Computer Slowing Down (need help)

I

insaniak

New Member
This is hard to explain, but my computer consistently slows down pretty much to a crawl after not using the mouse or keyboard for a few minutes. It was working fine last night while I was playing Dark Souls with a controller. I start it up today and everything seems to be fine, but once I start playing Dark Souls with a controller again it starts happening. It slows down to maybe half a frame per second and I have to move the mouse or press a button on the keyboard then it stutters for a second and goes back to normal. This happens maybe every 3-5 mins constantly.

I was watching Netflix and it also happens for that. Along with VLC and simple idling. I start it up, it starts fine and goes fine for a few minutes, then it slows down to a crawl, I have to press a button or move the mouse then it stutters for a second and goes back to normal.

I am an amateur computer enthusiast, pretty much everything I know I have taught myself or have learned from googling things.

Things I have tried:
Uninstalling all programs I don't need
Disk Defrag
Registry Optimizer
Junk Cleaner
Update Drivers
Used Antivirus to check for any problems (none)
I ran sfc/scannow as Admin on the Command Prompt
Checked windows update - no new updates.
Warm reboot on computer
Cold reboot on computer

I have no clue what else to try to fix this.

Dxdiag link:

https://docs.google.com/file/d/0B5QFwwRbXrJzUEdnOUt0TlhJd2s/edit?usp=sharing

If you ask for any other info I will respond asap.
 
Last edited:
Have you tried taking your hardware back to minimum i.e. just keyboard and mouse, it could be an incompatible piece of hardware like your controller.
 
When was the last time you reinstalled the OS? Registry errors amongst other things may affect your speed, it may be easier to reinstall too. What spec is the PC?
 
AntimatterAsh said:
When was the last time you reinstalled the OS? Registry errors amongst other things may affect your speed, it may be easier to reinstall too. What spec is the PC?
Click to expand...

I have not reinstalled the operating system, I was hoping to avoid that but I will do it if i have to. I bought this computer about 8 months ago, I have not reinstalled the OS since I got it.
 
jamesd1981 said:
Have you tried taking your hardware back to minimum i.e. just keyboard and mouse, it could be an incompatible piece of hardware like your controller.
Click to expand...

Everything was working fine, no hardware changes should have caused it. But I have reinstalled the drivers to my keyboard, mouse, and controller.
 
Do a system restore back to a day before the problem started happening and see what happens.
 
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Logs attached

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.18.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Devin :: DEVIN-DESKTOP [administrator]

4/18/2013 5:46:36 PM
mbam-log-2013-04-18 (17-46-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268436
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Detected: 1
C:\Users\Devin\AppData\Roaming\TS3Client\mszxcv.exe (Heuristics.Shuriken) -> 5248 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Keyboard Inf. (Heuristics.Shuriken) -> Data: C:\Users\Devin\AppData\Roaming\TS3Client\mszxcv.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Devin\AppData\Roaming\TS3Client\mszxcv.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Users\Devin\AppData\Roaming\Adobe\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Devin\AppData\Roaming\Gmote\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Devin\AppData\Roaming\HP Support Assistant\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Devin\AppData\Roaming\Logishrd\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Devin\AppData\Roaming\Warner Bros. Interactive Entertainment\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Devin\AppData\Roaming\YourFileDownloader\mszxcv.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:27:56 PM, on 4/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Users\Devin\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\G19 Clock\BrlgClock.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\GAME FILES\STEAM\Steam.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Corsair M60 Mouse] C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
O4 - HKCU\..\Run: [F.lux] "C:\Users\Devin\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\RunOnce: [Application Restart #2] C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- http://battlelog.medalofhonor.com/m...ks75vVyenlr9wrU9-?returnUrl=|mohw|en|nations|
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\asproxy.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Astrill OpenVPN Service (ASOVPNHelper) - Astrill - C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
O23 - Service: ASProxy - Astrill - C:\Program Files (x86)\Astrill\ASProxy.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11508 bytes
 

Attachments

Last edited by a moderator:
Please just copy the logs inside your reply, don't attach them.

With the infection you have I would like for you to run the following and post the logs.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
I ran that TDSS Killer, it did not find any threats.

COMBOFIX LOG

ComboFix 13-04-18.03 - Devin 04/18/2013 18:58:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.5749 [GMT -6:00]
Running from: c:\users\Devin\Desktop\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Uninstall.exe
c:\users\Devin\AppData\Local\Temp\ammemb.dll
c:\users\Devin\AppData\Local\Temp\ammemb64.dll
c:\users\Devin\Documents\SYS
c:\users\Devin\Documents\SYS\wsys03
c:\users\Devin\Documents\SYS\wsys04
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 01:08 . 2013-04-19 01:08 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{219131FF-1D58-4AB8-BA27-F405FE451EEA}\offreg.dll
2013-04-19 01:06 . 2013-04-19 01:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-19 01:06 . 2013-04-19 01:06 -------- d-----w- c:\users\Mcx1-DEVIN-DESKTOP\AppData\Local\temp
2013-04-19 01:06 . 2013-04-19 01:06 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-04-19 01:06 . 2013-04-19 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-19 00:53 . 2013-04-19 00:53 208216 ----a-w- c:\windows\system32\drivers\34209965.sys
2013-04-19 00:21 . 2013-04-19 00:21 388096 ----a-r- c:\users\Devin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-19 00:21 . 2013-04-19 00:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-18 23:44 . 2013-04-18 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-18 23:44 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 18:14 . 2013-04-18 18:14 -------- d-----w- c:\users\Devin\AppData\Local\Green Man Gaming
2013-04-18 18:14 . 2013-04-18 18:14 -------- d-----w- c:\program files (x86)\Capsule
2013-04-18 18:04 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{219131FF-1D58-4AB8-BA27-F405FE451EEA}\mpengine.dll
2013-04-17 04:01 . 2013-04-17 04:01 -------- d-----w- c:\users\Devin\AppData\Roaming\Sammsoft
2013-04-17 04:01 . 2013-04-17 04:01 -------- d-----w- c:\program files (x86)\ARO 2012
2013-04-17 03:26 . 2013-04-17 03:26 -------- d-----w- c:\program files (x86)\WinASO
2013-04-17 03:22 . 2013-04-17 03:58 -------- d-----w- c:\users\Devin\AppData\Roaming\Nico Mak Computing
2013-04-17 03:22 . 2012-02-08 16:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2013-04-17 03:22 . 2013-04-17 03:58 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2013-04-16 18:08 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-15 22:20 . 2011-10-10 23:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-04-15 21:11 . 2013-04-15 23:26 -------- d-----w- C:\Stinger_Quarantine
2013-04-15 21:11 . 2013-04-16 01:10 -------- d-----w- c:\program files (x86)\stinger
2013-04-15 05:12 . 2013-04-15 06:24 -------- d-----w- c:\users\Devin\AppData\Local\Arma 3 Alpha Lite
2013-04-14 18:25 . 2013-04-14 18:25 -------- d-----w- c:\users\Devin\AppData\Local\Ubisoft
2013-04-13 23:11 . 2013-04-15 03:28 -------- d-----w- c:\users\Devin\AppData\Roaming\DarknessII
2013-04-12 18:30 . 2013-04-19 01:08 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-04-12 18:29 . 2013-04-12 18:33 -------- d-----w- C:\Prey
2013-04-11 23:15 . 2013-02-19 09:52 468904 ----a-w- c:\windows\system32\ASProxy64.dll
2013-04-11 23:15 . 2013-02-19 09:52 352168 ----a-w- c:\windows\SysWow64\ASProxy.dll
2013-04-11 23:15 . 2013-04-11 23:47 -------- d-----w- c:\users\Devin\AppData\Roaming\Astrill
2013-04-11 23:14 . 2012-03-01 04:46 31744 ----a-w- c:\windows\system32\drivers\asvpndrv.sys
2013-04-11 23:14 . 2013-04-11 23:15 -------- d-----w- c:\program files (x86)\Astrill
2013-04-11 05:25 . 2013-04-11 05:25 -------- d-----w- c:\users\Devin\AppData\Roaming\Titanium
2013-04-11 05:23 . 2013-04-11 05:23 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-04-11 05:23 . 2013-04-12 03:32 -------- d-----w- c:\program files\pia_manager
2013-04-10 18:25 . 2013-04-10 18:25 -------- d-----w- c:\program files (x86)\Sierra On-Line
2013-04-10 18:24 . 1998-01-23 18:22 304128 ----a-w- c:\windows\IsUninst.exe
2013-04-10 18:09 . 2013-04-10 18:12 53248 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2013-04-10 18:09 . 2013-04-10 18:12 126976 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2013-04-10 18:09 . 2013-04-10 18:12 114688 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2013-04-09 23:17 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-07 21:24 . 2013-04-07 21:24 -------- d-----w- c:\windows\en
2013-04-07 21:18 . 2013-04-07 21:18 -------- d-----w- c:\program files\Windows Live
2013-04-07 21:16 . 2013-04-07 21:16 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 21:09 . 2013-04-07 21:09 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-07 21:09 . 2013-04-07 21:07 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb2923201ce33d305\skydrivesetup.exe
2013-04-07 21:09 . 2013-04-07 21:09 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 21:07 . 2013-04-07 21:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 -------- d-----w- c:\users\Devin\AppData\Local\Windows Live
2013-04-07 19:31 . 2013-04-07 19:31 -------- d-----w- c:\users\Devin\AppData\Roaming\Command and Conquer 4
2013-04-07 19:31 . 2013-04-07 19:31 -------- d-----w- c:\users\Devin\AppData\Local\Electronic_Arts_Inc
2013-04-06 03:12 . 2013-04-06 03:12 -------- d-----w- c:\users\Devin\AppData\Local\4A Games
2013-04-01 21:10 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\program files\iTunes
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\program files (x86)\iTunes
2013-04-01 21:09 . 2013-04-01 21:09 -------- d-----w- c:\program files\iPod
2013-03-31 19:13 . 2013-03-31 20:25 -------- d-----w- c:\users\Devin\AppData\Roaming\TEdit
2013-03-31 19:12 . 2013-03-31 19:12 -------- d-----w- c:\program files (x86)\TEdit
2013-03-28 04:57 . 2013-03-28 04:57 -------- d-----w- c:\program files (x86)\Terrafirma
2013-03-28 04:54 . 2013-03-28 04:55 -------- d-----w- c:\users\Devin\AppData\Roaming\MoreTerra
2013-03-27 01:18 . 2013-03-27 01:18 -------- d-----w- c:\users\Devin\AppData\Local\NVIDIA
2013-03-27 00:29 . 2013-03-27 00:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 00:29 . 2013-03-27 00:29 -------- d-----w- c:\program files (x86)\Java
2013-03-25 18:38 . 2013-03-25 18:38 -------- d-----w- c:\program files (x86)\CAPCOM
2013-03-22 22:52 . 2013-03-22 22:52 -------- d-----w- C:\ts3overlay
2013-03-22 06:21 . 2013-03-22 06:21 -------- d-----w- c:\users\Devin\AppData\Roaming\Natural Selection 2
2013-03-22 03:33 . 2013-03-22 03:33 -------- d-----w- c:\users\Devin\AppData\Local\Introversion
2013-03-21 22:49 . 2013-03-21 22:49 -------- d-----w- c:\programdata\dbg
2013-03-21 19:48 . 2012-10-23 13:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AB1F0AF-B654-4226-9F92-1EAD52E83A96}\gapaengine.dll
2013-03-21 19:40 . 2013-03-21 19:40 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-03-21 04:05 . 2013-03-21 04:05 -------- d-----w- c:\users\Devin\AppData\Local\FalloutNV
2013-03-20 20:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 06:16 . 2012-09-02 22:29 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-18 06:16 . 2012-09-02 06:08 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-18 06:16 . 2012-09-02 06:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-15 22:23 . 2012-09-02 06:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-04-10 01:54 . 2012-09-02 22:14 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 00:29 . 2012-09-02 06:00 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 00:29 . 2012-09-02 06:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-18 00:06 . 2013-03-18 00:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-03-15 05:53 . 2012-10-11 04:23 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-11 04:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-10-11 04:23 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-11 04:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-11 04:22 26956576 ----a-w- c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-11 04:22 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 04:16 . 2012-08-29 08:36 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-08-29 08:36 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-08-29 08:36 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-08-29 08:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-08-29 08:36 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 04:07 . 2013-03-15 04:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 16:24 . 2012-08-29 08:36 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-12 19:42 . 2012-08-29 08:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 19:42 . 2012-08-29 08:53 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 00:17 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2013-02-20 07:13 . 2013-02-20 07:13 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-02-12 05:45 . 2013-03-13 02:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 02:45 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 02:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 02:45 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 02:45 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:45 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 03:25 . 2013-03-02 19:56 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-02 19:56 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-08 00:28 . 2013-02-27 07:10 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66522B69-80AA-4EA0-AC67-51908534C895}\mpengine.dll
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 13:20 . 2012-08-30 13:20 68792 ----a-w- c:\program files (x86)\fraps64.dat
2012-08-30 13:20 . 2012-08-30 13:20 2550968 ----a-w- c:\program files (x86)\fraps.exe
2012-08-30 13:20 . 2012-08-30 13:20 234168 ----a-w- c:\program files (x86)\fraps32.dll
2012-08-30 13:20 . 2012-08-30 13:20 186552 ----a-w- c:\program files (x86)\fraps64.dll
2012-08-30 13:17 . 2012-08-30 13:17 140288 ----a-w- c:\program files (x86)\frapslcd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-11-23 1495880]
"Astrill"="c:\program files (x86)\Astrill\astrill.exe" [2013-04-06 5105576]
"F.lux"="c:\users\Devin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-02 867064]
R1 bdlydxra;bdlydxra;c:\windows\system32\drivers\bdlydxra.sys [x]
R1 ivyveqex;ivyveqex;c:\windows\system32\drivers\ivyveqex.sys [x]
R1 javiwruf;javiwruf;c:\windows\system32\drivers\javiwruf.sys [x]
R1 mvfamtll;mvfamtll;c:\windows\system32\drivers\mvfamtll.sys [x]
R1 ocsrionr;ocsrionr;c:\windows\system32\drivers\ocsrionr.sys [x]
R1 qeirthql;qeirthql;c:\windows\system32\drivers\qeirthql.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe [2012-05-26 434928]
R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe [2013-02-19 1918888]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus64.sys [2009-08-05 27336]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-02 271424]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2013-03-26 23552]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-04-04 1134584]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys [2012-03-01 31744]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 676968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2012-04-23 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2012-04-23 410944]
S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 19:42]
.
2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000Core.job
- c:\users\Devin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14 02:19]
.
2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000UA.job
- c:\users\Devin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14 02:19]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 01:22]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 01:22]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000Core.job
- c:\users\Devin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 19:20]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000UA.job
- c:\users\Devin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 19:20]
.
2013-04-02 c:\windows\Tasks\HPCeeScheduleForDEVIN-DESKTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2013-03-20 c:\windows\Tasks\HPCeeScheduleForDevin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 69.168.67.2 216.83.130.7 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1e,d1,a3,5d,ec,fe,38,7f,ee,f0,75,2a,a6,98,05,1b,99,ef,03,6f,18,a9,4c,
f1,59,8c,9c,ca,c4,c9,2f,e8,bf,f7,34,df,52,5c,1a,4e,6e,4e,20,0b,83,30,46,ee,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,4d,c7,8a,e4,c8,68,ae,ae,61,ab,96,ec,2a,8a,75,b4,04,42,75,d0,
23,56,8c,d3,ad,22,f1,18,e2,e0,fa,aa,3b,70,48,ae,04,7a,20,a2,02,0d,2c,e8,43,\
"rkeysecu"=hex:db,7a,64,c3,03,1b,7e,c1,60,3b,b5,94,c5,b5,8c,7c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-04-18 19:12:06 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-19 01:12
.
Pre-Run: 252,056,936,448 bytes free
Post-Run: 251,617,439,744 bytes free
.
- - End Of File - - 7F30036E07FA19EE9E62A5C530FE39A0


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:46 PM, on 4/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Astrill\astrill.exe
C:\Users\Devin\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Devin\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Corsair M60 Mouse] C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
O4 - HKCU\..\Run: [Astrill] "C:\Program Files (x86)\Astrill\astrill.exe" /autostart
O4 - HKCU\..\Run: [F.lux] "C:\Users\Devin\Local Settings\Apps\F.lux\flux.exe" /noshow
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Astrill OpenVPN Service (ASOVPNHelper) - Astrill - C:\Program Files (x86)\Astrill\ASOvpnSvc.exe
O23 - Service: ASProxy - Astrill - C:\Program Files (x86)\Astrill\ASProxy.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10609 bytes


It seems to be running better. No more issues. What would have caused this and how can I prevent this from happening again?
 
You still have a few issues we need to get rid of.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Driver::

bdlydxra
ivyveqex
javiwruf
mvfamtll
ocsrionr
qeirthql

File::

c:\windows\system32\drivers\bdlydxra.sys
c:\windows\system32\drivers\ivyveqex.sys 
c:\windows\system32\drivers\javiwruf.sys 
c:\windows\system32\drivers\mvfamtll.sys
c:\windows\system32\drivers\ocsrionr.sys
c:\windows\system32\drivers\qeirthql.sys

Reglock::

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

You also have some unneeded software installed on your system, so lets get that uninstalled. I need you to post a log that combofix produces but doesn't show you. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents in your next reply.
 
COMBOFIX

ComboFix 13-04-18.03 - Devin 04/18/2013 19:56:26.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8148.6088 [GMT -6:00]
Running from: c:\users\Devin\Desktop\ComboFix.exe
Command switches used :: c:\users\Devin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\bdlydxra.sys"
"c:\windows\system32\drivers\ivyveqex.sys"
"c:\windows\system32\drivers\javiwruf.sys"
"c:\windows\system32\drivers\mvfamtll.sys"
"c:\windows\system32\drivers\ocsrionr.sys"
"c:\windows\system32\drivers\qeirthql.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Devin\AppData\Local\Temp\ammemb.dll
c:\users\Devin\AppData\Local\Temp\ammemb64.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bdlydxra
-------\Service_ivyveqex
-------\Service_javiwruf
-------\Service_mvfamtll
-------\Service_ocsrionr
-------\Service_qeirthql
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 02:03 . 2013-04-19 02:03 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{219131FF-1D58-4AB8-BA27-F405FE451EEA}\offreg.dll
2013-04-19 02:01 . 2013-04-19 02:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-19 02:01 . 2013-04-19 02:01 -------- d-----w- c:\users\Mcx1-DEVIN-DESKTOP\AppData\Local\temp
2013-04-19 02:01 . 2013-04-19 02:01 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-04-19 02:01 . 2013-04-19 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-19 00:53 . 2013-04-19 00:53 208216 ----a-w- c:\windows\system32\drivers\34209965.sys
2013-04-19 00:21 . 2013-04-19 00:21 388096 ----a-r- c:\users\Devin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-19 00:21 . 2013-04-19 00:21 -------- d-----w- c:\program files (x86)\Trend Micro
2013-04-18 23:44 . 2013-04-18 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-18 23:44 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-18 18:14 . 2013-04-18 18:14 -------- d-----w- c:\users\Devin\AppData\Local\Green Man Gaming
2013-04-18 18:14 . 2013-04-18 18:14 -------- d-----w- c:\program files (x86)\Capsule
2013-04-18 18:04 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{219131FF-1D58-4AB8-BA27-F405FE451EEA}\mpengine.dll
2013-04-17 04:01 . 2013-04-17 04:01 -------- d-----w- c:\users\Devin\AppData\Roaming\Sammsoft
2013-04-17 04:01 . 2013-04-17 04:01 -------- d-----w- c:\program files (x86)\ARO 2012
2013-04-17 03:26 . 2013-04-17 03:26 -------- d-----w- c:\program files (x86)\WinASO
2013-04-17 03:22 . 2013-04-17 03:58 -------- d-----w- c:\users\Devin\AppData\Roaming\Nico Mak Computing
2013-04-17 03:22 . 2012-02-08 16:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2013-04-17 03:22 . 2013-04-17 03:58 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2013-04-16 18:08 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-15 22:20 . 2011-10-10 23:42 2580552 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-04-15 21:11 . 2013-04-15 23:26 -------- d-----w- C:\Stinger_Quarantine
2013-04-15 21:11 . 2013-04-16 01:10 -------- d-----w- c:\program files (x86)\stinger
2013-04-15 05:12 . 2013-04-15 06:24 -------- d-----w- c:\users\Devin\AppData\Local\Arma 3 Alpha Lite
2013-04-14 18:25 . 2013-04-14 18:25 -------- d-----w- c:\users\Devin\AppData\Local\Ubisoft
2013-04-13 23:11 . 2013-04-15 03:28 -------- d-----w- c:\users\Devin\AppData\Roaming\DarknessII
2013-04-12 18:30 . 2013-04-19 02:03 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-04-12 18:29 . 2013-04-12 18:33 -------- d-----w- C:\Prey
2013-04-11 23:15 . 2013-02-19 09:52 468904 ----a-w- c:\windows\system32\ASProxy64.dll
2013-04-11 23:15 . 2013-02-19 09:52 352168 ----a-w- c:\windows\SysWow64\ASProxy.dll
2013-04-11 23:15 . 2013-04-11 23:47 -------- d-----w- c:\users\Devin\AppData\Roaming\Astrill
2013-04-11 23:14 . 2012-03-01 04:46 31744 ----a-w- c:\windows\system32\drivers\asvpndrv.sys
2013-04-11 23:14 . 2013-04-11 23:15 -------- d-----w- c:\program files (x86)\Astrill
2013-04-11 05:25 . 2013-04-11 05:25 -------- d-----w- c:\users\Devin\AppData\Roaming\Titanium
2013-04-11 05:23 . 2013-04-11 05:23 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-04-11 05:23 . 2013-04-12 03:32 -------- d-----w- c:\program files\pia_manager
2013-04-10 18:25 . 2013-04-10 18:25 -------- d-----w- c:\program files (x86)\Sierra On-Line
2013-04-10 18:24 . 1998-01-23 18:22 304128 ----a-w- c:\windows\IsUninst.exe
2013-04-10 18:09 . 2013-04-10 18:12 53248 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2013-04-10 18:09 . 2013-04-10 18:12 126976 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2013-04-10 18:09 . 2013-04-10 18:12 114688 ------w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2013-04-09 23:17 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-07 21:24 . 2013-04-07 21:24 -------- d-----w- c:\windows\en
2013-04-07 21:18 . 2013-04-07 21:18 -------- d-----w- c:\program files\Windows Live
2013-04-07 21:16 . 2013-04-07 21:16 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-07 21:09 . 2013-04-07 21:09 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-04-07 21:09 . 2013-04-07 21:07 5659096 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\eb2923201ce33d305\skydrivesetup.exe
2013-04-07 21:09 . 2013-04-07 21:09 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-04-07 21:07 . 2013-04-07 21:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5c311d31ce33d303\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e0ffd2991ce33d302\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\DSETUP.dll
2013-04-07 21:07 . 2013-04-07 21:07 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\DXSETUP.exe
2013-04-07 21:07 . 2013-04-07 21:07 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\dd912bdb1ce33d301\dsetup32.dll
2013-04-07 21:07 . 2013-04-07 21:07 -------- d-----w- c:\users\Devin\AppData\Local\Windows Live
2013-04-07 19:31 . 2013-04-07 19:31 -------- d-----w- c:\users\Devin\AppData\Roaming\Command and Conquer 4
2013-04-07 19:31 . 2013-04-07 19:31 -------- d-----w- c:\users\Devin\AppData\Local\Electronic_Arts_Inc
2013-04-06 03:12 . 2013-04-06 03:12 -------- d-----w- c:\users\Devin\AppData\Local\4A Games
2013-04-01 21:10 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\program files\iTunes
2013-04-01 21:09 . 2013-04-01 21:10 -------- d-----w- c:\program files (x86)\iTunes
2013-04-01 21:09 . 2013-04-01 21:09 -------- d-----w- c:\program files\iPod
2013-03-31 19:13 . 2013-03-31 20:25 -------- d-----w- c:\users\Devin\AppData\Roaming\TEdit
2013-03-31 19:12 . 2013-03-31 19:12 -------- d-----w- c:\program files (x86)\TEdit
2013-03-28 04:57 . 2013-03-28 04:57 -------- d-----w- c:\program files (x86)\Terrafirma
2013-03-28 04:54 . 2013-03-28 04:55 -------- d-----w- c:\users\Devin\AppData\Roaming\MoreTerra
2013-03-27 01:18 . 2013-03-27 01:18 -------- d-----w- c:\users\Devin\AppData\Local\NVIDIA
2013-03-27 00:29 . 2013-03-27 00:29 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 00:29 . 2013-03-27 00:29 -------- d-----w- c:\program files (x86)\Java
2013-03-25 18:38 . 2013-03-25 18:38 -------- d-----w- c:\program files (x86)\CAPCOM
2013-03-22 22:52 . 2013-03-22 22:52 -------- d-----w- C:\ts3overlay
2013-03-22 06:21 . 2013-03-22 06:21 -------- d-----w- c:\users\Devin\AppData\Roaming\Natural Selection 2
2013-03-22 03:33 . 2013-03-22 03:33 -------- d-----w- c:\users\Devin\AppData\Local\Introversion
2013-03-21 22:49 . 2013-03-21 22:49 -------- d-----w- c:\programdata\dbg
2013-03-21 19:48 . 2012-10-23 13:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AB1F0AF-B654-4226-9F92-1EAD52E83A96}\gapaengine.dll
2013-03-21 19:40 . 2013-03-21 19:40 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-03-21 04:05 . 2013-03-21 04:05 -------- d-----w- c:\users\Devin\AppData\Local\FalloutNV
2013-03-20 20:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-19 01:30 . 2012-09-02 22:29 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-19 01:30 . 2012-09-02 06:08 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-19 01:30 . 2012-09-02 06:08 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-15 22:23 . 2012-09-02 06:08 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-04-10 01:54 . 2012-09-02 22:14 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-02 10:34 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 00:29 . 2012-09-02 06:00 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 00:29 . 2012-09-02 06:00 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-18 00:06 . 2013-03-18 00:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-03-15 05:53 . 2012-10-11 04:23 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2012-10-11 04:23 1118776 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-10-11 04:23 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2012-10-11 04:22 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2012-10-11 04:22 26956576 ----a-w- c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2012-10-11 04:22 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 04:16 . 2012-08-29 08:36 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2012-08-29 08:36 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2012-08-29 08:36 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2012-08-29 08:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2012-08-29 08:36 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-15 04:07 . 2013-03-15 04:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-13 16:24 . 2012-08-29 08:36 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-12 19:42 . 2012-08-29 08:53 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 19:42 . 2012-08-29 08:53 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-28 00:17 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2013-02-20 07:13 . 2013-02-20 07:13 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-02-12 05:45 . 2013-03-13 02:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 02:45 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 02:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 02:45 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 02:45 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:45 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 03:25 . 2013-03-02 19:56 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-03-02 19:56 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll
2013-02-08 00:28 . 2013-02-27 07:10 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66522B69-80AA-4EA0-AC67-51908534C895}\mpengine.dll
2013-01-20 22:59 . 2013-01-20 22:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 22:59 . 2013-01-20 22:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 13:20 . 2012-08-30 13:20 68792 ----a-w- c:\program files (x86)\fraps64.dat
2012-08-30 13:20 . 2012-08-30 13:20 2550968 ----a-w- c:\program files (x86)\fraps.exe
2012-08-30 13:20 . 2012-08-30 13:20 234168 ----a-w- c:\program files (x86)\fraps32.dll
2012-08-30 13:20 . 2012-08-30 13:20 186552 ----a-w- c:\program files (x86)\fraps64.dll
2012-08-30 13:17 . 2012-08-30 13:17 140288 ----a-w- c:\program files (x86)\frapslcd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:09 220632 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-11-23 1495880]
"Astrill"="c:\program files (x86)\Astrill\astrill.exe" [2013-04-06 5105576]
"F.lux"="c:\users\Devin\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-02 867064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files (x86)\Astrill\ASOvpnSvc.exe [2012-05-26 434928]
R3 ASProxy;ASProxy;c:\program files (x86)\Astrill\ASProxy.exe [2013-02-19 1918888]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\DRIVERS\GRemoteBus64.sys [2009-08-05 27336]
R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [2011-03-18 410184]
R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [2011-03-18 335688]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-02 271424]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2013-03-26 23552]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-04-04 1134584]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-15 383264]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys [2012-03-01 31744]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 676968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2012-04-23 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2012-04-23 410944]
S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 19:42]
.
2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000Core.job
- c:\users\Devin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14 02:19]
.
2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000UA.job
- c:\users\Devin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-14 02:19]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 01:22]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 01:22]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000Core.job
- c:\users\Devin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 19:20]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723345351-3930917344-1464271235-1000UA.job
- c:\users\Devin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 19:20]
.
2013-04-02 c:\windows\Tasks\HPCeeScheduleForDEVIN-DESKTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2013-03-20 c:\windows\Tasks\HPCeeScheduleForDevin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-07 21:09 244696 ----a-w- c:\users\Devin\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 22:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-03-30 37888]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 69.168.67.2 216.83.130.7 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1e,d1,a3,5d,ec,fe,38,7f,ee,f0,75,2a,a6,98,05,1b,99,ef,03,6f,18,a9,4c,
f1,59,8c,9c,ca,c4,c9,2f,e8,bf,f7,34,df,52,5c,1a,4e,6e,4e,20,0b,83,30,46,ee,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-2723345351-3930917344-1464271235-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,4d,c7,8a,e4,c8,68,ae,ae,61,ab,96,ec,2a,8a,75,b4,04,42,75,d0,
23,56,8c,d3,ad,22,f1,18,e2,e0,fa,aa,3b,70,48,ae,04,7a,20,a2,02,0d,2c,e8,43,\
"rkeysecu"=hex:db,7a,64,c3,03,1b,7e,c1,60,3b,b5,94,c5,b5,8c,7c
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-04-18 20:06:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-19 02:06
ComboFix2.txt 2013-04-19 01:12
.
Pre-Run: 251,740,057,600 bytes free
Post-Run: 251,563,880,448 bytes free
.
- - End Of File - - 483F12B3740B56F091472C6BABE201E9

ADD-REMOVE PROGRAMS

µTorrent
4 Elements II
Actual Multiple Monitors 3.4.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.0.1)
Aliens: Colonial Marines
Amazon Kindle
Amnesia: The Dark Descent
Apple Application Support
Arma 2
ARMA 2 Dedicated Server
Arma 2: Operation Arrowhead
Arma 3 Alpha Lite
Battlefield 1942™
Battlefield 3™
Battlelog Web Plugins
Bejeweled 3
Blackhawk Striker 2
Borderlands 2
Braid
Capsule
Chuzzle Deluxe
Corsair M60 Gaming Mouse Driver V1.0
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Cradle of Rome 2
Crysis®3 MP Open Beta
CyberLink WaveEditor
D3DX10
Dark Souls Prepare to Die Edition
Dark Souls: Prepare to Die Edition
Diablo III
DirectX for Managed Code Update (Summer 2004)
DJ_SF_06_D1600_SW_Min
Dora's World Adventure
Escape the Emerald Star
ESN Sonar
F.lux
Facebook
Facebook Video Calling 1.2.0.287
Fallout New Vegas
Far Cry 3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
Fraps (remove only)
G19_BF3 v0.2.5 by Timisoft
Golden Trails 2: The Lost Legacy Collector's Edition
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Update Helper
Guild Wars 2
HandBrake 0.9.6
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hoyle Card Games
HP Calendar
HP Clock
HP Customer Experience Enhancements
HP LinkUp
HP Magic Canvas
HP Magic Canvas Tutorials
HP Notes
HP Odometer
HP RSS
HP Setup
HP Support Information
HP TouchSmart Background - Beats
HP TouchSmart RecipeBox
HP Update
HP Weather
I Am Alive
Intel(R) Management Engine Components
Java 7 Update 17
Java Auto Updater
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
League of Legends
LibreOffice 3.5
LIMBO
Lone Survivor
LOST PLANET 2
Luxor HD
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Medal of Honor™ Warfighter
Metric Converter
Metro 2033
Metro 2033 Update 2
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mortimer Beckett and the Crimson Thief Premium Edition
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
My Farm Life 2
MyFreeCodec
Netflix in Windows Media Center
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oblivion
opensource
Origin
Path of Exile
PDF Complete Corporate Edition
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
Psychonauts
PunkBuster Services
Ravaged
Recovery Manager
Remote Graphics Receiver
Remote PC Server
Roads of Rome 3
Rockstar Games Social Club
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype Click to Call
Skype™ 5.10
SmartSound Quicktracks 5
SpaceChem
Splashtop Software Updater
Splashtop Streamer
Star Wars: The Old Republic
Star Wars®: Knights of the Old Republic (TM)
StarCraft II
Steam
Stronghold 3 Gold
Superbrothers: Sword & Sworcery EP
Tales of Lagoona
TEdit 3
TERA
Terrafirma
The Darkness II
The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1
The Elder Scrolls V: Skyrim
The War Z version alpha
The Witcher 2 - Assassins of Kings Enhanced Edition
TI USB 3.0 Host Controller Driver
TI USB3 Host Driver
Toolbox
Torchlight
TSHostedAppLauncher
Ubisoft Game Launcher
Unified Remote
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VLC media player 2.0.5
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Warcraft
Youda Fisherman
Zuma's Revenge

Note: After ComboFix restarts my computer, once it is finished I try to open any program and it comes up with an error saying something like "This program is marked for deletion" and I can't open any program without restarting again. Is this normal?
 
Just reboot the pc and it will go away and you'll be fine.

As far as those programs I was telling you about, there are these but I don't see them listed in your add/remove programs list.

Windows advanced system optimizer
ARO 2012
WinZip Registry Optimizer

Did you uninstall them already?

Please rerun hijackthis again and place checks next to these entries.

O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com

Then click on fix checked at the bottom.

Also I noticed I missed an entry in your combofix log. Please navigate to this file and delete it if it will let you.

c:\windows\system32\drivers\34209965.sys
 
Ok I fixed those in the list, I have also removed WinASO and Winzip Registry Optimizer. Should I remove ARO 2012 also? I also deleted that other file in the system32 folder
 
Yes uninstall aro 2012. You take a huge risk when using these types of programs to clean up your registry. They can cause more harm then good.
 
You must log in or register to reply here.
Back
Top