
2014-11-15 14:29 - 2012-12-27 14:35 - 00000000 ____D () C:\Windows\pss
2014-11-15 13:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing
2014-11-15 13:04 - 2011-12-06 00:46 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 17:47 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 16:11 - 2011-08-17 17:43 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-14 16:05 - 2012-12-27 02:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-14 14:44 - 2014-08-13 14:36 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-14 14:44 - 2014-08-13 14:36 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-14 13:49 - 2013-01-31 02:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 00:34 - 2014-10-16 11:34 - 00000000 ____D () H:\Users\Daniel\AppData\Local\Adobe
2014-11-14 00:34 - 2013-01-31 02:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 00:34 - 2013-01-31 02:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 00:34 - 2013-01-31 02:28 - 00003770 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-14 00:13 - 2009-07-14 04:45 - 05082896 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 00:12 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 18:06 - 2009-07-14 02:34 - 00000478 _____ () C:\Windows\win.ini
2014-11-13 18:05 - 2013-08-05 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 18:02 - 2012-12-27 14:20 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 15:47 - 2014-10-01 19:27 - 00000000 ____D () H:\Users\Daniel\Desktop\desk
2014-11-11 12:44 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-11 12:40 - 2014-08-12 14:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-04 14:30 - 2012-12-27 03:03 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 13:48 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-30 14:29 - 2011-06-24 12:38 - 00000000 ____D () H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-23 19:01 - 2014-10-22 15:19 - 00000000 ____D () H:\Users\Daniel\AppData\Local\CSO

Some content of TEMP:
====================
H:\Users\Daniel\AppData\Local\Temp\7Cgm.dll
H:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_fmpkp.dll
H:\Users\Daniel\AppData\Local\Temp\EBU60E5.EXE
H:\Users\Daniel\AppData\Local\Temp\EBU6A57.DLL
H:\Users\Daniel\AppData\Local\Temp\EBUE714.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014
Ran by Daniel at 2014-11-22 14:40:55
Running from H:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


Step 2 - AdwCleaner - Scan Only:

# AdwCleaner v4.101 - Report created 22/11/2014 at 14:50:18
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Daniel - FOXY
# Running from : H:\Users\Daniel\Desktop\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Google Chrome v38.0.2125.104

[H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://eu.wowarmory.com/search.xml?searchQuery={searchTerms}&searchType=all
[H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
[H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.toolksearchbook.info/?l=1&q={searchTerms}&pid=2112&r=2014/01/19&hid=15631662585304624690&lg=EN&cc=PT&unqvl=46

-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [4895 octets] - [12/08/2014 17:19:56]
AdwCleaner[R1].txt - [4378 octets] - [13/08/2014 14:01:28]
AdwCleaner[R2].txt - [2352 octets] - [14/11/2014 14:49:39]
AdwCleaner[R3].txt - [1726 octets] - [15/11/2014 13:36:30]
AdwCleaner[R4].txt - [1846 octets] - [16/11/2014 18:19:00]
AdwCleaner[R5].txt - [1486 octets] - [22/11/2014 14:50:18]
AdwCleaner[S0].txt - [4337 octets] - [13/08/2014 14:03:43]
AdwCleaner[S1].txt - [2439 octets] - [14/11/2014 14:52:48]
AdwCleaner[S2].txt - [2353 octets] - [15/11/2014 13:37:42]
AdwCleaner[S3].txt - [2473 octets] - [16/11/2014 18:23:22]

########## EOF - H:\AdwCleaner\AdwCleaner[R5].txt - [1786 octets] ##########

Step 3 - CKScanner

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.MJCPK0
----- EOF -----
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby nunped » November 22nd, 2014, 1:53 pm

Hi Mebseven,

You are welcome!

Can you please post the log from the first time CKScanner was ran?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 22nd, 2014, 3:00 pm

That is the only ckfiles.txt I have in my Desktop. The Interpol image poped one time and I'm not sure if the scan was complete, also the Windows Security Center Service is disabled still, and I can't start it.
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby nunped » November 23rd, 2014, 11:25 am

Hi Mebseven,

Can you please tell me how many times did you run CKScanner?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 23rd, 2014, 9:53 pm

As I said, the first time I wasn't able to complete it. Then I did it a second time, that's the only log I have, sorry.
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby nunped » November 24th, 2014, 2:19 pm

Hi Mebseven,

No worries!
I still need a couple more scans before continuing:
Step 1 - OTL
Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Step 2 - MGA Diagnostics .
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Double click on MGADiag.exe to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 24th, 2014, 4:31 pm

Step 1 - OTL

OTL logfile created on: 24-11-2014 19:42:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Users\Daniel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

5,89 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 28,43% Memory free
11,77 Gb Paging File | 6,83 Gb Available in Paging File | 58,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 25,71 Gb Free Space | 23,02% Space Free | Partition Type: NTFS
Drive H: | 465,66 Gb Total Space | 7,11 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 16,39 Gb Free Space | 3,52% Space Free | Partition Type: NTFS

Computer Name: FOXY | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014-11-24 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Users\Daniel\Desktop\OTL.exe
PRC - [2014-11-21 16:42:59 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Security\Avast!\avastui.exe
PRC - [2014-11-14 14:44:40 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Security\Avast!\AvastSvc.exe
PRC - [2014-11-13 06:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- H:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-10-10 02:04:06 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-09-17 02:15:08 | 002,460,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014-09-17 02:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014-09-13 20:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014-05-23 10:16:36 | 000,504,832 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2013-12-02 11:48:44 | 000,036,936 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2013-10-15 23:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- H:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013-09-04 11:46:52 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013-03-25 19:08:38 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2012-12-27 02:54:58 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012-02-07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-02-07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-02-07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-02-07 17:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2010-09-30 14:22:04 | 000,294,912 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2014-11-24 14:12:25 | 000,043,008 | ---- | M] () -- h:\Users\Daniel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbwfvmz.dll
MOD - [2014-11-14 14:44:41 | 038,562,088 | ---- | M] () -- C:\Security\Avast!\libcef.dll
MOD - [2014-11-14 00:34:40 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014-11-13 06:49:58 | 003,610,624 | ---- | M] () -- H:\Users\Daniel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014-10-15 14:25:46 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014-10-15 14:25:43 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014-10-15 13:58:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7b22741531a2850c807656d0298a96bd\PresentationFramework.Aero.ni.dll
MOD - [2014-10-15 13:58:07 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1f539baa94516139240877cb6afd72c2\PresentationFramework.ni.dll
MOD - [2014-10-15 13:58:00 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014-10-15 13:57:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014-10-15 13:57:55 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014-10-15 13:57:53 | 012,236,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d4f835b8078dacc8d5da623e2c3f0ee\PresentationCore.ni.dll
MOD - [2014-10-15 13:57:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014-10-15 13:57:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014-10-15 13:57:46 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014-10-10 02:04:02 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
MOD - [2014-10-10 02:03:56 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
MOD - [2014-10-10 02:03:54 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
MOD - [2014-10-10 02:03:53 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
MOD - [2014-09-10 02:25:36 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014-05-23 10:16:24 | 000,379,904 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2013-08-23 19:01:44 | 025,100,288 | ---- | M] () -- H:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014-11-06 03:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014-09-17 02:14:56 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2014-09-17 02:14:52 | 019,439,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014-07-28 13:59:59 | 001,579,936 | ---- | M] (Echobit LLC) [On_Demand | Stopped] -- C:\Program Files\Echobit\Evolve\EvoSvc.exe -- (EvoSvc)
SRV:64bit: - [2014-03-17 02:45:19 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013-11-26 12:53:00 | 000,020,712 | ---- | M] (LucidLogix) [Auto | Running] -- C:\Program Files\Lucidlogix Technologies\VIRTU MVP 2.0\LucidSvc.exe -- (LucidSvc)
SRV:64bit: - [2013-05-27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013-03-28 21:42:30 | 000,077,352 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2013-03-25 19:08:30 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2012-02-09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2012-02-02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009-07-14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014-11-16 20:03:36 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- I:\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014-11-14 14:44:40 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Security\Avast!\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014-11-14 14:44:39 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Security\Avast!\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2014-11-14 00:34:40 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-10-11 02:37:35 | 000,066,872 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014-09-17 02:14:57 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014-09-13 20:12:58 | 000,411,968 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014-08-22 09:04:08 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- i:\Games\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2014-07-14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014-07-14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014-06-19 17:51:39 | 000,107,552 | ---- | M] (EasyAntiCheat Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014-04-03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-03-20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014-03-17 02:44:02 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014-03-17 02:44:02 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013-12-02 11:48:44 | 000,036,936 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2013-09-11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013-09-04 11:46:52 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013-06-17 15:21:54 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013-03-25 19:08:38 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012-12-28 14:59:02 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012-12-14 01:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-02-07 17:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-02-07 17:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-02-07 17:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-02-07 17:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2011-11-29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-09-30 14:22:04 | 000,294,912 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010-03-10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009-11-18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014-11-24 14:02:22 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2014-11-22 02:44:44 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014-11-18 23:31:28 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014-11-14 14:44:41 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014-11-14 14:44:41 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014-11-14 14:44:41 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014-11-14 14:44:41 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014-11-14 14:44:41 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014-11-14 14:44:41 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014-11-14 14:44:41 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014-09-26 15:40:13 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2014-09-17 04:51:20 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2014-09-17 02:14:52 | 000,019,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2014-09-04 19:14:38 | 000,038,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013-11-26 12:53:04 | 000,094,440 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2013-11-06 15:59:39 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2013-10-02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013-09-30 16:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013-09-30 16:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2013-09-04 11:24:10 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV:64bit: - [2013-09-04 11:24:10 | 000,061,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\eubakup.sys -- (EUBAKUP)
DRV:64bit: - [2013-09-04 11:24:10 | 000,048,200 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EUBKMON.sys -- (EUBKMON)
DRV:64bit: - [2013-09-04 11:24:10 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eudskacs.sys -- (EUDSKACS)
DRV:64bit: - [2013-03-21 05:19:03 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013-03-07 18:55:28 | 000,021,656 | ---- | M] (Echobit, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evolve.sys -- (EvolveVirtualAdapter)
DRV:64bit: - [2013-01-18 23:52:08 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012-12-27 02:54:58 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012-12-21 13:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 13:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-14 01:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-08-23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-07-17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-03-01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012-02-09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012-01-26 17:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-01-26 17:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-01-26 17:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012-01-13 12:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011-11-29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-11-03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011-09-21 17:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011-08-22 19:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011-08-22 19:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011-08-22 19:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011-08-22 19:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011-08-22 19:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011-08-22 19:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011-08-22 19:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011-08-22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011-08-22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011-08-22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011-08-22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011-08-22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011-08-22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011-05-10 16:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011-05-09 20:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011-03-11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-03-04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-01-15 16:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010-12-16 22:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010-11-20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010-11-11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010-11-11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010-01-05 19:23:18 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009-07-14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009-07-14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007-09-25 14:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV:64bit: - [2007-05-31 09:33:32 | 000,107,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0420Vid.sys -- (V0420VID)
DRV - [2014-11-14 14:44:39 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Security\Avast!\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2013-12-18 23:18:48 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2012-12-21 13:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 13:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011-11-20 01:29:52 | 000,202,592 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files (x86)\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009-08-28 18:36:26 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/12/29 14:02:16] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009-07-14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 65 89 88 69 31 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKCU\..\SearchScopes\{02AE141D-D7E9-44c5-B07D-B1D24119F032}: "URL" = http://www.google.com/cse?cx=partner-pu ... 6579318&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKCU\..\SearchScopes\{2ADCD301-7362-42c5-9D07-91FCD5BF5736}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: H:\Users\Daniel\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: H:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Security\Avast!\WebRep\FF [2014-11-14 14:44:42 | 000,000,000 | ---D | M]

[2012-04-04 23:41:28 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2013-10-17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\12.0.0.70\pepflashplayer.dll
CHR - plugin: Widevine Content Decryption Module (Enabled) = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U55 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Unity Player (Enabled) = H:\Users\Daniel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajnommifabkikkfaponcacapkfaghkcj\4.7_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf\1.10_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.9.427_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\11.2_1\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliilhbdldnjbdbpajaakhpjpahnopbn\0.1.1_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm\5.9.13_2\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\
CHR - Extension: No name found = H:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014-11-16 14:01:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Security\Avast!\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Security\Avast!\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [F.lux] H:\Users\Daniel\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - Startup: H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = H:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC7FCF4-EF02-4679-8C9E-78A84D3E7831}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B3614F-2670-42A5-8C5B-70E5478D89B4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (c:\Windows\SysWOW64\appinit_dll.dll) - c:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014-11-24 19:41:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- H:\Users\Daniel\Desktop\OTL.exe
[2014-11-22 16:16:07 | 000,000,000 | ---D | C] -- H:\Users\Daniel\Desktop\BD
[2014-11-22 16:05:59 | 000,000,000 | R--D | C] -- H:\Users\Daniel\Desktop\100CANON
[2014-11-22 14:27:14 | 000,000,000 | ---D | C] -- C:\FRST
[2014-11-22 14:26:57 | 002,118,144 | ---- | C] (Farbar) -- H:\Users\Daniel\Desktop\FRST64.exe
[2014-11-22 13:58:20 | 000,000,000 | ---D | C] -- H:\Users\Daniel\Desktop\fotos hoquei
[2014-11-18 22:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014-11-18 15:17:16 | 000,688,992 | R--- | C] (Swearware) -- H:\Users\Daniel\Desktop\dds.scr
[2014-11-16 18:25:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014-11-16 14:02:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014-11-15 15:30:57 | 000,000,000 | ---D | C] -- H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit
[2014-11-15 15:13:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014-11-14 14:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014-11-14 14:47:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014-11-14 14:44:42 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014-11-14 14:44:41 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-11-14 00:18:27 | 000,000,000 | -HSD | C] -- H:\Users\Daniel\AppData\Local\EmieBrowserModeList
[2014-11-13 15:57:05 | 000,000,000 | ---D | C] -- H:\Users\Daniel\AppData\Local\Uclpmedia
[2014-11-11 01:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2014-11-08 20:16:44 | 000,000,000 | ---D | C] -- H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BFME2 Widescreen Enhanced 1.0
[2014-11-08 20:14:19 | 000,000,000 | ---D | C] -- H:\Users\Daniel\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2014-01-04 18:59:45 | 000,082,816 | ---- | C] (VSO Software) -- H:\Users\Daniel\AppData\Roaming\pcouffin.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 H:\Users\Daniel\*.tmp files -> H:\Users\Daniel\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014-11-24 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- H:\Users\Daniel\Desktop\OTL.exe
[2014-11-24 14:11:28 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-11-24 14:11:28 | 000,028,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-11-24 14:02:22 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014-11-24 14:02:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-11-24 14:02:17 | 445,005,823 | -HS- | M] () -- C:\hiberfil.sys
[2014-11-22 16:19:44 | 000,000,779 | ---- | M] () -- H:\Users\Daniel\Desktop\DC Universe Online.lnk
[2014-11-22 14:53:32 | 000,468,480 | ---- | M] () -- H:\Users\Daniel\Desktop\CKScanner.exe
[2014-11-22 14:48:23 | 002,140,160 | ---- | M] () -- H:\Users\Daniel\Desktop\AdwCleaner (1).exe
[2014-11-22 14:27:00 | 002,118,144 | ---- | M] (Farbar) -- H:\Users\Daniel\Desktop\FRST64.exe
[2014-11-22 02:44:44 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014-11-18 23:31:28 | 000,043,664 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014-11-18 23:30:30 | 000,001,556 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014-11-18 22:20:30 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014-11-18 22:08:58 | 000,039,949 | ---- | M] () -- H:\Users\Daniel\Desktop\Capture3.PNG
[2014-11-18 15:31:45 | 000,075,810 | ---- | M] () -- H:\Users\Daniel\Desktop\Capture2.PNG
[2014-11-18 15:26:00 | 000,025,296 | ---- | M] () -- H:\Users\Daniel\Desktop\Capture1.PNG
[2014-11-18 15:25:43 | 000,005,868 | ---- | M] () -- H:\Users\Daniel\Desktop\Capture.PNG
[2014-11-18 15:20:52 | 000,095,243 | ---- | M] () -- H:\Users\Daniel\Desktop\policia-judiciaria-de-portugal-virus.jpg
[2014-11-18 15:17:19 | 000,688,992 | R--- | M] (Swearware) -- H:\Users\Daniel\Desktop\dds.scr
[2014-11-17 14:23:52 | 000,800,072 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-11-17 14:23:52 | 000,666,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-11-17 14:23:52 | 000,127,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-11-16 14:01:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014-11-15 13:04:52 | 000,001,055 | ---- | M] () -- H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014-11-14 14:44:41 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014-11-14 14:44:41 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014-11-14 14:44:41 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014-11-14 14:44:41 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014-11-14 14:44:41 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014-11-14 14:44:41 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014-11-14 14:44:41 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014-11-14 14:44:41 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014-11-14 14:44:41 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014-11-14 13:49:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-11-14 00:13:20 | 005,082,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 H:\Users\Daniel\*.tmp files -> H:\Users\Daniel\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014-11-22 16:19:44 | 000,000,779 | ---- | C] () -- H:\Users\Daniel\Desktop\DC Universe Online.lnk
[2014-11-22 16:19:44 | 000,000,779 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online.lnk
[2014-11-22 14:53:31 | 000,468,480 | ---- | C] () -- H:\Users\Daniel\Desktop\CKScanner.exe
[2014-11-22 14:48:20 | 002,140,160 | ---- | C] () -- H:\Users\Daniel\Desktop\AdwCleaner (1).exe
[2014-11-18 23:30:30 | 000,001,556 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014-11-18 22:37:43 | 000,043,664 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014-11-18 22:08:58 | 000,039,949 | ---- | C] () -- H:\Users\Daniel\Desktop\Capture3.PNG
[2014-11-18 15:31:45 | 000,075,810 | ---- | C] () -- H:\Users\Daniel\Desktop\Capture2.PNG
[2014-11-18 15:26:00 | 000,025,296 | ---- | C] () -- H:\Users\Daniel\Desktop\Capture1.PNG
[2014-11-18 15:25:43 | 000,005,868 | ---- | C] () -- H:\Users\Daniel\Desktop\Capture.PNG
[2014-11-18 15:20:51 | 000,095,243 | ---- | C] () -- H:\Users\Daniel\Desktop\policia-judiciaria-de-portugal-virus.jpg
[2014-10-11 11:32:40 | 000,000,094 | ---- | C] () -- H:\Users\Daniel\AppData\Local\fusioncache.dat
[2014-10-11 02:37:35 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014-10-11 02:37:35 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014-10-11 02:37:35 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014-04-15 03:19:43 | 000,000,296 | ---- | C] () -- C:\Windows\SIERRA.INI
[2014-03-17 03:47:41 | 000,000,000 | ---- | C] () -- H:\Users\Daniel\AppData\Local\Temptable.xml
[2014-03-17 02:51:34 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2014-03-16 22:22:57 | 000,000,493 | ---- | C] () -- H:\Users\Daniel\AppData\Local\Perfmon.PerfmonCfg
[2014-01-04 18:59:45 | 000,007,859 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\pcouffin.cat
[2014-01-04 18:59:45 | 000,001,167 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\pcouffin.inf
[2013-12-21 16:31:29 | 000,198,628 | ---- | C] () -- C:\Windows\SysWow64\Balance.ini
[2013-12-21 16:31:29 | 000,034,072 | ---- | C] () -- C:\Windows\SysWow64\Optimize.ini
[2013-12-21 16:31:29 | 000,033,887 | ---- | C] () -- C:\Windows\SysWow64\Filter.ini
[2013-12-21 16:31:29 | 000,031,294 | ---- | C] () -- C:\Windows\SysWow64\tweaks.ini
[2013-12-21 16:31:29 | 000,028,757 | ---- | C] () -- C:\Windows\SysWow64\speaker.ini
[2013-12-21 16:31:29 | 000,024,125 | ---- | C] () -- C:\Windows\SysWow64\ProLogic.ini
[2013-12-21 16:31:29 | 000,022,539 | ---- | C] () -- C:\Windows\SysWow64\EntertainmentMode.ini
[2013-12-21 16:31:29 | 000,022,539 | ---- | C] () -- C:\Windows\SysWow64\AudioCreationMode.ini
[2013-12-21 16:31:29 | 000,022,521 | ---- | C] () -- C:\Windows\SysWow64\GameMode.ini
[2013-12-21 16:31:29 | 000,019,430 | ---- | C] () -- C:\Windows\SysWow64\mids.ini
[2013-12-21 16:31:29 | 000,013,314 | ---- | C] () -- C:\Windows\SysWow64\subwoofer.ini
[2013-12-21 16:31:29 | 000,011,807 | ---- | C] () -- C:\Windows\SysWow64\treble.ini
[2013-12-21 16:31:29 | 000,011,538 | ---- | C] () -- C:\Windows\SysWow64\bass.ini
[2013-12-21 16:31:29 | 000,003,810 | ---- | C] () -- C:\Windows\SysWow64\eq.ini
[2013-12-21 16:31:29 | 000,001,233 | ---- | C] () -- C:\Windows\SysWow64\7.1surroundsound.ini
[2013-12-21 16:31:29 | 000,001,233 | ---- | C] () -- C:\Windows\SysWow64\5.1surroundsound.ini
[2013-12-21 16:31:29 | 000,001,233 | ---- | C] () -- C:\Windows\SysWow64\4.1surroundsound.ini
[2013-12-21 16:31:29 | 000,001,233 | ---- | C] () -- C:\Windows\SysWow64\2.1surroundsound.ini
[2013-12-21 16:31:29 | 000,001,045 | ---- | C] () -- C:\Windows\SysWow64\What-U-Hear.ini
[2013-12-21 16:31:29 | 000,000,824 | ---- | C] () -- C:\Windows\SysWow64\FlashPlayer.ini
[2013-11-05 17:26:48 | 000,024,160 | ---- | C] () -- C:\Windows\SysWow64\dolby.ini
[2013-11-05 17:26:48 | 000,023,366 | ---- | C] () -- C:\Windows\SysWow64\dts.ini
[2013-11-05 17:26:48 | 000,021,599 | ---- | C] () -- C:\Windows\SysWow64\decoder.ini
[2013-11-05 17:26:48 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\encoder.ini
[2013-11-05 17:26:48 | 000,005,776 | ---- | C] () -- C:\Windows\SysWow64\headphone.ini
[2013-11-05 17:26:48 | 000,001,591 | ---- | C] () -- C:\Windows\SysWow64\microphone.ini
[2013-10-09 14:08:33 | 000,000,040 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\TheHunterSettings_live.cfg
[2013-07-15 14:16:34 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2013-06-19 14:33:59 | 000,000,422 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\Weather Meter_Settings.ini
[2013-04-15 17:36:21 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-15 17:36:21 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013-04-12 18:10:06 | 000,808,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-04-06 04:15:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013-03-21 05:20:21 | 000,000,758 | ---- | C] () -- C:\Windows\Sof2.INI
[2013-02-24 01:33:42 | 000,000,000 | ---- | C] () -- C:\Windows\MOTO.INI
[2013-02-12 20:34:50 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013-02-12 20:22:56 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013-02-07 12:45:14 | 000,000,029 | ---- | C] () -- C:\Windows\S3K.INI
[2013-01-13 16:07:08 | 000,172,036 | ---- | C] () -- C:\Windows\hpoins47.dat
[2013-01-13 16:07:08 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2012-12-29 14:31:49 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012-12-28 18:39:14 | 000,000,624 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012-12-28 14:55:11 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2012-12-28 14:55:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012-12-28 14:55:09 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012-12-28 14:55:08 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012-12-28 14:55:06 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012-12-28 14:55:06 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012-12-28 14:55:06 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012-12-27 15:00:46 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012-12-27 15:00:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012-12-27 15:00:27 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIBRZ.DLL
[2012-12-27 04:05:26 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012-12-27 04:05:26 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012-12-27 04:05:26 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012-12-27 04:05:26 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012-12-27 04:05:26 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012-12-27 02:44:30 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012-12-27 02:44:30 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012-12-14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 01:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012-12-14 01:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012-11-05 23:02:56 | 000,000,003 | ---- | C] () -- H:\Users\Daniel\AppData\Local\user_data.ini
[2012-08-21 13:31:29 | 000,000,241 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\GPU Meter_Settings.ini
[2012-08-21 13:30:37 | 000,000,282 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\GPU MeterV2_Settings.ini
[2012-06-23 18:25:24 | 000,000,352 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\Network Meter_Settings.ini
[2012-06-23 18:24:43 | 000,000,806 | ---- | C] () -- H:\Users\Daniel\AppData\Roaming\Drives Meter_Settings.ini
[2012-03-01 13:14:42 | 000,000,000 | ---- | C] () -- H:\Users\Daniel\.jline-jython.history
[2011-09-17 15:21:25 | 000,007,603 | ---- | C] () -- H:\Users\Daniel\AppData\Local\resmon.resmoncfg
[2011-08-26 17:49:54 | 000,027,648 | ---- | C] () -- H:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-06-14 15:45:11 | 005,089,280 | ---- | C] () -- H:\Users\Daniel\Beauty - AirPhotos.pps

========== ZeroAccess Check ==========

[2009-07-14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-06-25 02:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-11-08 20:21:04 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\.minecraft
[2013-03-31 01:43:48 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\.mono
[2013-12-28 19:57:39 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Activision
[2012-01-07 04:05:51 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Atari
[2014-02-13 18:01:17 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Audacity
[2014-08-13 14:36:59 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\AVAST Software
[2013-03-25 23:51:18 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Awesomium
[2014-06-18 01:27:04 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Battle.net
[2012-09-28 23:17:30 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Bitcoin
[2014-08-13 14:22:50 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\BleachBit
[2013-04-15 16:03:36 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Broad Intelligence
[2012-07-28 14:36:13 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\capy
[2014-05-28 00:24:24 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2014-03-17 02:49:18 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\DassaultSystemes
[2014-04-18 01:44:46 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Day 1 Studios
[2014-03-17 02:57:24 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Downloaded Installations
[2014-11-24 14:12:28 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Dropbox
[2013-08-23 01:40:34 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\EoN
[2013-04-24 17:43:33 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\FileOpen
[2012-05-29 01:03:34 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\fltk.org
[2011-06-26 17:50:15 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\fofix
[2011-06-16 02:24:29 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\fretsonfire
[2011-06-16 01:43:28 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\gears
[2014-01-08 20:18:16 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\GMR
[2013-12-26 18:47:49 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\gtk-2.0
[2011-09-20 19:22:32 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Leadertech
[2013-08-14 12:44:56 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\library_dir
[2011-12-11 20:34:10 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Lingoes
[2011-06-16 19:02:44 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Lionhead Studios
[2013-12-28 03:32:15 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Litecoin
[2014-11-21 17:17:11 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Little Inferno
[2011-06-15 15:34:27 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\LolClient
[2012-05-26 00:07:08 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\LolClient2
[2014-10-01 14:21:55 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Middle-earth. Shadow of Mordor
[2014-11-24 04:28:03 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Mumble
[2014-11-08 20:24:31 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\My Battle for Middle-earth(tm) II Files
[2011-06-15 13:25:55 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\mypcdrivers
[2013-04-24 17:49:02 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Nitro
[2014-06-20 16:15:24 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Nitro PDF
[2012-09-18 18:31:24 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Notepad++
[2013-09-02 15:09:36 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\OBS
[2011-09-29 12:00:53 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2014-07-26 19:12:48 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Origin
[2013-04-06 04:15:02 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011-11-04 00:44:02 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\PC Communicator 2.0
[2013-04-05 19:13:53 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Publish Providers
[2014-08-12 14:35:36 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\QuickScan
[2014-08-20 20:52:59 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\raidcall
[2014-03-27 05:01:01 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Raptr
[2012-05-20 15:44:31 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Samsung
[2012-08-17 23:38:41 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\six-zsync
[2014-03-17 19:41:26 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\SketchUp
[2013-04-05 19:13:51 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Sony
[2012-06-11 15:53:54 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Spadille
[2014-03-07 14:49:46 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\SpeedSim
[2012-12-27 14:37:21 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Splashtop
[2012-04-27 19:20:12 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\SplitMediaLabs
[2011-11-21 14:50:19 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\SumatraPDF
[2012-06-08 15:43:34 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\SystemRequirementsLab
[2013-04-15 17:08:24 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\TechSmith
[2014-04-06 14:23:25 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\TERA
[2012-12-26 15:46:48 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\TeraCopy
[2013-12-28 03:33:05 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\theHunter
[2012-09-22 02:05:09 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Trine2
[2012-12-27 15:36:23 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\TS3Client
[2012-12-08 17:36:54 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\ts3overlay
[2011-12-09 05:01:13 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Tunngle
[2012-04-21 00:11:05 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Ubisoft
[2013-01-03 04:03:34 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Ulead Systems
[2014-09-04 14:27:33 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\UnknownApplicationVendor
[2013-12-27 13:17:25 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\ViberPC
[2011-06-29 00:32:01 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Vodafone
[2014-01-04 18:59:45 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\Vso
[2014-06-16 02:47:53 | 000,000,000 | ---D | M] -- H:\Users\Daniel\AppData\Roaming\WizardWars

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1191 bytes -> C:\ProgramData\Microsoft:Kwj5nAGL6sELJeJpzISYiT9s
@Alternate Data Stream - 1096 bytes -> C:\ProgramData\Microsoft:rgA4KdLNQq6j3JzXfClPz0mjd09
@Alternate Data Stream - 1047 bytes -> C:\ProgramData\Microsoft:fOA15HzBtWK1MxGzPAGidZBbv4I92

< End of report >
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 24th, 2014, 4:31 pm

OTL Extras logfile created on: 24-11-2014 19:42:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = H:\Users\Daniel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

5,89 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 28,43% Memory free
11,77 Gb Paging File | 6,83 Gb Available in Paging File | 58,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 25,71 Gb Free Space | 23,02% Space Free | Partition Type: NTFS
Drive H: | 465,66 Gb Total Space | 7,11 Gb Free Space | 1,53% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 16,39 Gb Free Space | 3,52% Space Free | Partition Type: NTFS

Computer Name: FOXY | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- Reg Error: Key error.
Directory [Browse with Corel PaintShop Pro X5] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- Reg Error: Key error.
Directory [Browse with Corel PaintShop Pro X5] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X5\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078FDB28-92EF-40E5-822B-0A13D9090969}" = rport=10243 | protocol=6 | dir=out | app=system |
"{11CEFEBD-802A-4C11-813B-7B256028B77D}" = lport=7850 | protocol=6 | dir=in | name=war thunder |
"{17546BDE-E73A-4E39-9032-2C3D5962945A}" = lport=6881 | protocol=6 | dir=in | name=war thunder |
"{1B270CE2-FD81-4F3D-B949-593BD65779A3}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{231F615C-14D8-472F-B903-256985D9EE9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25832A75-C39F-4EE7-8728-0C0082018D81}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D280AE0-0C39-4AA4-B750-6A85FA52955C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{2F00ED5A-691A-475D-9479-29CD4A8B20AD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{2FE4B05A-E4C7-4CD7-867B-ADACA49DEE51}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32B99E76-A95C-4E0D-8CD4-A51712588919}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D82894E-3E20-4B85-802A-ACF6D3272182}" = rport=139 | protocol=6 | dir=out | app=system |
"{441EBCFB-865B-4C74-AD73-BDDAF6D62E31}" = lport=445 | protocol=6 | dir=in | app=system |
"{50CB33D0-B7F2-4919-811D-32DA65C20D0D}" = rport=445 | protocol=6 | dir=out | app=system |
"{53EC4DA2-5848-4498-9DC2-B0E346139A7F}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5CE61190-0F49-490F-980D-33BA063BE2BE}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5D96C03D-5A54-4E18-8641-F28586668C55}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6068DFD4-532B-4C50-A82E-E6C4AFF65167}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{62F92705-2420-4C50-833D-032C356EB31E}" = lport=20443 | protocol=6 | dir=in | name=war thunder |
"{67715F93-A6E4-49ED-8F86-E28C6F4FBF5D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6CE216CF-6ECB-4026-A19C-9030E40090DD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D0897F9-293B-4BE2-889A-243FD1FAA885}" = lport=27022 | protocol=6 | dir=in | name=war thunder |
"{6D175071-5E12-433C-A586-4BC1B54A1B2A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{74E4F7E4-60BD-4E64-85DC-225A9E6C4E99}" = lport=443 | protocol=6 | dir=in | name=war thunder |
"{761A3589-D77E-48F7-8EEF-C6F35DC64233}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{78AA4B8D-64C2-454F-A033-55682311B397}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{7C495DD7-F0DB-41E0-B05C-76BD83DC7B78}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{811D7764-8513-4BAB-B682-C16026787416}" = lport=20010 | protocol=17 | dir=in | name=war thunder |
"{8478C82D-6AF1-4730-9B98-B883C69B3BAE}" = lport=3478 | protocol=17 | dir=in | name=war thunder |
"{89A5671F-A28D-4962-898A-A4DBC156410E}" = lport=137 | protocol=17 | dir=in | app=system |
"{901FA6F7-C96C-4F96-925A-F37E5447AEB5}" = lport=445 | protocol=6 | dir=in | app=system |
"{9414C34E-AC4C-4493-9C2D-6C7351D79876}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{99262BF3-49BA-4944-B317-E645A555BDF8}" = lport=80 | protocol=6 | dir=in | name=war thunder |
"{A3EF8347-1896-41EF-9528-BCCF59179385}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5BB8E5D-2400-4E00-8736-0E0E7F76C14E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A615613D-3355-4765-A2B6-F94D85A7200C}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A6FEB1D3-369C-4BD1-99DB-102051DFC0D6}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{AB124007-9818-46DB-9927-68B42C1C174B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{B7F66235-8C07-4846-AFD1-A499E71EB36D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{B88FE3B9-8E38-474C-8933-1ADC1ACD65D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8B99993-445D-498C-93CD-B5E02657A385}" = lport=33333 | protocol=6 | dir=in | name=war thunder |
"{BC9CA84B-5449-42CC-9792-11E5311B4EC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCAE4586-8AEE-4774-89F2-BC7B88956150}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD159E4-95BE-4575-B0B4-54369306B957}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{BF105E3D-47B0-47F5-A7A3-0281FC9B0AE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5A2F490-9C74-406A-A9B6-F29447183672}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{C6E80BB9-FE68-4477-8E36-30B16EA0301A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{CF89F4B4-4D80-49CF-B971-2C87A1D8D732}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D0988C88-88C9-421A-8022-4B1B00666AE7}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{D7BBC82D-E1BE-4347-969B-5D77ADEB744D}" = lport=8090 | protocol=6 | dir=in | name=war thunder |
"{D847EDAF-123C-4306-A4CC-738E4E20253E}" = lport=139 | protocol=6 | dir=in | app=system |
"{D8BCF1C0-227A-41AC-8B30-6B42B83A4B84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCB4E8C6-B9A2-4E90-8E2A-C277D02079AD}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DD1B917C-24DE-4D0E-A802-4AE98CB31F97}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{DD89962A-E5CB-4BC4-82CF-76324C24CD02}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E2822350-0562-42AE-BD23-271F19D15CB1}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E81D4BFF-2707-40B7-9575-E672AE110637}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EB820708-DCD2-4EBA-9163-0A0794C2DF7C}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EE948A32-5257-4F73-BD07-8FCD54369B53}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{EF841AD0-EB2B-4064-9348-90666D09B5FF}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006FCB9F-03BC-41E2-97EE-CD405BDFFEFD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0340F679-1B6C-48FA-87A9-F6ED0D1D1257}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{0377BD68-E514-4692-A54C-61401003BB08}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{043C0D24-72AB-4978-B75E-A9B8C368F9F7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{04589C42-9A65-44B6-B3E5-72723DBC2FD0}" = dir=in | app=c:\program files\echobit\evolve\evolveclient.exe |
"{05D6DC26-498D-4EC6-ADC8-79D43D4CE020}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\weird worlds\weirdworlds.exe |
"{06A2A193-CFC6-4DA8-B3AB-A452305542A6}" = dir=in | app=c:\program files\echobit\evolve\evosvc.exe |
"{078647CC-C00B-4806-BB05-935C9D74D765}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{089F92E3-9899-4664-98A1-F85C1FF8EE84}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\nmrih\sdk\hl2.exe |
"{14AF3CE5-ED00-4538-AEAF-657B3CF7CAFA}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{151D5F9F-A614-4360-AB00-3180BE21644F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{16215A92-C227-44CC-BA3B-9BD05FB0243A}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\teleglitchdme\teleglitch.exe |
"{1F167340-A1F9-41B5-92D7-6C099FFF709B}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\left 4 dead 2\left4dead2.exe |
"{200E75F1-9242-443F-B253-E0D4A081D6BE}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\left 4 dead 2\left4dead2.exe |
"{2343FCEC-2C80-47AF-B1DC-E71420752F34}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{25A5DED4-A079-4AA3-970F-5E0AD8F82410}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27782B68-67CC-4B0B-AE72-B3CD13688A48}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2B97F24A-C40D-4A53-8870-75320D32A383}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{2D35F28C-E956-4C0D-B5D1-9DCA568338DB}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{31A3AF73-C2FF-45BD-9EFF-7DDA7D6764ED}" = protocol=6 | dir=in | app=i:\program files (x86)\origin games\populous\game\game\dosbox\dosbox.exe |
"{3784F585-DAAD-46EC-974C-A631C40FF1FA}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{38117DE2-E43F-4D37-8BEE-D8095926155F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{381ABADF-061B-4F75-97BB-2A5336F31F86}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\afterfall insanity\binaries\win32\insanity-win32-shipping.exe |
"{3E4096F2-D43E-4467-9F54-C164ACCD6B14}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4374DC13-ED41-4EE9-AA8A-2A5A664A10D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{454DA822-8ECD-4D25-BD28-B9E18E4CB8D5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{4754B6F0-A9E2-4734-BEC9-231005089522}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{49016AEF-F1F3-45E4-9042-665FB8303AEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{4B6E986D-7B66-4B19-9463-6B404198AFE9}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\unturned\unturned.exe |
"{50CEFEDE-8F57-4096-B774-8BD3BDD3917E}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{51D7222F-CF85-4FAF-A0AB-40B515219C34}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{52B08CDD-B88E-4956-A648-250D78845D1D}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe |
"{5CD6A410-6DAB-436E-8EC0-F2F6E8869FBD}" = protocol=17 | dir=in | app=i:\program files (x86)\origin games\populous\game\game\dosbox\dosbox.exe |
"{5CF459FA-C994-43A5-A9E2-268F2BC80351}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\robocraft\robocraft.exe |
"{5F9DC8D5-4CFD-4BC9-9A1C-2FECAF2141BE}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\teleglitchdme\teleglitch.exe |
"{60D6E38D-EEA7-42EC-9AEA-991D6776443E}" = protocol=17 | dir=in | app=h:\games\battle.net\battle.net.exe |
"{610914AA-14F9-45B0-962C-127B4E15BF29}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\alien swarm\swarm.exe |
"{618C5C62-69BF-40F2-97D9-05DC4ED76CE4}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{64EC3C8F-6DBF-4CB0-9AE8-D4B3F4A5E56D}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\magickawizardwars\wizardwarslauncher.exe |
"{68862CBD-8550-4555-AE20-A527FB0CB34E}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{6979312C-4E38-4BF9-8039-ADE99D6F7F33}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe |
"{6D9353B4-C15B-43D1-9F04-F41FDA71222A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{702295A8-E6D7-4F50-8AB7-C1720C921442}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7245B5F0-BAB9-40BF-93A4-C037083FCFFB}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{75B471F4-226E-466F-BE37-48684B584F14}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\bin\steamwebhelper.exe |
"{773894A8-1D8E-4E90-B64B-627390D5A2EF}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\pid\pid.exe |
"{779EB26B-ED9E-4D66-B775-A26ADF0B1463}" = protocol=17 | dir=in | app=h:\games\hearthstone\hearthstone.exe |
"{7C041021-BFC1-43A1-AF0A-1ED4ADEB2F78}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{84E04D0D-EE09-43C6-A0D7-FE8205B52771}" = protocol=6 | dir=in | app=i:\games\the battle for middle-earth (tm) ii\game.dat |
"{86EA116A-63B1-4C9F-8054-DAFE2F02220D}" = protocol=17 | dir=in | app=h:\riot games\league of legends\rads\system\rads_user_kernel.exe |
"{87102DFA-EF0B-48D6-B2A3-068FECAE9FC3}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{872B36EC-7650-4491-B93C-C364DF23C826}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbconsoleui.exe |
"{8BF00655-9C7D-4F0E-856F-1B0565C0D6A1}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steam.exe |
"{8D2600BC-036F-43A0-8906-77807266C531}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8DAD3B52-9669-4559-9CE3-78E3901E0A28}" = protocol=6 | dir=in | app=c:\program files (x86)\mumble\mumble.exe |
"{8F5F6EF4-C8BB-4F4B-AD1F-1C0556324CBA}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\csnz\bin\cstrike-online.exe |
"{90915368-83DB-4194-8028-0A0DEC7A0CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{938C7FF2-8115-4257-BF78-A2B95E423AEE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{9788C3A9-4FAF-4041-A833-96BDDBD7EC87}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\pid\pid.exe |
"{979453A9-6D1B-4456-A5A1-3771CFCE9599}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{97D4AECC-C645-4475-9133-0F6B985D2497}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\receiver\receiver.exe |
"{980E728A-6F72-4E77-AF15-0BD22DCE749D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{9945905E-6C93-4D7C-BFBE-F0E2D5E3CA4D}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{9A1F39A2-41A1-4AA8-A68F-E382233966A2}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\bin\steamwebhelper.exe |
"{9A9F39C8-EDCF-47C9-A757-2EF082D86E45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B06DF03-0513-4AB6-8899-65576A26F110}" = dir=in | app=c:\windows\explorer.exe |
"{9D24FC8D-F0F5-4468-9712-4D69FF48BB63}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\nza\bin\nza.exe |
"{9E4253AC-7A44-44F3-B7DC-44891FBC79AD}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\payday the heist\payday_win32_release.exe |
"{9E6E403A-A3E1-4C41-93C8-864CAC527A14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A15D0C0D-1157-4BD1-8E83-C981090B2994}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A6A5E235-16CC-46C6-A6FD-D7A80B18E1EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{A6C28C60-C234-4950-885C-160F18BC09B5}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{A701C9F8-4AEA-47A5-A9EC-52880B86B84D}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{A74AE734-A555-4579-9055-CF82C436CBFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8500D40-4796-418D-B444-93329389CE3D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{A87DB3F6-BD15-4295-B58C-953A77EADE2A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AABB7020-7902-4DC3-9335-D26FBB6A55B9}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\crash time ii\burningwheels.exe |
"{AB8492C7-33D0-4ABB-9361-0A609E497420}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{AC269ED9-1722-4856-B580-5B7727B3BF58}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AC3DBB00-4747-4EAB-BA2E-2809B40BEAE4}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\nza\bin\nza.exe |
"{AD8424C2-F2DB-4A4E-964E-219FB6A7AED2}" = protocol=17 | dir=in | app=i:\games\rise of nations\thrones.exe |
"{AD9586AB-B717-4720-B328-DED6E505A8B1}" = dir=in | app=h:\users\daniel\appdata\local\viber\viber.exe |
"{AE4EA3EE-C420-40C8-AB52-A76AA8DF9130}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AEE887DE-1094-4EF5-AF19-1828AC049B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\mumble\mumble.exe |
"{B017EF68-1D76-4DA5-BBE8-7054A2E827BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B057E996-FDEE-4156-9C5A-5688CCA2F65E}" = protocol=6 | dir=in | app=i:\games\rise of nations\thrones.exe |
"{B0FF6BC1-4662-42CE-8A81-E97A37E3DBA6}" = protocol=17 | dir=in | app=i:\games\the battle for middle-earth (tm) ii\game.dat |
"{B1382891-0BDA-492E-8574-12A7A31FD9D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B50267E1-F5A2-48F4-B4C6-36D6734AA742}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B7BC8193-FF15-42DA-AD98-594E6FE9945D}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\crash time ii\burningwheels.exe |
"{BA9B7B0D-A064-4A1F-9F9E-B1F375F3E3FC}" = protocol=6 | dir=in | app=h:\riot games\league of legends\rads\system\rads_user_kernel.exe |
"{BD581F93-D04B-4F17-BFF6-40B2E30FD58B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BE91D2CA-5B08-465D-9F18-7F860B9169B4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{BEFE4272-1DAE-4AE2-ABF1-910C4F31CD50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C237BE3B-F617-436B-BB80-9366B5E007A0}" = dir=in | app=c:\windows\system32\rundll32.exe |
"{C3A3165C-BCBB-423C-A433-8F73C0B73AD7}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\nmrih\sdk\hl2.exe |
"{C62A3D22-73FA-48B5-AAD3-F94AAE5AF520}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{C718920C-16BF-4BF0-A7D0-B9865C89EBE6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9291A32-9ADC-454F-93FF-1E664A310E89}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\magickawizardwars\wizardwarslauncher.exe |
"{C97CA6AE-3B04-401D-BFE7-3AAFE6E78675}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{CAD9EE37-DCA2-4D11-B895-FA8DEC0ACF55}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{CF2AAE44-AD59-42EC-A557-9D3F7A2687E2}" = protocol=6 | dir=out | app=system |
"{CF4CEF2F-7472-4C6E-AA5A-0D6594FA8BA5}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\csnz\bin\cstrike-online.exe |
"{D18D7869-9136-4C55-9963-07D9377EE5D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D27A0700-07FA-4E7D-8224-7C6F08EA2AAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D2B4A4A0-A285-4595-877E-1B2606BA110D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3671A43-AC15-4977-8E0A-90C927658332}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{D3E479C7-1483-45D9-950F-45E181198978}" = protocol=6 | dir=in | app=h:\games\battle.net\battle.net.exe |
"{D42D7C66-8226-4F1D-8624-550B1E728159}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4A19570-0FFB-46BF-B779-F8999ED4E006}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D648CC99-973A-48A2-B7CA-C93AF90AC1BA}" = protocol=6 | dir=in | app=h:\games\hearthstone\hearthstone.exe |
"{D6F8510D-D6EA-47A3-B5BD-7C13ACA6D9F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{DA1D1831-7A09-49D3-A7FC-CD812DDB58C4}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{E1EB8794-8BAE-4F22-ADC0-C248E569F4C0}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oaserver.exe |
"{E3B34171-EA7C-461F-B38B-60542EE496D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E5028CEE-2B01-42F1-A9DA-6E226F18B310}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\unturned\unturned.exe |
"{E5EEB0A4-8448-4671-8FF2-8D71E7A0F326}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\payday the heist\payday_win32_release.exe |
"{E824B55A-7C2C-432D-8611-BB0D026196B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA29BFD6-02A7-4017-AEAD-6BB2DB374D9F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{ECC1FE48-6F95-42D9-B71F-E8F662480449}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\alien swarm\swarm.exe |
"{ED2D840A-E4DD-4BF1-A3B9-86BA09C3D7A6}" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{EE30D997-5076-447C-A68E-E0655125F01F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEB010A1-41BA-46B0-85E8-B90185F506E4}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\receiver\receiver.exe |
"{F25FEF64-FB1E-484D-89CD-991CCDFB1F82}" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{F41B63B5-3FC3-4E47-89DF-2F22D2B37DD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F50AF99D-F2BD-4E21-956D-DCD4C8D6EBE2}" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\weird worlds\weirdworlds.exe |
"{F8B7BF92-4A24-4D89-A591-BB22EA0684BF}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\tbservice.exe |
"{F9AE59C5-AB59-4253-A754-E6D97C87CE28}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\afterfall insanity\binaries\win32\insanity-win32-shipping.exe |
"{FCC3B936-D664-47C1-8568-53236D5ABE91}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{FECAB1EA-3164-45C8-8F37-0300D9815411}" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe |
"TCP Query User{0B7E9E20-0ADD-4D9F-92D5-D809EB4D246B}I:\steamlibrary\steamapps\common\dead space\dead space.exe" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\dead space\dead space.exe |
"TCP Query User{11C66297-FEB4-4D51-B6A1-EC595850F462}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{1CBCC732-0B08-465D-8F45-24B26951AB16}I:\download\hearthcrawler v24 cracked smartcc & uai included\hearthcrawler r24 cracked\hearthcrawler.exe" = protocol=6 | dir=in | app=i:\download\hearthcrawler v24 cracked smartcc & uai included\hearthcrawler r24 cracked\hearthcrawler.exe |
"TCP Query User{228C139F-E8E1-402A-BD21-6C79F7112D57}H:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe" = protocol=6 | dir=in | app=h:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe |
"TCP Query User{5E9E5824-D273-498B-9781-1E319F094A0A}I:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=i:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"TCP Query User{603DB220-4E22-48E7-A269-9E14CEBEAF57}I:\games\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=i:\games\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{73A7A414-8CA5-437D-B8B0-6D98075E75F6}I:\games\rollcage\direct3d\rollcage.exe" = protocol=6 | dir=in | app=i:\games\rollcage\direct3d\rollcage.exe |
"TCP Query User{753F447A-DA59-4F67-A419-B7FC71064EB4}I:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=i:\games\tera\tera-launcher.exe |
"TCP Query User{7B312A33-6941-427B-A5A1-4DEB4FE6281D}C:\program files (x86)\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe |
"TCP Query User{8C4DBA39-0301-4C87-87FC-A19276B7B66B}I:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=6 | dir=in | app=i:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe |
"TCP Query User{966E4FFF-9923-4E6D-AB31-DB754D47BAC7}H:\games\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=h:\games\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{9CBF7D17-9D00-4E4E-A1DD-DA2DC736A83E}H:\users\daniel\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=h:\users\daniel\documents\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{B316E577-20D3-4BF6-858A-6C1AAC7FFA46}I:\download\terraria 1.2.4\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=i:\download\terraria 1.2.4\terraria\terrariaserver.exe |
"TCP Query User{BED634DC-D8CF-47F3-9923-EC547FCF802C}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{C82DB7EA-FAF4-4702-9812-FE84D177DA09}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youwave_android\vb\vboxsdl.exe |
"TCP Query User{CD0429E7-2AD0-4039-BBA5-3E80D9EFE3BC}I:\games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=6 | dir=in | app=i:\games\f.e.a.r. 3\f.e.a.r. 3.exe |
"TCP Query User{DAE246BA-6F3F-4174-8DD3-F43D0CDA8C6C}I:\games\7 days to die\7daystodie.exe" = protocol=6 | dir=in | app=i:\games\7 days to die\7daystodie.exe |
"TCP Query User{E5659780-A0A8-49E9-8985-3C47D80D43B2}H:\program files (x86)\magic workstation\mwsplay.exe" = protocol=6 | dir=in | app=h:\program files (x86)\magic workstation\mwsplay.exe |
"UDP Query User{010F3B73-DD18-4557-AE1D-30D8C4158CBF}C:\program files (x86)\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\terraria\terrariaserver.exe |
"UDP Query User{0F444220-455C-45D5-B4E1-6E0D73068F9B}I:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=i:\games\tera\tera-launcher.exe |
"UDP Query User{26A5D997-787E-494A-8731-793EA735E920}I:\games\f.e.a.r. 3\f.e.a.r. 3.exe" = protocol=17 | dir=in | app=i:\games\f.e.a.r. 3\f.e.a.r. 3.exe |
"UDP Query User{436A32C0-F181-48CD-B230-D0DC9C15DC2A}I:\download\terraria 1.2.4\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=i:\download\terraria 1.2.4\terraria\terrariaserver.exe |
"UDP Query User{4A21D0B7-15C8-48FB-B2E1-72D999473151}I:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe |
"UDP Query User{6DB84666-E45B-4F65-81FF-8EDC560202F8}I:\games\rollcage\direct3d\rollcage.exe" = protocol=17 | dir=in | app=i:\games\rollcage\direct3d\rollcage.exe |
"UDP Query User{75010F40-570F-4EB0-A2F6-B521F517E23C}H:\program files (x86)\magic workstation\mwsplay.exe" = protocol=17 | dir=in | app=h:\program files (x86)\magic workstation\mwsplay.exe |
"UDP Query User{773D6052-BAAA-464A-B69B-77E24142EF7C}H:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe" = protocol=17 | dir=in | app=h:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe |
"UDP Query User{79D140AF-42DE-45DA-B99D-30785B564E94}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{8161AD46-1848-49A2-88AE-BE1E582EA517}I:\games\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=i:\games\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{92D303E8-6A26-4844-A9A8-074DF85A732C}H:\users\daniel\documents\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=h:\users\daniel\documents\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{9F612987-EB8D-45FC-937A-68210F166E2A}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{B83A1AC6-08EF-4A81-981A-2A124218FD90}I:\games\7 days to die\7daystodie.exe" = protocol=17 | dir=in | app=i:\games\7 days to die\7daystodie.exe |
"UDP Query User{B9C82852-D39B-485E-86B7-F661EC0E2D47}H:\games\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=h:\games\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{BCF6990F-41BC-4061-930A-8D655731D9EF}C:\program files (x86)\youwave_android\vb\vboxsdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youwave_android\vb\vboxsdl.exe |
"UDP Query User{BD57F340-E8A7-482C-802C-E5552E3DFAC7}I:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe" = protocol=17 | dir=in | app=i:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe |
"UDP Query User{D8DFC706-D7FD-4528-B4E2-428A85152290}I:\steamlibrary\steamapps\common\dead space\dead space.exe" = protocol=17 | dir=in | app=i:\steamlibrary\steamapps\common\dead space\dead space.exe |
"UDP Query User{F01F6882-FDD9-4D99-9ED7-C36CA52CEA32}I:\download\hearthcrawler v24 cracked smartcc & uai included\hearthcrawler r24 cracked\hearthcrawler.exe" = protocol=17 | dir=in | app=i:\download\hearthcrawler v24 cracked smartcc & uai included\hearthcrawler r24 cracked\hearthcrawler.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1551A29F-B1B0-43CA-90B5-E6E5186F683E}" = PSPPro64
"{168EB20E-FC09-4D2E-83A9-49483710304C}" = SolidWorks Explorer 2013 SP03 x64 Edition
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.8 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{670B1B49-9FD3-4827-9B41-471EFF580AA8}" = Evolve
"{68D2AC29-B594-466A-8D6F-238FA2135BB5}" = BOINC
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{851A81E8-D0F3-42ED-9313-D327CF1FF2A7}" = Intel(R) Smart Connect Technology 2.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0816-1000-0000000FF1CE}" = Ferramentas de Verificação do Microsoft Office 2013 - Português
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AC2165BD-762D-420B-AD33-20FACAA7112B}" = SolidWorks eDrawings 2013 x64 Edition SP03
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 344.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.14.0702
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.32.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.25
"{B6B5EA7E-B91F-443D-A958-B0062FB53804}" = SolidWorks 2013 x64 Edition SP03
"{BA812540-2D88-4A6A-A527-E7728D577D7D}" = SolidWorks Plastics 2013 SP03 x64 Edition
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{FD46B7B1-FF9A-43EE-8E12-D8F61BD67A25}" = Nitro Pro 8
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"Creative VF0420" = Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00)
"MediaCoder x64" = MediaCoder x64 0.8.20.5380
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Recuva" = Recuva
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeraCopy_is1" = TeraCopy 2.27
"VIRTU MVP 2.0_is1" = VIRTU MVP 2.0 3.0.108

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = Corel PaintShop Pro X5
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15002A1B-C1E7-4E91-A3EC-5502BF924A32}" = Setup
"{15180A90-1FC0-47E4-A150-3AECEF07B3B6}" = Corel PaintShop Pro X5
"{1522E36C-3739-41E4-8CD3-A4AFEA70086A}" = PSPPContent
"{153DD765-C8C6-4893-8CEF-D965351D82EC}" = PSPPHelp
"{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}" = IPM_PSP_COM
"{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}" = ICA
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1" = FTL version 1.5.10
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 55
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{476CD9DE-C45F-4443-BFA7-E51C58B7E455}" = Populous
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{535940AB-CDD0-4A32-A2B7-D928AE3AABDA}" = Mumble 1.2.5
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = Zeus & Poseidon
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8BD89760-6B5D-4A3C-8B0D-CDB93BEFC0F6}" = XSplit
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}" = SketchUp 2014
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BFA04EE0-8240-4667-8D53-45496A901C33}" = Camtasia Studio 8
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1" = VSO ConvertXToDVD
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70DE052-CFFD-4DCB-8DA3-3ECAAFBB7D15}}_is1" = Hazard Ops
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7 Days To Die_is1" = 7 Days To Die version 9.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.181
"Audacity_is1" = Audacity 2.0.3
"Avast" = Avast Free Antivirus
"Battle.net" = Battle.net
"BFME2 Widescreen Enhanced 1.0" = BFME2 Widescreen Enhanced 1.0
"BleachBit" = BleachBit
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Volume Panel" = Volume Panel
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"EaseUS Todo Backup Free 6.5_is1" = EaseUS Todo Backup Free 6.5
"F.E.A.R. 3_is1" = F.E.A.R. 3
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"Hearthstone" = Hearthstone
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"LOLReplay" = LOLReplay
"Magic Workstation 0.97 Update_is1" = Magic Workstation 0.97 Update
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Middle-earth. Shadow of Mordor_R.G. Gamblers_is1" = Middle-earth. Shadow of Mordor
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.83.17220 32-bit
"Open Broadcaster Software" = Open Broadcaster Software
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.4.1
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD (c) Microsoft Studios version 1
"RaidCall" = RaidCall
"Raptr" = Raptr
"Revo Uninstaller" = Revo Uninstaller 1.95
"RiseOfNationsExpansion 1.0" = Rise of Nations
"RTSS" = RivaTuner Statistics Server 5.2.0
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"SolidWorks Installation Manager 20130-40300-1100-100" = SolidWorks 2013 x64 Edition SP03
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 11390" = Crash Time II
"Steam App 17470" = Dead Space
"Steam App 202090" = Magicka: Wizard Wars
"Steam App 218" = Source SDK Base 2007
"Steam App 218740" = Pid
"Steam App 219740" = Don't Starve
"Steam App 223710" = Cry of Fear
"Steam App 224420" = Afterfall InSanity Extended Edition
"Steam App 226120" = Weird Worlds: Return to Infinite Space
"Steam App 227100" = Sniper Elite: Nazi Zombie Army
"Steam App 234190" = Receiver
"Steam App 234390" = Teleglitch: Die More Edition
"Steam App 238010" = Deus Ex: Human Revolution - Director's Cut
"Steam App 24240" = PAYDAY: The Heist
"Steam App 273110" = Counter-Strike Nexon: Zombies
"Steam App 301520" = Robocraft
"Steam App 304930" = Unturned
"Steam App 550" = Left 4 Dead 2
"Steam App 630" = Alien Swarm
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1
"Trine 2_is1" = Trine 2
"VirtualCloneDrive" = VirtualCloneDrive
"XFastUSB" = XFastUSB
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YouWave" = YouWave for Android
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"93bb1775721ec2cc" = Launcher omfg.gg
"Dropbox" = Dropbox
"Flux" = f.lux
"SOE-DC Universe Online" = DC Universe Online
"SOE-DC Universe Online Live" = DC Universe Online Live
"UnityWebPlayer" = Unity Web Player
"Viber" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21-11-2014 11:42:22 | Computer Name = Foxy | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 21-11-2014 20:25:23 | Computer Name = Foxy | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 22-11-2014 09:35:58 | Computer Name = Foxy | Source = ISCT Agent | ID = 1003
Description =

Error - 22-11-2014 11:55:55 | Computer Name = Foxy | Source = ISCT Agent | ID = 1003
Description =

Error - 22-11-2014 12:10:32 | Computer Name = Foxy | Source = Application Hang | ID = 1002
Description = The program DllHost.exe version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2d8 Start
Time: 01d0066eccab1250 Termination Time: 15 Application Path: C:\Windows\system32\DllHost.exe

Report
Id: 1323b1c3-7262-11e4-9538-bc5ff44aa2d7

Error - 22-11-2014 12:12:15 | Computer Name = Foxy | Source = Application Hang | ID = 1002
Description = The program explorer.exe version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1804 Start
Time: 01d0066d41b60cad Termination Time: 22085 Application Path: C:\Windows\explorer.exe

Report
Id: 449ad8cf-7262-11e4-9538-bc5ff44aa2d7

Error - 22-11-2014 20:10:57 | Computer Name = Foxy | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 23-11-2014 20:49:03 | Computer Name = Foxy | Source = ISCT Agent | ID = 1003
Description =

Error - 23-11-2014 20:59:04 | Computer Name = Foxy | Source = Office 2013 Licensing Service | ID = 0
Description =

Error - 24-11-2014 10:02:22 | Computer Name = Foxy | Source = ISCT Agent | ID = 1003
Description =

[ System Events ]
Error - 24-11-2014 15:48:51 | Computer Name = Foxy | Source = Service Control Manager | ID = 7001
Description = The Security Center service depends on the Windows Management Instrumentation
service which failed to start because of the following error: %%126

Error - 24-11-2014 15:48:51 | Computer Name = Foxy | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126

Error - 24-11-2014 15:48:52 | Computer Name = Foxy | Source = Service Control Manager | ID = 7001
Description = The Security Center service depends on the Windows Management Instrumentation
service which failed to start because of the following error: %%126

Error - 24-11-2014 15:48:52 | Computer Name = Foxy | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126

Error - 24-11-2014 15:48:52 | Computer Name = Foxy | Source = Service Control Manager | ID = 7001
Description = The Security Center service depends on the Windows Management Instrumentation
service which failed to start because of the following error: %%126

Error - 24-11-2014 15:48:52 | Computer Name = Foxy | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126

Error - 24-11-2014 15:48:53 | Computer Name = Foxy | Source = Service Control Manager | ID = 7001
Description = The Security Center service depends on the Windows Management Instrumentation
service which failed to start because of the following error: %%126

Error - 24-11-2014 15:48:53 | Computer Name = Foxy | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126

Error - 24-11-2014 15:48:53 | Computer Name = Foxy | Source = Service Control Manager | ID = 7001
Description = The Security Center service depends on the Windows Management Instrumentation
service which failed to start because of the following error: %%126

Error - 24-11-2014 15:48:53 | Computer Name = Foxy | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126


< End of report >
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby Mebseven » November 24th, 2014, 4:32 pm

Step 2 - MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: N/A, hr=0x80080005
Windows Product Key Hash: N/A, hr=0x80080005
Windows Product ID: 55041-090-3191941-86798
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {969831E4-3658-47C0-A5A7-ED997AC92312}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140706-1506
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: FCEE394C-458-80080005_025D1FF3-344-80080005_025D1FF3-229-80080005_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{969831E4-3658-47C0-A5A7-ED997AC92312}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-090-3191941-86798</PID><PIDType>6</PIDType><SID>S-1-5-21-3726059491-1955422105-1958324113</SID><SYSTEM/><BIOS/><HWID>92BE3907018400FE</HWID><UserLCID>0816</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x1A8' to display the error text.
Error: 0x1A8

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: PgAAAAMAAwABAAIAAgADAAAAAgABAAEAonYmUU40dxZbcnTEwr/o7RD/nl5MZbL73ohCfUo6/EWUt+rNlmM=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
FPDT ALASKA A M I
SSDT Intel_ AoacTabl
AAFT ALASKA OEMAAFT
SSDT Intel_ AoacTabl
SSDT Intel_ AoacTabl
SSDT Intel_ AoacTabl
Mebseven
Active Member
 
Posts: 11
Joined: November 18th, 2014, 11:14 am

Re: Interpol\Police Virus plus some error messages

Unread postby Cypher » November 25th, 2014, 9:18 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.
The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW DDS logs :
  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware