Deleting Application Updater

Apostle · May 18, 2014

Hi. On my computer recently I was using msconfig to check my startup services. After finding out that Application Updater was adware, I browsed to where it was in Program Files (x86), and I deleted the folder.

To ensure it's delete, I then went into the registry editor and I went to: HKEY_LOCAL_MACHINE > SYSTEM > ControlSet001 > services, and I deleted Application Updater. I then restarted my computer and for some reason on startup a cmd box flashes on the screen for less than a second. It does this everytime I boot the computer.

Now deleting Application updater has had no negative impact on my computer whatsoever so far, however the cmd window opening on startup is definitely not normal for my computer. So pretty much my question is: should I take action, or leave it as it is? Thanks for any input.

johnb35 · May 18, 2014

Please run the following programs and post the logs.

1.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

Apostle · May 18, 2014

So basically what I'm asking is why a cmd box flashes open on startup ever since I deleted Application Updater from the registry and I'm wondering if I shouldn't have deleted it manually. Below are the logs from the software:

AdwCleaner log:
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : vToolbarUpdater18.0.5

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\YTD Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Users\Sean\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Sean\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Sean\AppData\Roaming\Slick Savings
Folder Deleted : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Slick Savings]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\MediaPlayerV1
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0 (en-US)

[ File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\prefs.js ]

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={B3B86C68-605B-11E2-B602-F559EEAEAC6B}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN19415268042932328&ctid=CT3279141
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=33E78C6F-9581-43AD-A91C-8B2B6C6D48C0&apn_ptnrs=U3&apn_sauid=2BBE005E-5F1A-4BE3-B6BF-0475E9BA4E8D&apn_dtid=OSJ000YYAU&q={searchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EB3Q%5EYYYYYY%5EYY%5EAU&gct=&o=APN11004&tpid=SGT-V7&itbv=12.1.0.342&doi=2013-07-10&apn_uid=B2DC676C-BD9B-4407-871E-C6F3591A4664&apn_ptnrs=%5EB3Q&apn_dtid=%5EYYYYYY%5EYY%5EAU&apn_dbr=ff_22.0&psv=&trgb=FF&q={searchTerms}
Deleted [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23

*************************

AdwCleaner[R0].txt - [16775 octets] - [25/03/2014 19:54:31]
AdwCleaner[R1].txt - [5038 octets] - [18/05/2014 12:21:08]
AdwCleaner[S0].txt - [16200 octets] - [25/03/2014 19:58:29]
AdwCleaner[S1].txt - [4976 octets] - [18/05/2014 12:21:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5036 octets] ##########

JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Sean on Sun 18/05/2014 at 12:27:51.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Sean\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"

~~~ FireFox

Failed to delete: [Folder] C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\q777qjr4.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\q777qjr4.default\prefs.js

user_pref("[email protected]", "{\"type\":\"page\",\"value\":100000}");
Emptied folder: C:\Users\Sean\AppData\Roaming\mozilla\firefox\profiles\q777qjr4.default\minidumps [10 files]

~~~ Event Viewer Logs were cleared

mbam log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Sean :: SEAN-PC [administrator]

18/05/2014 12:37:34 PM
mbam-log-2014-05-18 (12-37-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245627
Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0 (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.

Files Detected: 4
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\background.html (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\manifest.json (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\y2_48.png (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\yl.js (PUP.Optional.Yontoo.A) -> Quarantined and deleted successfully.

(end)

OTL log:
OTL logfile created on: 18/05/2014 12:46:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sean\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.96 Gb Total Physical Memory | 6.24 Gb Available Physical Memory | 78.38% Memory free
7.96 Gb Paging File | 6.17 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 476.10 Gb Free Space | 51.11% Space Free | Partition Type: NTFS

Computer Name: SEAN-PC | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NETGEAR\A6200\A6200.exe (NETGEAR,Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\NETGEAR\A6200\GWLanController.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\NETGEAR\A6200\GWPSController.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (WNDA6200) -- C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BEService) -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (A6200) -- C:\Windows\SysNative\drivers\BCMWLHIGH664.SYS (Broadcom Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SliceDisk5) -- C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys (Atola)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/?gfe_rd=cr&ei=L6FsU_70HMyN8Qep_ICoDg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 C6 80 75 3D A5 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{B1D82232-EDD9-4CDD-8B1B-C8DECDD45979}: "URL" = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2018.95
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/12 19:16:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/05/04 18:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.5.0\extensions\\Components: C:\Program Files (x86)\Pale Moon\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d4d50e9a-07be-4869-851d-0758ebce8cf2}: C:\Program Files (x86)\Video-Saver\150.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/05/04 18:23:31 | 000,000,000 | ---D | M]

[2013/04/30 17:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Extensions
[2014/05/18 12:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\extensions
[2014/05/04 08:23:37 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/13 19:09:29 | 000,000,798 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\searchplugins\yahoo_ff.xml
[2014/05/01 17:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/01 17:27:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/12 19:16:02 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\SEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q777QJR4.DEFAULT\EXTENSIONS\{58D2A791-6199-482F-A9AA-9B725EC61362}

========== Chrome ==========

CHR - homepage: http://au.search.yahoo.com/?type=407453&fr=spigot-yhp-ch
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: First user = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: First user = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Skype Click to Call = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: First user = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: First user = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [GENIE] C:\Program Files (x86)\NETGEAR\A6200\A6200.exe (NETGEAR,Inc.)
O4:64bit: - HKLM..\Run: [LanuchApp] C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - Startup: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{674D3631-46D3-4143-BA52-3971E1AE9A5E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FB36294-AE7D-4232-8F73-1F4D94222FAA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1922099-95F0-4444-BC66-8795069BF815}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8f41d8f6-f3ef-11e1-8401-b1ffd0364140}\Shell - "" = AutoRun
O33 - MountPoints2\{8f41d8f6-f3ef-11e1-8401-b1ffd0364140}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/18 12:21:24 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/18 12:18:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/05/18 12:17:31 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/05/17 22:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Auslogics
[2014/05/17 22:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/05/17 22:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/05/17 22:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/05/17 22:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/16 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Moonchild Productions
[2014/05/16 08:06:02 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Local\Moonchild Productions
[2014/05/16 08:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pale Moon
[2014/05/14 21:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/05/14 21:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/05/14 08:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/10 12:30:44 | 000,000,000 | ---D | C] -- C:\Desktop backup
[2014/05/08 22:16:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\AppData\Local\EmieUserList
[2014/05/08 22:16:24 | 000,000,000 | -HSD | C] -- C:\Users\Sean\AppData\Local\EmieSiteList
[2014/05/06 22:35:02 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/04 18:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2014/05/04 18:22:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2014/05/04 18:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2014/05/01 17:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/04/26 23:29:59 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\TestFolder
[2014/04/26 22:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/04/26 22:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/04/26 22:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/04/26 22:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/04/26 22:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/04/22 19:10:35 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/22 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Sean\Documents\OpenPage
[2014/04/22 19:02:55 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\com.imfinity.AppMain
[2014/04/22 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NelsonNetBook
[2014/04/22 19:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/04/20 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\Sean\.idlerc
[2014/04/20 18:21:35 | 000,000,000 | ---D | C] -- C:\Users\Sean\Desktop\picture
[2 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/18 12:31:46 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/18 12:31:46 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/18 12:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/18 12:23:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/18 12:23:12 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job
[2014/05/18 12:22:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/18 12:22:55 | 2114,719,743 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/18 12:18:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2014/05/18 12:17:22 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Sean\Desktop\JRT.exe
[2014/05/18 12:17:03 | 001,325,827 | ---- | M] () -- C:\Users\Sean\Desktop\AdwCleaner.exe
[2014/05/18 09:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/17 22:28:28 | 000,001,173 | ---- | M] () -- C:\Users\Sean\Desktop\Auslogics DiskDefrag.lnk
[2014/05/17 22:27:21 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/17 18:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/05/16 08:03:44 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Pale Moon.lnk
[2014/05/15 19:16:19 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/15 19:16:19 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/15 19:16:19 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/12 19:16:57 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/06 16:28:14 | 000,786,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/06 16:28:14 | 000,669,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/06 16:28:14 | 000,127,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/06 16:18:48 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR A6200 Genie.lnk
[2014/05/04 21:33:17 | 000,423,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/04 18:28:17 | 000,212,788 | ---- | M] () -- C:\Windows\hpoins52.dat
[2014/05/04 18:23:24 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2014/05/04 18:22:48 | 000,001,315 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2014/05/04 18:22:36 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/05/04 18:21:44 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2014/04/27 07:44:04 | 000,675,988 | ---- | M] () -- C:\Users\Sean\Desktop\Minecraft.exe
[2014/04/27 00:17:23 | 000,001,500 | ---- | M] () -- C:\Users\Sean\Desktop\Skype.exe.lnk
[2014/04/27 00:15:13 | 000,001,551 | ---- | M] () -- C:\Users\Sean\Desktop\hamachi-2-ui.exe.lnk
[2014/04/27 00:14:41 | 000,001,403 | ---- | M] () -- C:\Users\Sean\Desktop\bdcam.exe.lnk
[2014/04/27 00:11:07 | 000,001,149 | ---- | M] () -- C:\Users\Sean\Desktop\RegDefrag.exe.lnk
[2014/04/27 00:10:54 | 000,001,161 | ---- | M] () -- C:\Users\Sean\Desktop\Regcleaner.exe.lnk
[2014/04/27 00:08:58 | 000,001,596 | ---- | M] () -- C:\Users\Sean\Desktop\mbam.exe.lnk
[2014/04/27 00:08:17 | 000,001,370 | ---- | M] () -- C:\Users\Sean\Desktop\Steam.exe.lnk
[2014/04/27 00:02:25 | 000,007,601 | ---- | M] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
[2014/04/26 22:20:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/22 19:10:36 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400152579614
[2014/04/22 19:10:36 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400152579614
[2014/04/22 19:10:36 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/22 19:10:36 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/22 19:10:36 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/22 19:10:36 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/22 19:10:36 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/22 19:10:36 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/04/22 19:10:35 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/22 19:02:50 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\NelsonNetBook.lnk
[2014/04/20 17:38:12 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/04/20 17:38:12 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2 C:\Users\Sean\Desktop\*.tmp files -> C:\Users\Sean\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/18 12:17:04 | 001,325,827 | ---- | C] () -- C:\Users\Sean\Desktop\AdwCleaner.exe
[2014/05/17 22:28:28 | 000,001,173 | ---- | C] () -- C:\Users\Sean\Desktop\Auslogics DiskDefrag.lnk
[2014/05/17 22:27:21 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/16 08:03:44 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
[2014/05/16 08:03:44 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Pale Moon.lnk
[2014/05/12 19:16:57 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 18:23:39 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2014/05/04 18:23:24 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
[2014/05/04 18:22:48 | 000,001,315 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2014/05/04 18:22:36 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014/05/04 18:21:44 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2014/05/04 18:14:09 | 000,212,788 | ---- | C] () -- C:\Windows\hpoins52.dat
[2014/04/27 07:41:57 | 000,675,988 | ---- | C] () -- C:\Users\Sean\Desktop\Minecraft.exe
[2014/04/27 00:17:23 | 000,001,500 | ---- | C] () -- C:\Users\Sean\Desktop\Skype.exe.lnk
[2014/04/27 00:15:13 | 000,001,551 | ---- | C] () -- C:\Users\Sean\Desktop\hamachi-2-ui.exe.lnk
[2014/04/27 00:14:41 | 000,001,403 | ---- | C] () -- C:\Users\Sean\Desktop\bdcam.exe.lnk
[2014/04/27 00:11:07 | 000,001,149 | ---- | C] () -- C:\Users\Sean\Desktop\RegDefrag.exe.lnk
[2014/04/27 00:10:54 | 000,001,161 | ---- | C] () -- C:\Users\Sean\Desktop\Regcleaner.exe.lnk
[2014/04/27 00:08:58 | 000,001,596 | ---- | C] () -- C:\Users\Sean\Desktop\mbam.exe.lnk
[2014/04/27 00:08:17 | 000,001,370 | ---- | C] () -- C:\Users\Sean\Desktop\Steam.exe.lnk
[2014/04/26 22:20:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/04/22 19:23:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/22 19:10:39 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/04/22 19:02:50 | 000,000,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NelsonNetBook.lnk
[2014/04/22 19:02:50 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\NelsonNetBook.lnk
[2014/04/06 13:33:11 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/03/21 19:40:07 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2014/03/15 13:04:20 | 000,007,601 | ---- | C] () -- C:\Users\Sean\AppData\Local\Resmon.ResmonCfg
[2013/04/30 15:54:02 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2013/04/30 15:54:02 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2013/03/19 21:38:52 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2013/03/19 21:37:13 | 000,008,704 | ---- | C] () -- C:\Users\Sean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/27 21:49:12 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2012/12/05 17:35:03 | 000,190,684 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/22 09:42:18 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/08/26 17:12:07 | 000,770,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/09 15:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2012/08/09 15:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2012/05/21 12:09:36 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/05/21 12:09:36 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/05/21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/21 10:49:40 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 10:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 10:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/09 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\.minecraft
[2013/01/12 17:03:02 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\.visualvm
[2013/09/09 18:39:56 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\AnvSoft
[2014/04/12 14:26:45 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Audacity
[2014/03/28 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\AVAST Software
[2014/01/11 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\AVG2013
[2012/08/29 07:27:56 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\BANDISOFT
[2014/03/19 21:13:22 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Battle.net
[2014/04/22 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\com.imfinity.AppMain
[2013/11/23 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Construct2
[2014/04/17 09:35:28 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DiskDefrag
[2014/03/28 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Dropbox
[2014/03/28 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DropboxMaster
[2013/09/10 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\DVDVideoSoft
[2014/04/15 13:40:48 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\EAC
[2014/03/19 20:16:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Eusing
[2013/09/17 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Free MP3 WMA OGG Converter
[2014/03/30 13:15:14 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\FreeStone Group
[2014/04/23 14:09:11 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\GlarySoft
[2014/05/16 08:06:02 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Moonchild Productions
[2014/01/06 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Notepad++
[2013/12/13 16:18:13 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\openvr
[2013/09/09 18:16:54 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Paltalk
[2013/09/10 15:27:19 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Sony
[2014/05/18 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\StarTrekPC
[2014/02/19 22:36:26 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\steamvr
[2014/03/22 19:40:17 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\T55
[2014/04/27 00:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TS3Client
[2014/01/11 13:45:29 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\TuneUp Software
[2013/10/19 21:45:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Unity
[2013/10/14 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\VBA-M
[2013/10/07 14:04:12 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\WorldPainter

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/06/08 18:48:29 | 037,695,233 | ---- | M] ()(C:\Users\Sean\Documents\Wax ?? - ???? ??? Tears Are Falling (???? I Miss You OST) [Klafmann].wmv) -- C:\Users\Sean\Documents\Wax 왁스 - 떨어진다 눈물이 Tears Are Falling (보고싶다 I Miss You OST) [Klafmann].wmv
[2013/06/08 18:47:41 | 037,695,233 | ---- | C] ()(C:\Users\Sean\Documents\Wax ?? - ???? ??? Tears Are Falling (???? I Miss You OST) [Klafmann].wmv) -- C:\Users\Sean\Documents\Wax 왁스 - 떨어진다 눈물이 Tears Are Falling (보고싶다 I Miss You OST) [Klafmann].wmv
[2013/06/08 18:39:43 | 093,371,119 | ---- | M] ()(C:\Users\Sean\Documents\Really (??) - Song Joong Ki (Innocent Man A.K.A Nice Guy OST) - Piano_ Instrumental Version.mp4) -- C:\Users\Sean\Documents\Really (정말) - Song Joong Ki (Innocent Man A.K.A Nice Guy OST) - Piano_ Instrumental Version.mp4
[2013/06/08 18:34:20 | 093,371,119 | ---- | C] ()(C:\Users\Sean\Documents\Really (??) - Song Joong Ki (Innocent Man A.K.A Nice Guy OST) - Piano_ Instrumental Version.mp4) -- C:\Users\Sean\Documents\Really (정말) - Song Joong Ki (Innocent Man A.K.A Nice Guy OST) - Piano_ Instrumental Version.mp4

< End of report >

johnb35 · May 18, 2014

If its still doing it after running these scans then I believe I know why. I would like to see the log from one more program. Or if possible can you post a screenshot of whats inside this folder.

C:\windows\tasks

If not sure how to post a screenshot then run the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

In your next reply please post:

The ComboFix log
An update on how your computer is running

Apostle · May 19, 2014

Whenever I try and download ComboFix from the website it says:
C:\Users\Sean\Downloads\ComboFix.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

johnb35 · May 19, 2014

Try saving the file to a different location on your computer, also try renaming combofix to kittyfix before the file actually downloads.

Apostle · May 19, 2014

The ComboFix log is as follows:

ComboFix 14-05-19.01 - Sean 19/05/2014 22:19:34.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8150.6212 [GMT 8:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sean\AppData\Local\assembly\tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-04-19 to 2014-05-19 )))))))))))))))))))))))))))))))
.
.
2014-05-19 14:27 . 2014-05-19 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-19 11:09 . 2014-05-19 13:34 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 11:09 . 2014-05-19 11:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 11:09 . 2014-04-03 01:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-19 11:09 . 2014-04-03 01:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 04:21 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-17 14:28 . 2014-05-17 14:28 -------- d-----w- c:\programdata\Auslogics
2014-05-17 14:28 . 2014-05-17 14:28 -------- d-----w- c:\program files (x86)\Auslogics
2014-05-17 14:27 . 2014-05-17 14:27 -------- d-----w- c:\program files\CCleaner
2014-05-16 07:32 . 2014-04-16 21:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5939931E-EC12-428F-9EC2-A56569DFD971}\mpengine.dll
2014-05-16 00:06 . 2014-05-16 00:06 -------- d-----w- c:\users\Sean\AppData\Roaming\Moonchild Productions
2014-05-16 00:06 . 2014-05-16 00:06 -------- d-----w- c:\users\Sean\AppData\Local\Moonchild Productions
2014-05-16 00:03 . 2014-05-16 00:03 -------- d-----w- c:\program files (x86)\Pale Moon
2014-05-14 13:24 . 2014-05-14 13:24 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-14 00:42 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 00:42 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 00:42 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 00:42 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 00:42 . 2014-05-14 00:42 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-14 00:13 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 00:13 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 00:13 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 04:30 . 2014-05-10 04:31 -------- d-----w- C:\Desktop backup
2014-05-08 14:16 . 2014-05-08 14:16 -------- d-sh--w- c:\users\Sean\AppData\Local\EmieUserList
2014-05-08 14:16 . 2014-05-08 14:16 -------- d-sh--w- c:\users\Sean\AppData\Local\EmieSiteList
2014-05-06 14:35 . 2014-05-14 08:19 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 08:16 . 2013-02-28 09:54 2567984 ----a-w- c:\windows\system32\drivers\BCMWLHIGH664.SYS
2014-05-06 08:16 . 2013-02-28 09:53 96560 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-05-06 08:16 . 2013-02-28 08:56 3659264 ----a-w- c:\windows\system32\bcmihvui64.dll
2014-05-06 08:16 . 2013-02-28 08:55 4395008 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2014-05-04 10:22 . 2014-05-04 10:22 -------- d-----w- c:\programdata\HP Product Assistant
2014-05-04 10:22 . 2014-05-04 10:22 -------- d-----w- c:\windows\SysWow64\spool
2014-05-04 10:21 . 2014-05-04 10:21 -------- d-----w- c:\program files (x86)\Common Files\HP
2014-04-26 14:20 . 2012-08-21 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\program files (x86)\iTunes
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\program files\iTunes
2014-04-26 14:19 . 2014-04-26 14:19 -------- d-----w- c:\program files\iPod
2014-04-22 11:10 . 2014-04-22 11:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-22 11:10 . 2014-04-22 11:10 43152 ----a-w- c:\windows\avastSS.scr
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\users\Sean\AppData\Roaming\com.imfinity.AppMain
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\program files (x86)\NelsonNetBook
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-04-20 11:52 . 2014-04-20 15:34 -------- d-----w- c:\users\Sean\.idlerc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 11:16 . 2014-03-28 10:19 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 11:16 . 2014-03-28 10:19 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 11:16 . 2014-03-28 10:19 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-14 10:23 . 2012-08-26 14:08 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 10:23 . 2012-08-26 14:08 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 00:41 . 2012-08-26 09:50 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-22 11:10 . 2014-03-28 10:19 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-22 11:10 . 2014-03-28 10:19 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-22 11:10 . 2014-03-28 10:19 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-22 11:10 . 2014-03-28 10:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-22 11:10 . 2014-03-28 10:19 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-03 01:50 . 2014-02-01 05:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 01:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-30 05:03 . 2014-03-30 05:03 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-03-21 11:39 . 2014-01-11 05:40 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-19 13:56 . 2014-03-19 13:56 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-19 13:56 . 2014-03-19 13:56 312744 ----a-w- c:\windows\system32\javaws.exe
2014-03-19 13:56 . 2014-03-19 13:56 189352 ----a-w- c:\windows\system32\javaw.exe
2014-03-19 13:56 . 2014-03-19 13:56 189352 ----a-w- c:\windows\system32\java.exe
2014-03-15 05:25 . 2014-03-15 05:25 98304 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{D5A55E9F-237F-302F-A8E9-D01EB292A741}\python_icon.exe
2014-03-15 05:15 . 2014-03-15 05:15 98304 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{789C9644-9F82-44D3-B4CA-AC31F46F5882}\python_icon.exe
2014-03-04 14:35 . 2014-03-25 13:26 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-25 13:26 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-25 13:26 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-03-25 13:26 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-25 13:26 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-25 13:26 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-25 13:26 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-25 13:26 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-25 13:26 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-25 13:26 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-25 13:26 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-25 13:26 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-25 13:26 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-25 13:26 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-25 13:26 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-25 13:26 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-03-25 13:26 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-25 13:26 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-25 13:26 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-25 13:26 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-03-25 13:26 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-25 13:26 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-25 13:26 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-25 13:26 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-25 13:26 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-03-25 13:26 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-25 13:26 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-25 13:26 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-25 13:26 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-25 13:26 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-25 13:26 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-25 13:26 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-03-25 13:26 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-25 13:26 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-25 13:26 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 13:06 . 2014-03-25 13:27 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-03-25 13:27 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-03-25 13:27 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-03-25 13:27 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-03-25 13:27 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2014-03-25 13:27 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-26 13:57 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-25 13:28 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-08 23:27 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 23:27 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 23:27 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 23:27 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 23:27 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 23:27 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 23:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 23:27 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 23:27 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 23:27 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 23:27 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-08-26 291648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-22 3873704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-20 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [x]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 07:29 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 10:23]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 14:08]
.
2014-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 14:08]
.
2014-05-19 c:\windows\Tasks\SparkTrust Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-05-19 c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23 21:18]
.
2014-04-16 c:\windows\Tasks\SparkTrust Update Version3.job
- c:\program files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23 21:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-22 11:10 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2013-12-17 348888]
"LanuchApp"="c:\program files (x86)\NETGEAR\A6200\LanuchApp.exe" [2013-08-09 15576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com.au/?gfe_rd=cr&ei=L6FsU_70HMyN8Qep_ICoDg
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
FF - ExtSQL: !HIDDEN! 2013-03-14 18:39; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Eusing Free Registry Cleaner - c:\progra~2\EUSING~1\UNWISE.EXE
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
.
**************************************************************************
.
Completion time: 2014-05-19 22:34:07 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-19 14:34
.
Pre-Run: 521,045,295,104 bytes free
Post-Run: 520,523,227,136 bytes free
.
- - End Of File - - 8ED3FF0F2AEBE445DD0DDE42527A2573
A36C5E4F47E84449FF07ED3517B43A31

johnb35 · May 19, 2014

Please rerun combofix but this time use a special script.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:

File::

c:\windows\Tasks\SparkTrust Registration3.job
c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
c:\windows\Tasks\SparkTrust Update Version3.job

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

------------------------------

I also need you to post a log that combofix creates but doesn't show you. Please navigate to C:\Qoobox and in that folder will be a file named add-remvoe programs.txt Open that file and copy and paste the contents back here.

Apostle · May 20, 2014

The ComboFix log when used the script is as follows:

ComboFix 14-05-19.01 - Sean 20/05/2014 16:39:29.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.8150.6121 [GMT 8:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\SparkTrust Registration3.job"
"c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job"
"c:\windows\Tasks\SparkTrust Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\SparkTrust Registration3.job
c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job
c:\windows\Tasks\SparkTrust Update Version3.job
.
.
((((((((((((((((((((((((( Files Created from 2014-04-20 to 2014-05-20 )))))))))))))))))))))))))))))))
.
.
2014-05-20 08:47 . 2014-05-20 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-19 11:09 . 2014-05-20 08:31 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 11:09 . 2014-05-19 11:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 11:09 . 2014-04-03 01:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-19 11:09 . 2014-04-03 01:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-18 04:21 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-17 14:28 . 2014-05-17 14:28 -------- d-----w- c:\programdata\Auslogics
2014-05-17 14:28 . 2014-05-17 14:28 -------- d-----w- c:\program files (x86)\Auslogics
2014-05-17 14:27 . 2014-05-17 14:27 -------- d-----w- c:\program files\CCleaner
2014-05-16 07:32 . 2014-04-16 21:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5939931E-EC12-428F-9EC2-A56569DFD971}\mpengine.dll
2014-05-16 00:06 . 2014-05-16 00:06 -------- d-----w- c:\users\Sean\AppData\Roaming\Moonchild Productions
2014-05-16 00:06 . 2014-05-16 00:06 -------- d-----w- c:\users\Sean\AppData\Local\Moonchild Productions
2014-05-16 00:03 . 2014-05-16 00:03 -------- d-----w- c:\program files (x86)\Pale Moon
2014-05-14 13:24 . 2014-05-14 13:24 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-14 00:42 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 00:42 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 00:42 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 00:42 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 00:42 . 2014-05-14 00:42 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-14 00:13 . 2014-03-25 02:43 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-05-14 00:13 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-14 00:13 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-10 04:30 . 2014-05-10 04:31 -------- d-----w- C:\Desktop backup
2014-05-08 14:16 . 2014-05-08 14:16 -------- d-sh--w- c:\users\Sean\AppData\Local\EmieUserList
2014-05-08 14:16 . 2014-05-08 14:16 -------- d-sh--w- c:\users\Sean\AppData\Local\EmieSiteList
2014-05-06 14:35 . 2014-05-14 08:19 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-06 08:16 . 2013-02-28 09:54 2567984 ----a-w- c:\windows\system32\drivers\BCMWLHIGH664.SYS
2014-05-06 08:16 . 2013-02-28 09:53 96560 ----a-w- c:\windows\system32\bcmwlcoi.dll
2014-05-06 08:16 . 2013-02-28 08:56 3659264 ----a-w- c:\windows\system32\bcmihvui64.dll
2014-05-06 08:16 . 2013-02-28 08:55 4395008 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2014-05-04 10:22 . 2014-05-04 10:22 -------- d-----w- c:\programdata\HP Product Assistant
2014-05-04 10:22 . 2014-05-04 10:22 -------- d-----w- c:\windows\SysWow64\spool
2014-05-04 10:21 . 2014-05-04 10:21 -------- d-----w- c:\program files (x86)\Common Files\HP
2014-04-26 14:20 . 2012-08-21 05:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\program files (x86)\iTunes
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-26 14:19 . 2014-04-26 15:40 -------- d-----w- c:\program files\iTunes
2014-04-26 14:19 . 2014-04-26 14:19 -------- d-----w- c:\program files\iPod
2014-04-22 11:10 . 2014-04-22 11:10 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-22 11:10 . 2014-04-22 11:10 43152 ----a-w- c:\windows\avastSS.scr
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\users\Sean\AppData\Roaming\com.imfinity.AppMain
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\program files (x86)\NelsonNetBook
2014-04-22 11:02 . 2014-04-22 11:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2014-04-20 11:52 . 2014-04-20 15:34 -------- d-----w- c:\users\Sean\.idlerc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 11:16 . 2014-03-28 10:19 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 11:16 . 2014-03-28 10:19 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-15 11:16 . 2014-03-28 10:19 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-14 10:23 . 2012-08-26 14:08 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 10:23 . 2012-08-26 14:08 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 00:41 . 2012-08-26 09:50 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-22 11:10 . 2014-03-28 10:19 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-22 11:10 . 2014-03-28 10:19 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-22 11:10 . 2014-03-28 10:19 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-22 11:10 . 2014-03-28 10:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-22 11:10 . 2014-03-28 10:19 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-03 01:50 . 2014-02-01 05:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-31 01:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-30 05:03 . 2014-03-30 05:03 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-03-21 11:39 . 2014-01-11 05:40 49952 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-03-19 13:56 . 2014-03-19 13:56 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-19 13:56 . 2014-03-19 13:56 312744 ----a-w- c:\windows\system32\javaws.exe
2014-03-19 13:56 . 2014-03-19 13:56 189352 ----a-w- c:\windows\system32\javaw.exe
2014-03-19 13:56 . 2014-03-19 13:56 189352 ----a-w- c:\windows\system32\java.exe
2014-03-15 05:25 . 2014-03-15 05:25 98304 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{D5A55E9F-237F-302F-A8E9-D01EB292A741}\python_icon.exe
2014-03-15 05:15 . 2014-03-15 05:15 98304 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{789C9644-9F82-44D3-B4CA-AC31F46F5882}\python_icon.exe
2014-03-04 14:35 . 2014-03-25 13:26 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-25 13:26 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-25 13:26 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2014-03-25 13:26 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-25 13:26 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-25 13:26 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-25 13:26 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-25 13:26 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-25 13:26 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-25 13:26 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-25 13:26 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-25 13:26 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-25 13:26 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-25 13:26 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-25 13:26 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-25 13:26 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2014-03-25 13:26 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-25 13:26 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-25 13:26 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-25 13:26 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-03-25 13:26 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-25 13:26 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-25 13:26 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-25 13:26 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-25 13:26 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2014-03-25 13:26 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-25 13:26 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-25 13:26 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-25 13:26 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-25 13:26 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-25 13:26 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-25 13:26 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-03-25 13:26 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-25 13:26 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-25 13:26 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 13:06 . 2014-03-25 13:27 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2014-03-25 13:27 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2014-03-25 13:27 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2014-03-25 13:27 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2014-03-25 13:27 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2014-03-25 13:27 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2014-01-26 13:57 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-25 13:28 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:44 . 2014-04-08 23:27 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 23:27 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 23:27 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 23:27 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 23:27 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 23:27 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 23:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 23:27 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 23:27 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 23:27 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 23:27 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-26 23:36 220632 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-08-26 291648]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-22 3873704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-20 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WNDA6200;NETGEAR A6200 Service;c:\program files (x86)\NETGEAR\A6200\WifiService.exe;c:\program files (x86)\NETGEAR\A6200\WifiService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 A6200;NETGEAR A6200 WiFi Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-15 07:29 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 10:23]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 14:08]
.
2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 14:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-26 23:36 244696 ----a-w- c:\users\Sean\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-22 11:10 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Sean\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"GENIE"="c:\program files (x86)\NETGEAR\A6200\A6200.exe" [2013-12-17 348888]
"LanuchApp"="c:\program files (x86)\NETGEAR\A6200\LanuchApp.exe" [2013-08-09 15576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com.au/?gfe_rd=cr&ei=L6FsU_70HMyN8Qep_ICoDg
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\q777qjr4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=407453&p=
FF - ExtSQL: !HIDDEN! 2013-03-14 18:39; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Eusing Free Registry Cleaner - c:\progra~2\EUSING~1\UNWISE.EXE
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-20 16:49:29
ComboFix-quarantined-files.txt 2014-05-20 08:49
ComboFix2.txt 2014-05-19 14:34
.
Pre-Run: 520,557,125,632 bytes free
Post-Run: 520,490,237,952 bytes free
.
- - End Of File - - 5FC15AE2321E5E5A1E90E34D40D8A17F
A36C5E4F47E84449FF07ED3517B43A31

Apostle · May 22, 2014

Sorry for the delay, I forgot to do the next step. Here's the log from Add-Remove Programs:

@BIOS
Ace of Spades
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
Age of Empires II: HD Edition
Age of Empires® III: Complete Collection
America's Army 3
Apple Application Support
Apple Software Update
Arma 2
Arma 2: British Armed Forces
Arma 2: Operation Arrowhead
Arma 2: Private Military Company
Arma 3 Beta
Audacity 2.0.2
Auslogics DiskDefrag
avast! Free Antivirus
Bandicam
Bandisoft MPEG-1 Decoder
Battle.net
Bing Bar
BufferChm
C410
Call of Duty
Call of Duty 2
Call of Duty 4: Modern Warfare
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Ghosts
Call of Duty: Ghosts - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Duty: United Offensive
CodeStuff Starter
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Counter-Strike: Source
D3DX10
Destinations
DeviceDiscovery
DocProc
Dota 2
Dropbox
Etron USB3.0 Host Controller
Eusing Free Registry Cleaner
Eusing Free Registry Defrag
Fax
Garry's Mod
GeoGebra 4.2
Go! Go! Nippon! ~My First Trip to Japan~
Google Chrome
Google Update Helper
GPBaseService2
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life: Source
Hearthstone
HP Photo Creations
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) USB 3.0 eXtensible Host Controller Driver
LogMeIn Hamachi
Mabinogi
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 4.0
Miro Video Converter
Movie Maker
Mozilla Firefox 29.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NelsonNetBook
NEStalgia
NETGEAR A6200 Genie
Neverwinter
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Pale Moon 24.5.0 (x86 en-US)
PC Wizard 2013.2.12
PFPortChecker 1.0.39
Photo Common
Photo Gallery
Portal
Portal 2
PS_AIO_07_C410_SW_Min
Python 3.2.3
Python 3.3.5
QuickTime 7
QuickTransfer
RaiderZ
Rayman Legends
RPG Maker VX Ace
Sanctum 2
Scan
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SEGA Genesis & Mega Drive Classics
Sid Meier's Civilization V
Skype Click to Call
SmartWebPrinting
Soldier Front 2
SolutionCenter
Sonic & All-Stars Racing Transformed
Sonic Adventure DX
Sonic Adventure™ 2
Sonic and SEGA All Stars Racing
Sonic CD
Sonic Generations
SONIC THE HEDGEHOG 4 Episode I
SONIC THE HEDGEHOG 4 Episode II
Source Filmmaker
Source SDK Base 2013 Multiplayer
Star Trek
Status
Steam
Synergy
Tactical Intervention
Team Fortress 2
TeamSpeak 3 Client
Techne
TechPowerUp GPU-Z
Terraria
The Elder Scrolls IV: Oblivion
The Elder Scrolls V: Skyrim
Tom Clancy's Splinter Cell
Tom Clancy's Splinter Cell Conviction
Tom Clancy's Splinter Cell: Conviction
Tom Clancy's Splinter Cell® Blacklist™
Toolbox
TrayApp
Uplay
Video Card Stability Test
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
YTD Toolbar v9.2
YTD Video Downloader 4.7.4

johnb35 · May 22, 2014

Do you still have the cmd box coming up at bootup? If so, I see that you have nvidia software installed. The latest drivers from them include software that will have the cmd box appear at start up. I actually came across this a couple weeks ago. Once I disabled that specific program it quit. Basically there is nothing wrong but if it bothers you that bad you can disable it. Use the msconfig utility to disable the specific nvidia program from starting.

In the search box type this without the quotes "msconfig" and hit enter. When the system configuration box appears click on the startup tab and look for the nvidia software, should be 2 items. One is driver related and the other is the one you need to uncheck. I don't have the system here anymore so I can't tell you what specific entry to look for. You can post the specific entries and I can tell you which one it is.

Apostle · May 22, 2014

I restarted just then and no cmd window came up. Regardless of if it would continue to come up, I won't mind as I now know it's no problem. Thank you for your help, johnb35.

johnb35 · May 22, 2014

If no more boxes come up then I'm sure it was that sparktrust software task that I stopped.

Deleting Application Updater

Apostle

Member

johnb35

Administrator

Apostle

Member

johnb35

Administrator

Apostle

Member

johnb35

Administrator

Apostle

Member

johnb35

Administrator

Apostle

Member

Apostle

Member

johnb35

Administrator

Apostle

Member

johnb35

Administrator