Comeback

A couple months ago I began to notice this PC was nearly out of harddrive space. I was down to 10gb. After some cleaning, I was getting some back, but noticed it was quickly going down. After that I did a disk clean, and ended up deleting restores, which gave me back nearly 200gb. Thinking it was over, I noticed I was still losing harddrive space. Typically around 1gb or so a day, but there were moments where I lost u to 6gb and up overnight. I believe I've turned off restore, so it shouldn't be that, though it might be Shadow Copy Services? I'm no longer sure what's going on and reading up on it, people are suspecting keyloggers, or possibly something much worse, so I came for help from you great people! NOTE: it still claims that utorrent is installed, even though I've had that removed at least two years ago. FRST.txt - Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Nightdrive (administrator) on TECHNOTRONIC on 03-02-2015 02:07:04 Running from C:\Users\Nightdrive\Desktop\mbam15 Loaded Profiles: Nightdrive (Available profiles: Nightdrive & Mcx1-TECHNOTRONIC) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Spotify Ltd) C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) C:\Users\Nightdrive\AppData\Roaming\Spotify\spotify.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-02] (Realtek Semiconductor) HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2345848 2009-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) HKLM-x32\...\Run: [AMD AVT] => c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-02-20] () HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\MCPClient-x32: C:\Program Files (x86)\Common Files\Stardock\MCPStub.dll (Stardock) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1942208 2015-01-09] (Valve Corporation) HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Run: [spotify Web Helper] => C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd) HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Run: [spotify] => C:\Users\Nightdrive\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-11] (Spotify Ltd) HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\MountPoints2: {e92908ea-2bd1-11df-83d8-806e6f6e6963} - D:\Setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () Startup: C:\Users\Nightdrive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Nightdrive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.) Startup: C:\Users\Nightdrive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) SSODL-x32: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~2\COMMON~1\Stardock\MCPCore.dll (Stardock) SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %SystemRoot%\system32\stobject.dll (Microsoft Corporation) SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 HKU\S-1-5-21-3148296312-807281291-2092357852-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3148296312-807281291-2092357852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3148296312-807281291-2092357852-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {9DEB9357-AC07-4964-8AF0-1B6121551A9C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {9DEB9357-AC07-4964-8AF0-1B6121551A9C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {5C95B16C-83E0-4C60-9ECA-6ECD55D26444} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3148296312-807281291-2092357852-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3148296312-807281291-2092357852-1001 -> {5C95B16C-83E0-4C60-9ECA-6ECD55D26444} URL = SearchScopes: HKU\S-1-5-21-3148296312-807281291-2092357852-1001 -> {9DEB9357-AC07-4964-8AF0-1B6121551A9C} URL = SearchScopes: HKU\S-1-5-21-3148296312-807281291-2092357852-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKU\S-1-5-21-3148296312-807281291-2092357852-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341 FF DefaultSearchEngine: Google FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/ FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @comrade.gamespy.com/comrade -> C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment) FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.116.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.96.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File FF Plugin-x32: @veetle.com/vbp;version=0.9.17 -> C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3148296312-807281291-2092357852-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nightdrive\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3148296312-807281291-2092357852-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF SearchPlugin: C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\searchplugins\google-avast.xml FF SearchPlugin: C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\searchplugins\imdb.xml FF SearchPlugin: C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\searchplugins\youtube-video-search.xml FF Extension: Cookies Manager+ - C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2015-01-12] FF Extension: ExHentai Easy 2 - C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2015-01-12] FF Extension: Adblock Plus - C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-03] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-06-11] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-18] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-18] (Avast Software) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-12-28] (EasyAntiCheat Ltd) S2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company) [File not signed] S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-06-30] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [470240 2010-01-07] (Microsoft Corporation) S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [X] S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-18] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-18] () S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-07-26] (Devguru Co., Ltd) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-03] (Malwarebytes Corporation) S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-18] (Avast Software) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 MFE_RR; \??\C:\Users\NIGHTD~1\AppData\Local\Temp\mfe_rr.sys [X] S3 X6va001; \??\C:\Users\NIGHTD~1\AppData\Local\Temp\001337F.tmp [X] S3 X6va005; \??\C:\Users\NIGHTD~1\AppData\Local\Temp\0055B5B.tmp [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 02:06 - 2015-02-03 02:07 - 00000000 ____D () C:\FRST 2015-02-03 02:04 - 2015-02-03 02:07 - 00000000 ____D () C:\Users\Nightdrive\Desktop\mbam15 2015-02-03 01:21 - 2015-02-03 01:22 - 00000310 _____ () C:\Users\Nightdrive\Downloads\RootkitRemover_20150203_012149.log 2015-02-03 01:20 - 2015-02-03 01:20 - 00000310 _____ () C:\Users\Nightdrive\Downloads\RootkitRemover_20150203_012005.log 2015-02-03 01:19 - 2015-02-03 01:19 - 00783120 _____ (McAfee, Inc.) C:\Users\Nightdrive\Downloads\rootkitremover.exe 2015-01-31 13:35 - 2015-01-31 13:35 - 00000218 _____ () C:\Users\Nightdrive\AppData\Local\recently-used.xbel 2015-01-28 18:35 - 2015-01-28 18:38 - 326645113 _____ () C:\Users\Nightdrive\Downloads\[HorribleSubs] Parasyte - the maxim - 16 [720p].mkv 2015-01-27 20:38 - 2015-01-27 20:38 - 90720226 _____ () C:\Users\Nightdrive\Downloads\2015-01-05b-win.zip 2015-01-26 10:44 - 2015-01-26 10:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-21 16:59 - 2015-01-21 17:05 - 326814061 _____ () C:\Users\Nightdrive\Downloads\[HorribleSubs] Parasyte - the maxim - 15 [720p].mkv 2015-01-21 16:59 - 2015-01-21 17:02 - 326917624 _____ () C:\Users\Nightdrive\Downloads\[HorribleSubs] Parasyte - the maxim - 14 [720p].mkv 2015-01-14 15:37 - 2015-01-14 15:37 - 00000197 _____ () C:\Windows\system32\2015-01-14-23-37-31.029-AvastVBoxSVC.exe-3352.log 2015-01-14 02:55 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 02:55 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 02:55 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 02:55 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 02:55 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 02:55 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 02:55 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 02:55 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 02:55 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 02:55 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 02:55 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 02:55 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 02:55 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-08 03:52 - 2015-01-17 20:45 - 00000000 ____D () C:\Users\Nightdrive\AppData\Local\Popcorn-Time 2015-01-08 03:52 - 2015-01-08 03:52 - 00002237 _____ () C:\Users\Nightdrive\Desktop\Popcorn Time.lnk 2015-01-08 03:52 - 2015-01-08 03:52 - 00000000 ____D () C:\Users\Nightdrive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2015-01-08 03:51 - 2015-01-17 20:43 - 00000000 ____D () C:\Users\Nightdrive\AppData\Local\Popcorn Time 2015-01-08 03:49 - 2015-01-08 03:49 - 23190512 _____ (Popcorn Official) C:\Users\Nightdrive\Downloads\Popcorn-Time-0.3.6-Setup.exe 2015-01-07 18:13 - 2015-01-07 18:17 - 326791591 _____ () C:\Users\Nightdrive\Downloads\[HorribleSubs] Parasyte - the maxim - 13 [720p].mkv 2015-01-07 14:41 - 2015-01-07 14:42 - 00000247 _____ () C:\Windows\system32\2015-01-07-22-41-58.084-aswFe.exe-6888.log 2015-01-07 14:33 - 2015-01-07 14:41 - 00000247 _____ () C:\Windows\system32\2015-01-07-22-33-37.014-aswFe.exe-5280.log 2015-01-07 14:33 - 2015-01-07 14:33 - 00000197 _____ () C:\Windows\system32\2015-01-07-22-33-31.024-AvastVBoxSVC.exe-2184.log 2015-01-07 05:37 - 2015-01-07 05:37 - 00000197 _____ () C:\Windows\system32\2015-01-07-13-37-32.041-AvastVBoxSVC.exe-4168.log 2015-01-06 16:51 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-01-06 16:51 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-01-06 14:43 - 2015-01-06 14:43 - 00000247 _____ () C:\Windows\system32\2015-01-06-22-43-09.026-aswFe.exe-4416.log 2015-01-06 14:38 - 2015-01-06 14:42 - 00000247 _____ () C:\Windows\system32\2015-01-06-22-38-17.088-aswFe.exe-5624.log 2015-01-06 14:38 - 2015-01-06 14:38 - 00000197 _____ () C:\Windows\system32\2015-01-06-22-38-11.060-AvastVBoxSVC.exe-1444.log 2015-01-06 14:00 - 2015-01-06 14:00 - 00000197 _____ () C:\Windows\system32\2015-01-06-22-00-08.023-AvastVBoxSVC.exe-3868.log 2015-01-06 13:56 - 2015-01-06 13:56 - 00000700 _____ () C:\Windows\PFRO.log 2015-01-06 13:47 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2015-01-06 13:47 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2015-01-06 13:47 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2015-01-06 13:47 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2015-01-06 13:47 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2015-01-06 13:47 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2015-01-06 13:47 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2015-01-06 13:47 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2015-01-06 13:47 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2015-01-06 13:47 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2015-01-06 13:47 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2015-01-06 13:47 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2015-01-06 13:47 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-01-06 13:47 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2015-01-06 13:47 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-03 02:07 - 2009-07-13 21:10 - 01912361 _____ () C:\Windows\WindowsUpdate.log 2015-02-03 01:43 - 2013-02-06 07:16 - 00000000 ____D () C:\Users\Nightdrive\AppData\Roaming\Spotify 2015-02-03 01:42 - 2014-10-25 01:22 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-03 01:28 - 2013-03-19 16:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-03 01:25 - 2010-03-22 18:18 - 00000000 ____D () C:\Users\Nightdrive\AppData\Roaming\Skype 2015-02-03 01:19 - 2010-12-30 14:07 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-02 22:19 - 2010-12-30 14:07 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-02 14:58 - 2010-03-09 14:18 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C5EB0DB3-9450-433A-9F88-C7D4D795018D} 2015-02-02 02:26 - 2014-11-23 01:00 - 00004032 _____ () C:\Windows\setupact.log 2015-01-31 16:05 - 2010-03-18 11:28 - 00000000 ____D () C:\Users\Nightdrive\AppData\Local\Deployment 2015-01-30 21:36 - 2014-03-12 02:28 - 00000000 ____D () C:\Users\Nightdrive\AppData\Local\Battle.net 2015-01-30 13:34 - 2010-03-09 14:35 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-28 16:46 - 2012-07-11 05:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-27 02:10 - 2013-02-22 02:54 - 00000000 ____D () C:\Users\Nightdrive\AppData\Roaming\OBS 2015-01-26 21:21 - 2013-02-06 07:17 - 00000000 ____D () C:\Users\Nightdrive\AppData\Local\Spotify 2015-01-24 15:28 - 2013-03-19 16:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-24 15:28 - 2012-04-28 19:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-24 15:28 - 2011-07-03 00:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-22 22:44 - 2010-09-17 19:53 - 00000000 ____D () C:\ProgramData\NexonUS 2015-01-21 02:50 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-21 02:50 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-17 10:48 - 2012-11-01 12:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 15:36 - 2012-10-18 20:08 - 00000000 ____D () C:\ProgramData\Kodak 2015-01-14 15:35 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 03:16 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 03:00 - 2010-03-12 18:54 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 19:28 - 2012-05-14 11:12 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2015-01-07 06:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2015-01-06 13:58 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-06 04:36 - 2011-06-11 05:52 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2011-02-12 07:00 - 2011-02-12 07:08 - 0010379 _____ () C:\Users\Nightdrive\AppData\Roaming\TheHunterSettings_live.bin 2011-02-12 06:57 - 2011-02-12 06:57 - 0000043 _____ () C:\Users\Nightdrive\AppData\Roaming\TheHunterSettings_live.cfg 2010-04-27 03:51 - 2012-02-24 09:16 - 0005120 _____ () C:\Users\Nightdrive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-01-01 00:03 - 2011-01-01 00:03 - 0000098 _____ () C:\Users\Nightdrive\AppData\Local\fusioncache.dat 2015-01-31 13:35 - 2015-01-31 13:35 - 0000218 _____ () C:\Users\Nightdrive\AppData\Local\recently-used.xbel 2010-09-27 22:26 - 2012-12-26 17:16 - 0007620 _____ () C:\Users\Nightdrive\AppData\Local\resmon.resmoncfg 2011-07-04 18:09 - 2011-07-04 18:09 - 0000000 _____ () C:\Users\Nightdrive\AppData\Local\{DDF82247-632D-4522-A1FA-5A25C8A340E9} 2011-06-15 16:08 - 2011-04-16 16:08 - 0000032 ____R () C:\ProgramData\hash.dat Files to move or delete: ==================== C:\ProgramData\hash.dat Some content of TEMP: ==================== C:\Users\Nightdrive\AppData\Local\Temp\NGM.exe C:\Users\Nightdrive\AppData\Local\Temp\NGMDll.dll C:\Users\Nightdrive\AppData\Local\Temp\NGMResource.dll C:\Users\Nightdrive\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-24 00:27 ==================== End Of Log ============================ Addition.txt - Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Nightdrive at 2015-02-03 02:08:11 Running from C:\Users\Nightdrive\Desktop\mbam15 Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) (HKLM\...\UDK-17d8ca0f-ca68-4f09-83f4-23d618e907fe) (Version: - RuneStorm µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - ) 7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) AIM 7 (HKLM-x32\...\AIM_7) (Version: - ) aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden Alien Swarm - SDK (HKLM-x32\...\Steam App 640) (Version: - Valve) AMD Catalyst Install Manager (HKLM\...\{E4490157-303F-F06F-FB6E-D2053A43A182}) (Version: 8.0.873.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AV Voice Changer Software DIAMOND 6.0 (HKLM-x32\...\AV Voice Changer Software DIAMOND 6.0) (Version: - ) Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - ) Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.) Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games) ccc-core-static (x32 Version: 2009.1209.2335.42329 - ATI) Hidden ccc-core-static (x32 Version: 2010.0930.2237.38732 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) CD Art Display 2.0.1 (HKLM-x32\...\CD Art Display_is1) (Version: - CD Art Display) center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden ClassicPro© v1.15 (HKLM-x32\...\ClassicPro) (Version: 1.15 - Skin Consortium) Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Curse Client (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse) Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.) Dell Driver Download Manager (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.) Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell) Deluge 1.3.9 (HKLM-x32\...\Deluge) (Version: - ) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Double Dragon Neon (HKLM-x32\...\Steam App 252350) (Version: - WayForward) Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.0) (Version: 0.70.0 - ESN Social Software AB) essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.2.5 - SCS Software) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.01 - Ubisoft) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - ) Game Dev Tycoon v1.3.2 © Greenheart Games version 1 (HKLM-x32\...\R2FtZURldlR5Y29vbnYxMzI=_is1) (Version: 1 - ) GameSpy Comrade (HKLM-x32\...\{361AA6F2-124E-4E98-9402-83B1445B8448}) (Version: 3.2.16.235 - GameSpy) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.6.9 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.9 - The GIMP Team) GoldWave v5.57 (HKLM-x32\...\GoldWave v5.57) (Version: - ) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - ) Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios) Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve) Hammerfight (HKLM-x32\...\Steam App 41100) (Version: - KranX Productions) Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - ) Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation) iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad) Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive) Killing Floor Mod: Defence Alliance 2 (HKLM-x32\...\Steam App 35420) (Version: - ) Kodak AIO Printer (Version: 7.5.0.0 - Eastman Kodak Company) Hidden KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.5.9.60 - Eastman Kodak Company) Last.fm 1.5.4.27091 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games) League of Legends (x32 Version: 1.3 - Riot Games) Hidden Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.124 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.124 - LogMeIn, Inc.) Hidden MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) ManyCam 2.4 (remove only) (HKLM-x32\...\ManyCam) (Version: 2.4.55 - ManyCam LLC) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft IntelliType Pro 7.1 (HKLM\...\{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}) (Version: 7.10.344.0 - Microsoft) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Army Game Studio/Virtual Heroes supporting) Mount and Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - Taleworlds Entertainment) Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM-x32\...\{235BBFC6-D863-4066-A01A-3BD504C31033}) (Version: 7.02.2620 - Nero AG) Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming) Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 140812.90586 - Square Enix Ltd) NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation) ObjectDock (HKLM-x32\...\ObjectDock) (Version: - ) ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden Octodad (HKLM-x32\...\Octodad) (Version: - ) Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version: - Young Horses) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version: - The Men Who Wear Many Hats) Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.) Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.0.0.4 - GOG.com) Poker Night (HKLM-x32\...\Steam App 31289) (Version: - ) PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.) PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Rainmeter (remove only) (HKLM-x32\...\Rainmeter) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5951 - Realtek Semiconductor Corp.) Recettear: An Item Shop's Tale (HKLM-x32\...\Recettear: An Item Shop's Tale_is1) (Version: - ) Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam) Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version: - Cellar Door Games) Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Roxio File Backup (Version: 1.3.0 - Roxio) Hidden Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.) Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version: - 5th Cell Media) SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - ) Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog) Skins (x32 Version: 2009.1209.2335.42329 - ATI) Hidden Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion) Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve) Speccy (HKLM\...\Speccy) (Version: 1.19 - Piriform) Spotify (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) SprayR 1.0 RC7b (HKLM-x32\...\SprayR) (Version: 1.0 RC7b - Jan 'neofrag' Willms) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - ) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{9E1BAB75-EB78-440D-94C0-A3857BE2E733}) (Version: 4.1.71.0 - Husdawg, LLC) System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC) Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) Terraria (HKLM-x32\...\Steam App 105600) (Version: - ) The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - ) The Expendabros (HKLM-x32\...\Steam App 312990) (Version: - Free Lives) The Sims 3 (HKLM-x32\...\Steam App 47890) (Version: - Electronic Arts) Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios) UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - ) Unity Web Player (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 2.1 - Ubisoft) VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Veetle TV 0.9.18 (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc) Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.) Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - ) Viscera Cleanup Detail: Shadow Warrior Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version: - RuneStorm) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) VTFEdit 1.3.0 (HKLM\...\VTFEdit_is1) (Version: - Neil Jedrzejewski & Ryan Gregg) Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) WinDirStat 1.1.2 (HKU\S-1-5-21-3148296312-807281291-2092357852-1001\...\WinDirStat) (Version: - ) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation) Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Wizorb (HKLM-x32\...\Steam App 207420) (Version: - Tribute Games) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zune (HKLM\...\Zune) (Version: 04.02.0202.00 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3148296312-807281291-2092357852-1001_Classes\CLSID\{e62b5661-654e-49a2-9c41-0947cac93558}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Restore Points ========================= ATTENTION: System Restore is disabled. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2014-04-22 02:48 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {20203DCA-B18E-478A-9C56-588772D2C0F1} - System32\Tasks\{6F7AD9E5-3894-439B-836C-29553221D68C} => pcalua.exe -a "C:\Users\Nightdrive\Desktop\ObjectDock Plus_1.5 build 528u+Crack\Crack.exe" -d "C:\Users\Nightdrive\Desktop\ObjectDock Plus_1.5 build 528u+Crack" Task: {28A0F300-61A7-4625-AC1E-1D514A30D6FA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {2AC77393-F244-425B-A3F5-943F0420A707} - System32\Tasks\avastBCLRestartS-1-5-21-3148296312-807281291-2092357852-1001 => Firefox.exe Task: {40477D09-C0E5-471D-8D1C-9C6E663BE0AD} - System32\Tasks\{FE45B4A7-2AC1-4E0C-9B3C-3281F4081715} => pcalua.exe -a C:\Users\Nightdrive\Desktop\MSN_Messenger7_Current_Playing_Song.exe -d C:\Users\Nightdrive\Desktop Task: {411C94EB-4A76-45E4-B34A-626B16CCE7D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {60CBFC38-3855-4F1E-B798-8E842159D72E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {8656277A-F2DA-4A34-8065-E394A6F128E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated) Task: {997E97C1-BCE1-4876-84FC-E4BC0524AC4E} - System32\Tasks\{FF8162A2-65F3-4B4B-BB9B-DF23D7F878FD} => pcalua.exe -a C:\Users\Nightdrive\Desktop\freejack_downloader.exe -d C:\Users\Nightdrive\Desktop Task: {9B639220-0A7D-43D7-A240-5AA81F8DF6D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {A04DB827-BB48-4AB2-92F6-BDB3700B3303} - System32\Tasks\{2ED88974-C491-48E1-8FDD-B5B571FA9F26} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.) Task: {AE336CE9-7E46-42A8-9A4E-4E8FD2D4FE0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-18] (AVAST Software) Task: {C22E79CD-94CA-4168-988E-D7FB4A35F1EB} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2009-11-05] (Microsoft Corporation) Task: {CA9562BF-7399-4629-9CED-3FF64B8AEFC2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EDD34C8A-0C52-4240-904E-6D9110E48F1C} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TECHNOTRONIC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation) Task: {F2B536C3-BE59-4531-83FA-0CE84A79356C} - System32\Tasks\{08424DAB-BE0B-48A8-9F66-1F7407EBFF03} => pcalua.exe -a "c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\addoninstaller.exe" -d C:\Users\Nightdrive\Desktop -c C:\Users\Nightdrive\Desktop\2evileyes.vpk Task: {F5C78E2C-B500-4B11-BF7C-590C8551028C} - System32\Tasks\{D29F2071-C2FA-48D2-B275-B2E40545D1E4} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {F94B2862-DF0D-47A2-AC62-9DFF2844C623} - System32\Tasks\{A3EBAE25-F303-4745-95FA-F7B6F72163D3} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.124.217/en/abandoninstall?page=tsPlugin&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {FB4AEAFE-5AA3-47D5-9C00-3382D316F466} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {FF34F39B-7001-4DF8-8DB5-5A76CEBDFBE1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-03-18 15:43 - 2013-06-30 21:45 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-11-18 16:45 - 2014-11-18 16:45 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2014-11-18 16:45 - 2014-11-18 16:45 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2010-03-09 16:12 - 2010-02-10 18:10 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2012-04-05 21:00 - 2012-04-05 21:00 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-09-26 18:33 - 2014-12-11 21:35 - 00374840 _____ () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe 2015-01-14 10:13 - 2015-01-14 10:13 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011401\algo.dll 2014-11-18 16:45 - 2014-11-18 16:45 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-02-03 01:11 - 2015-02-03 01:11 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll 2014-01-24 16:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-01-24 16:29 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-01-24 16:29 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-01-24 16:29 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-01-24 16:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2013-02-06 07:17 - 2014-12-11 21:35 - 36966968 _____ () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\libcef.dll 2014-11-18 16:45 - 2014-11-18 16:45 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-08-29 02:21 - 2014-12-01 13:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2014-08-29 02:21 - 2014-12-01 13:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2014-08-29 02:21 - 2014-12-01 13:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2014-08-29 02:21 - 2014-12-01 13:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2013-02-28 10:52 - 2014-11-11 10:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2014-12-02 14:52 - 2014-12-01 16:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll 2014-12-02 14:52 - 2014-12-01 16:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2014-12-02 14:52 - 2014-12-01 16:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2014-05-03 06:21 - 2015-01-09 19:21 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll 2014-08-29 02:21 - 2014-12-01 13:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2011-07-12 16:39 - 2015-01-09 19:21 - 00696512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2014-07-10 02:25 - 2014-12-11 21:35 - 00867896 _____ () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\ffmpegsumo.dll 2010-03-10 03:16 - 2014-12-19 15:38 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2013-09-26 18:33 - 2014-12-11 21:35 - 00886840 _____ () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\libglesv2.dll 2013-09-26 18:33 - 2014-12-11 21:35 - 00108600 _____ () C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\libegl.dll 2010-03-09 16:39 - 2007-04-30 19:18 - 00112400 _____ () C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll 2014-07-26 18:21 - 2014-12-19 15:38 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll 2015-01-26 10:44 - 2015-01-26 10:44 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2015-01-24 15:28 - 2015-01-24 15:28 - 16844976 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-3148296312-807281291-2092357852-500 - Administrator - Disabled) ASPNET (S-1-5-21-3148296312-807281291-2092357852-1007 - Limited - Enabled) Guest (S-1-5-21-3148296312-807281291-2092357852-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3148296312-807281291-2092357852-1002 - Limited - Enabled) Mcx1-TECHNOTRONIC (S-1-5-21-3148296312-807281291-2092357852-1005 - Limited - Enabled) => C:\Users\Mcx1-TECHNOTRONIC Nightdrive (S-1-5-21-3148296312-807281291-2092357852-1001 - Administrator - Enabled) => C:\Users\Nightdrive ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2015 06:59:16 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/02/2015 06:56:58 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (02/01/2015 05:14:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (02/01/2015 05:12:22 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (01/31/2015 05:22:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/31/2015 05:20:37 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (01/30/2015 06:39:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/30/2015 06:36:02 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (01/29/2015 03:49:33 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/29/2015 03:47:12 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (01/22/2015 10:53:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s). Error: (01/15/2015 02:51:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Kodak AiO Status Monitor Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/15/2015 02:51:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/14/2015 03:35:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: RxFilter Error: (01/14/2015 03:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SessionLauncher service failed to start due to the following error: %%2 Error: (01/14/2015 08:09:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (01/14/2015 04:59:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). Error: (01/14/2015 04:58:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s). Error: (01/09/2015 04:32:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 4 time(s). Error: (01/09/2015 04:30:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 3 time(s). Microsoft Office Sessions: ========================= Error: (02/02/2015 06:59:16 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (02/02/2015 06:56:58 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (02/01/2015 05:14:31 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (02/01/2015 05:12:22 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/31/2015 05:22:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/31/2015 05:20:37 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/30/2015 06:39:18 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/30/2015 06:36:02 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 Error: (01/29/2015 03:49:33 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (01/29/2015 03:47:12 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8 CodeIntegrity Errors: =================================== Date: 2010-10-06 15:36:40.226 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-10-06 15:36:40.195 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-10-06 15:32:11.611 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-10-06 15:32:11.486 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmdag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i7 CPU 920 @ 2.67GHz Percentage of memory in use: 74% Total physical RAM: 4086.99 MB Available physical RAM: 1041.77 MB Total Pagefile: 8574.43 MB Available Pagefile: 2035.91 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:689.47 GB) (Free:245.36 GB) NTFS Drive d: (Setup) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E8000000) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=9.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=689.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Thanks for all your help! Next time I'm some money I'll think about donating for the hard work you've put in! I do have one question. What do I do with step 3? Is that a link? It's not made out to click like a normal link, so I'm unsure if I should put that in my address bar or not.

Any way to clean out those leftovers and check to see if everything is set and in order?

I couldn't edit and fix what I said. I meant it pops up randomly. Sometimes it will happen weeks later for about a day and a half, then not happen for up to a week, or even a month. I've wondered if it was just my connection, but then I tested it by disconnecting my PC from the network, and my connection went back to normal; all other devices gained normal internet speed, which lead me to believe there was an issue with mine. ESET seems to have been the only thing to found problems. Looking what it found up, Win32/PrcView is said to create a backdoor? I can't say that's what caused it, but I'd like to maybe look for others things that it may have left. Perhaps it did something to my registry and the sort. I hope I'm not trouble, or being too much of a worrier, you've been great!

Good, I hope. Like I said earlier. The lag isn't a constant or daily thing. It pops up late at night, and lasts for hours. I hope whatever ESET found was it! Is there any way to double check and make sure it's gone and/or block any way of it possibly returning, if that was it?

C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application C:\MGtools\Process.exe Win32/PrcView potentially unsafe application deleted - quarantined C:\Users\Nightdrive\Desktop\sp\ccsetup324.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined C:\Users\Nightdrive\Desktop\wat\DriverSweeper_3.2.0.exe Win32/OpenCandy potentially unsafe application deleted - quarantined C:\Users\Nightdrive\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

# AdwCleaner v3.023 - Report created 17/04/2014 at 16:29:41 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Nightdrive - TECHNOTRONIC # Running from : C:\Users\Nightdrive\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Nightdrive\AppData\Local\CrashRpt Folder Deleted : C:\Users\Nightdrive\AppData\Local\OpenCandy ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\prefs.js ] ************************* AdwCleaner[R0].txt - [3210 octets] - [17/04/2014 16:19:50] AdwCleaner[s0].txt - [3167 octets] - [17/04/2014 16:29:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3227 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Nightdrive on Thu 04/17/2014 at 15:52:45.65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cadLyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cadLyrics_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cadLyrics_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\cadLyrics_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8147b5f9-73b7-4ea4-9d2b-9e29682c1df0} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\viewpoint" Successfully deleted: [Folder] "C:\Users\Nightdrive\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Nightdrive\appdata\locallow\comcasttb" Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Nightdrive\AppData\Roaming\mozilla\firefox\profiles\dq4f9msv.default-1378204871341\minidumps [72 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 04/17/2014 at 16:00:17.69 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It found nothing. The issue isn't constant. It only happens for about 20 hours sporadically. Sometimes it happens a week after the last, sometimes two. Sometimes even a month. It's hard to tell when it's not a constant issue, but MBAM found nothing, as shown in the log.

Comcast toolbar removed fine, but Viewpoint is giving me trouble. It's saying "Please log in as administrator to install the Viewpoint Media Player" when trying to uninstall. There is no uninstaller in its folders. Here are the logs from the scan! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.02.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Nightdrive :: TECHNOTRONIC [administrator] 4/9/2014 12:02:13 PM mbam-log-2014-04-09 (12-02-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 266390 Time elapsed: 6 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

uTorrent has been uninstalled for over a year. I'm not sure why it still shows as installed there. Is there any way to clear that?

Here is the second. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/9/2010 1:57:38 PM System Uptime: 4/5/2014 10:23:00 AM (0 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 689 GiB total, 151.222 GiB free. D: is CDROM (UDF) E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP722: 4/1/2014 4:31:36 AM - Windows Update RP723: 4/1/2014 11:00:50 PM - avast! antivirus system restore point RP724: 4/3/2014 2:07:43 PM - Removed SPORE™ Galactic Adventures RP725: 4/3/2014 2:22:14 PM - Removed SPORE™ RP726: 4/3/2014 2:24:09 PM - Removed SPORE™ Creepy & Cute Parts Pack RP727: 4/4/2014 9:47:31 AM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player 12.0 AIM 7 aioscnnr Alien Swarm - SDK AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders AOL Instant Messenger Apple Application Support Apple Mobile Device Support Apple Software Update AV Voice Changer Software DIAMOND 6.0 avast! Free Antivirus AviSynth 2.5 Banctec Service Agreement Bandisoft MPEG-1 Decoder Battle.net Beat Hazard Bing Bar Bonjour Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CD Art Display 2.0.1 center Chivalry: Medieval Warfare ClassicPro© v1.15 Combined Community Codec Pack 2009-09-09 Comcast Toolbar 3.5 Counter-Strike: Global Offensive Counter-Strike: Source Curse Client Day of Defeat: Source Deadlight Dell Driver Download Manager Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Deluge 1.3.5 Diablo III DirectXInstallService Don't Starve Dota 2 Download Updater (AOL LLC) Driver Sweeper version 3.2.0 Dual-Core Optimizer EMC 10 Content EMCGadgets64 ESN Sonar essentials Euro Truck Simulator 2 Fallout: New Vegas Far Cry 3 Fraps (remove only) FTL: Faster Than Light Game Dev Tycoon v1.3.2 © Greenheart Games version 1 GameSpy Comrade Garry's Mod Ghost Master GIMP 2.6.9 GoldWave v5.57 Google Earth Google Update Helper GoToAssist 8.0.0.514 Guacamelee! Gold Edition Guild Wars 2 Half-Life 2 Hammerfight Hotline Miami Intel® Matrix Storage Manager Internet TV for Windows Media Center iTunes Java 7 Update 45 Java Auto Updater Java 6 Update 37 Java 6 Update 45 (64-bit) Joe Danger 2: The Movie Junk Mail filter update Kerbal Space Program Killing Floor Killing Floor Mod: Defence Alliance 2 Kodak AIO Printer KODAK AiO Software Last.fm 1.5.4.27091 League of Legends Left 4 Dead 2 Little Inferno Loadout LogMeIn Hamachi MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.75.0.1300 ManyCam 2.4 (remove only) Microsoft .NET Framework 1.1 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Choice Guard Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft IntelliType Pro 7.1 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Refresh Moonbase Alpha Mortal Kombat Kollection Mount and Blade: Warband Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition Nexon Game Manager Nexus Mod Manager No More Room in Hell NVIDIA PhysX ObjectDock ocr Octodad Open Broadcaster Software OpenAL Organ Trail: Director's Cut Origin Papers, Please PAYDAY: The Heist Poker Night PowerDVD DX PreReq PunkBuster Services QuickTime Rainmeter (remove only) Realtek High Definition Audio Driver Recettear: An Item Shop's Tale Rogue Legacy Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio File Backup Roxio Update Manager Rust SAMSUNG USB Driver for Mobile Phones SecondLifeViewer (remove only) Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Skins Skype™ 6.14 Sleeping Dogs™ Sniper Elite: Nazi Zombie Army Sniper Elite: Nazi Zombie Army 2 Sonic CinePlayer Decoder Pack Source SDK Base 2007 Speccy Spotify SprayR 1.0 RC7b Spybot - Search & Destroy Steam Super Meat Boy Surgeon Simulator 2013 swMSM System Requirements Lab System Requirements Lab CYRI Team Fortress 2 Terraria The Binding of Isaac The Showdown Effect The Sims 3 Torchlight II UDPixel.exe Unity Web Player Uplay VD64Inst Veetle TV 0.9.18 Ventrilo Client for Windows x64 Viewpoint Media Player Vindictus Virtual Audio Cable 4.10 VLC media player 2.0.3 VTFEdit 1.3.0 Warframe Winamp Winamp Detector Plug-in Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Center Add-in for Flash Windows Media Center Add-in for Silverlight WinRAR archiver Wizorb World of Warcraft Yahoo! Messenger Yahoo! Software Update Zombie Panic Source Zune Zune Language Pack (DE) Zune Language Pack (ES) Zune Language Pack (FR) Zune Language Pack (IT) . ==== Event Viewer Messages From Past Week ======== . 4/5/2014 10:26:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect. 4/5/2014 10:26:23 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/5/2014 10:25:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 4/5/2014 10:25:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect. 4/5/2014 10:25:33 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/5/2014 10:24:53 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 4/2/2014 4:40:41 PM, Error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 4/2/2014 4:40:34 PM, Error: Service Control Manager [7031] - The Zune Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. . ==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2 Run by Nightdrive at 10:31:44 on 2014-04-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4087.1677 [GMT -7:00] . AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\spotify.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Users\Nightdrive\AppData\Local\Apps\2.0\2MPZVL58.6V8\2KZN8HHE.3L4\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\msiexec.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k secsvcs c:\Program Files\Zune\ZuneNss.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files (x86)\comcasttb\auxi\comcastAu.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: Comcast Toolbar: {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files (x86)\comcasttb\comcastdx.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide uRun: [spotify Web Helper] "C:\Users\Nightdrive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [spotify] "C:\Users\Nightdrive\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart uRun: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [Conime] C:\Windows\System32\conime.exe mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Nightdrive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\Users\NIGHTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\NIGHTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM95\aim.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{553482DC-7013-47B3-B39B-0C83CFE3F7FA} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Notify: MCPClient - C:\PROGRA~2\COMMON~1\Stardock\mcpstub.dll Notify: SDWinLogon - SDWinLogon.dll SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~2\COMMON~1\Stardock\MCPCore.dll SSODL: WebCheck - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file> x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Nightdrive\AppData\Roaming\Mozilla\Firefox\Profiles\dq4f9msv.default-1378204871341\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Nightdrive\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-6 65776] R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-6 208928] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-9 55856] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-11 1039096] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2011-6-11 423240] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 236544] R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-11 79184] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-1 50344] R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728] R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-24 171416] R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-25 84816] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-8-2 95760] R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2012-1-16 66728] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-8 216064] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-8 215040] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-24 3921880] S2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-24 1042272] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2010-7-26 20568] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-11 111616] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-9-7 16392] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-24 1255736] . =============== Created Last 30 ================ . 2014-04-04 22:17:28 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{468245F1-687C-44CE-A9F8-8C4F8DD8EAD9}\offreg.dll 2014-04-04 16:48:02 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{468245F1-687C-44CE-A9F8-8C4F8DD8EAD9}\mpengine.dll 2014-04-02 06:03:13 43152 ----a-w- C:\Windows\avastSS.scr 2014-03-13 07:39:33 -------- d-----w- C:\Users\Nightdrive\AppData\Local\Skype 2014-03-13 07:39:23 -------- d-----r- C:\Program Files (x86)\Skype 2014-03-12 10:32:58 -------- d-----w- C:\Users\Nightdrive\AppData\Local\Blizzard 2014-03-12 10:28:21 -------- d-----w- C:\Users\Nightdrive\AppData\Roaming\Battle.net 2014-03-12 10:28:21 -------- d-----w- C:\Users\Nightdrive\AppData\Local\Battle.net 2014-03-12 10:28:11 -------- d-----w- C:\Program Files (x86)\Battle.net 2014-03-12 05:17:39 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-03-12 05:17:38 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-03-12 05:17:37 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-03-12 05:17:37 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll . ==================== Find3M ==================== . 2014-04-02 06:03:14 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2014-04-02 06:03:14 84816 ----a-w- C:\Windows\System32\drivers\aswstm.sys 2014-04-02 06:03:14 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2014-04-02 06:03:14 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2014-04-02 06:03:14 208928 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2014-04-02 06:03:14 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2014-03-12 06:28:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 06:28:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll 2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll . ============= FINISH: 10:35:08.63 ===============

My connection has been randomly slowing down lately. It happens sometimes in the middle of the night, but sometimes it happens for nearly entire days, though the odd thing is that it only happens maybe once or twice every couple of weeks. Testing my net speed during these times shows my download and upload speed in the .0s. Scanning with Spybot, AVAST and Malwarebytes hasn't given me any clues as to it being anything malicious. It's getting extremely frustrating and I need help. NOTE: I noticed that one of the logs shows utorrent as installed, but I've uninstalled utorrent over a year ago, so I'm unsure why it's still showing as installed still. Hopefully that isn't an issue when it comes to helping me! attach.txt dds.txt