Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
COM Surrogate eating up my CPU.
Message
<blockquote data-quote="jacobsophia" data-source="post: 279765" data-attributes="member: 29022"><p>ComboFix 14-10-15.01 - Andre Nguyen 10/17/2014 17:30:13.1.8 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.4165 [GMT -4:00]</p><p>Running from: c:\users\Andre Nguyen\Desktop\ComboFix.exe</p><p>AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p>SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>C:\END</p><p>c:\users\Andre Nguyen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ccskk.dll</p><p>c:\users\Andre Nguyen\AppData\Roaming\a145a4d.exe</p><p>c:\users\Andre Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a145a4d.exe</p><p>c:\users\Andre Nguyen\Documents\~WRL3921.tmp</p><p>c:\users\ANDREN~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ccskk.dll</p><p>c:\windows\msvcr71.dll</p><p>.</p><p>.</p><p>CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.</p><p>You should verify if current CLSID data is correct: </p><p>.</p><p>HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}</p><p> (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server</p><p> AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}</p><p>.</p><p>HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32</p><p> (Default) REG_SZ c:\windows\system32\thumbcache.dll</p><p> ThreadingModel REG_SZ Apartment</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-09-17 to 2014-10-17 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-10-17 22:37 . 2014-10-17 22:37 -------- d-----w- c:\users\hedev\AppData\Local\temp</p><p>2014-10-17 22:37 . 2014-10-17 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2014-10-17 21:05 . 2014-10-17 21:05 -------- d-sh--w- c:\programdata\USB Adapter Updater</p><p>2014-10-17 04:28 . 2014-10-17 04:53 -------- d-----w- C:\FRST</p><p>2014-10-15 03:55 . 2014-10-15 03:55 -------- d-----w- C:\a145a4d</p><p>2014-10-15 03:41 . 2014-10-15 03:41 0 ---ha-w- c:\users\Andre Nguyen\AppData\Local\BITDB6.tmp</p><p>2014-10-15 02:08 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys</p><p>2014-10-15 02:08 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll</p><p>2014-10-15 02:08 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll</p><p>2014-10-15 02:08 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll</p><p>2014-10-15 02:08 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll</p><p>2014-10-15 02:08 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll</p><p>2014-10-15 02:08 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll</p><p>2014-10-15 02:08 . 2014-07-07 02:06 842240 ----a-w- c:\windows\system32\blackbox.dll</p><p>2014-10-15 02:08 . 2014-07-07 01:40 744960 ----a-w- c:\windows\SysWow64\blackbox.dll</p><p>2014-10-15 02:08 . 2014-07-07 02:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll</p><p>2014-10-15 02:05 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll</p><p>2014-10-15 02:05 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll</p><p>2014-10-15 02:05 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll</p><p>2014-10-15 02:05 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll</p><p>2014-10-14 15:05 . 2014-10-14 15:06 -------- d-----w- c:\windows\system32\drivers\NSMx64\0301000.00E</p><p>2014-10-02 14:41 . 2014-10-15 03:32 -------- d-----w- c:\windows\system32\drivers\N360x64\1506000.020</p><p>2014-10-01 12:55 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-10-01 12:55 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-24 04:05 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-24 04:05 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>2014-09-20 09:12 . 2014-09-20 09:12 -------- d-----w- c:\program files (x86)\AGEIA Technologies</p><p>2014-09-20 09:12 . 2014-09-13 20:13 613696 ----a-w- c:\windows\SysWow64\nvStreaming.exe</p><p>2014-09-20 07:42 . 2014-09-20 07:42 -------- d-----w- c:\program files (x86)\Common Files\Skype</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-10-17 21:17 . 2012-10-12 07:34 380 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\sp_data.sys</p><p>2014-10-15 03:05 . 2012-10-16 17:24 103265616 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-09-24 07:00 . 2012-10-23 22:42 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-09-24 07:00 . 2012-10-23 22:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-09-17 04:51 . 2012-10-12 11:03 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll</p><p>2014-09-13 23:48 . 2014-05-27 02:25 18106152 ----a-w- c:\windows\SysWow64\nvwgf2um.dll</p><p>2014-09-13 23:48 . 2012-10-16 14:19 2838424 ----a-w- c:\windows\SysWow64\nvapi.dll</p><p>2014-09-13 23:48 . 2012-10-12 11:03 20589536 ----a-w- c:\windows\system32\nvwgf2umx.dll</p><p>2014-09-13 23:48 . 2012-10-12 11:03 16875856 ----a-w- c:\windows\SysWow64\nvd3dum.dll</p><p>2014-09-13 23:48 . 2012-10-12 11:03 3223120 ----a-w- c:\windows\system32\nvapi64.dll</p><p>2014-09-13 21:53 . 2012-10-12 11:03 6890696 ----a-w- c:\windows\system32\nvcpl.dll</p><p>2014-09-13 21:53 . 2012-10-12 11:03 3529872 ----a-w- c:\windows\system32\nvsvc64.dll</p><p>2014-09-13 21:53 . 2012-10-12 11:03 934216 ----a-w- c:\windows\system32\nvvsvc.exe</p><p>2014-09-13 21:53 . 2012-10-12 11:03 62608 ----a-w- c:\windows\system32\nvshext.dll</p><p>2014-09-13 21:53 . 2012-10-12 11:03 385168 ----a-w- c:\windows\system32\nvmctray.dll</p><p>2014-09-13 21:53 . 2012-10-12 11:03 2557640 ----a-w- c:\windows\system32\nvsvcr.dll</p><p>2014-09-11 15:37 . 2014-05-27 02:28 3961833 ----a-w- c:\windows\system32\nvcoproc.bin</p><p>2014-09-06 14:02 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2014-09-06 13:05 . 2012-10-12 07:49 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS</p><p>2014-08-23 02:07 . 2014-08-28 07:58 404480 ----a-w- c:\windows\system32\gdi32.dll</p><p>2014-08-23 01:45 . 2014-08-28 07:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll</p><p>2014-08-01 11:53 . 2014-09-09 21:09 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll</p><p>2014-08-01 11:35 . 2014-09-09 21:09 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll</p><p>2014-07-25 16:55 . 2014-08-15 20:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll</p><p>2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]</p><p>"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]</p><p>.</p><p>[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]</p><p>2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</p><p>"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]</p><p>.</p><p>[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]</p><p>@="{C5994560-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]</p><p>@="{C5994561-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]</p><p>@="{C5994562-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]</p><p>@="{C5994563-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]</p><p>@="{C5994564-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]</p><p>@="{C5994565-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]</p><p>@="{C5994566-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]</p><p>@="{C5994567-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]</p><p>@="{C5994568-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Akamai NetSession Interface"="c:\users\Andre Nguyen\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]</p><p>"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]</p><p>"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]</p><p>"BackgroundContainer"="c:\users\Andre Nguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264]</p><p>"Amazon Music"="c:\users\Andre Nguyen\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-22 3356480]</p><p>"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]</p><p>"uTorrent"="c:\users\Andre Nguyen\AppData\Roaming\uTorrent\uTorrent.exe" [2014-09-26 1385808]</p><p>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]</p><p>"a145a4"="c:\a145a4d\a145a4d.exe" [2014-10-15 187904]</p><p>"USB Adapter Updater"="c:\programdata\USB Adapter Updater\hemxccape.exe" [2014-10-17 348672]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]</p><p>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]</p><p>"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]</p><p>"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-16 5028464]</p><p>"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]</p><p>"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]</p><p>"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]</p><p>"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]</p><p>"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]</p><p>"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]</p><p>"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]</p><p>"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-10-12 3058304]</p><p>"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]</p><p>"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]</p><p>"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]</p><p>.</p><p>c:\users\Andre Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>Dropbox.lnk - c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]</p><p>.</p><p>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</p><p>AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TampMon]</p><p>@="Service"</p><p>.</p><p>R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]</p><p>R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]</p><p>R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]</p><p>R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]</p><p>R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\System32\Drivers\NSMx64\0301000.00E\SymRdrS.SYS;c:\windows\SYSNATIVE\Drivers\NSMx64\0301000.00E\SymRdrS.SYS [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]</p><p>R4 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x]</p><p>R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]</p><p>R4 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x]</p><p>R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]</p><p>R4 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]</p><p>R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]</p><p>R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]</p><p>R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]</p><p>R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>R4 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]</p><p>S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]</p><p>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]</p><p>S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]</p><p>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]</p><p>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]</p><p>S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]</p><p>S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x]</p><p>S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]</p><p>S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSMx64\0301000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSMx64\0301000.00E\ccSetx64.sys [x]</p><p>S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141016.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141016.001\IDSvia64.sys [x]</p><p>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]</p><p>S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]</p><p>S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]</p><p>S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]</p><p>S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]</p><p>S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [x]</p><p>S2 NSM;Norton Family;c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe;c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe [x]</p><p>S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]</p><p>S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]</p><p>S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]</p><p>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]</p><p>S2 TampMon;Norton Family Tamper Monitoring;c:\program files (x86)\Norton Family\Engine\3.1.0.14\TampMon.exe;c:\program files (x86)\Norton Family\Engine\3.1.0.14\TampMon.exe [x]</p><p>S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]</p><p>S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]</p><p>S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]</p><p>S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]</p><p>S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]</p><p>S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]</p><p>S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]</p><p>S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]</p><p>S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]</p><p>S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]</p><p>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]</p><p>S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]</p><p>S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]</p><p>S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]</p><p>S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]</p><p>S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]</p><p>S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]</p><p>S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2014-09-25 03:08 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 07:00]</p><p>.</p><p>2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]</p><p>.</p><p>2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]</p><p>.</p><p>2014-10-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]</p><p>.</p><p>2014-10-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]</p><p>@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]</p><p>2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]</p><p>@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]</p><p>2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]</p><p>@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]</p><p>2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]</p><p>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]</p><p>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]</p><p>@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]</p><p>@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]</p><p>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]</p><p>@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]</p><p>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]</p><p>@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]</p><p>2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]</p><p>@="{C5994560-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]</p><p>@="{C5994561-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]</p><p>@="{C5994562-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]</p><p>@="{C5994563-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]</p><p>@="{C5994564-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]</p><p>@="{C5994565-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]</p><p>@="{C5994566-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]</p><p>@="{C5994567-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]</p><p>@="{C5994568-53D9-4125-87C9-F193FC689CB2}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]</p><p>2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]</p><p>"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]</p><p>"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]</p><p>"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]</p><p>"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]</p><p>"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]</p><p>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnld2msd&cd=2XzuyEtN2Y1L1QzuzyyE0D0B0CzyyEzyzytDyE0BtB0E0A0AtN0D0Tzu0CyCtDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1229637531&ir=</p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>uInternet Settings,ProxyOverride = <local>;*.local</p><p>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000</p><p>IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105</p><p>Trusted Zone: clonewarsadventures.com</p><p>Trusted Zone: freerealms.com</p><p>Trusted Zone: soe.com</p><p>Trusted Zone: sony.com</p><p>TCP: DhcpNameServer = 192.168.1.1 71.242.0.12</p><p>FF - ProfilePath - c:\users\Andre Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\2a1ho4yz.default\</p><p>FF - prefs.js: browser.search.selectedEngine - Bing </p><p>FF - prefs.js: keyword.URL - hxxp://<a href="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q=" target="_blank">www.bing.com/search?FORM=UP97DF&PC=UP97&q=</a></p><p>FF - prefs.js: browser.startup.homepage - hxxp://<a href="http://www.msn.com/?pc=UP97&ocid=UP97DHP" target="_blank">www.msn.com/?pc=UP97&ocid=UP97DHP</a></p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe</p><p>Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe</p><p>Wow6432Node-HKCU-Run-a145a4d - c:\users\Andre Nguyen\AppData\Roaming\a145a4d.exe</p><p>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</p><p>Wow6432Node-HKU-Default-Run-Norton Download Manager{NF30052-PROD-FSD40014} - c:\program files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)</p><p>HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe</p><p>AddRemove-Fallout Tactics - c:\gog games\Fallout Tactics\unins000.exe</p><p>AddRemove-Unofficial Official Mods Patch_is1 - c:\program files (x86)\Steam\steamapps\common\Oblivion\Data\Unofficial Official Mods Patch\unins000.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]</p><p>"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"</p><p>--</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSM]</p><p>"ImagePath"="\"c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe\" /s \"NSM\" /m \"c:\program files (x86)\Norton Family\Engine\3.1.0.14\diMaster.dll\" /prefetch:1"</p><p>"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"</p><p>"TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_USERS\S-1-5-21-1161276472-256068021-3080704986-1002\Software\SecuROM\License information*]</p><p>"datasecu"=hex:c3,ce,a0,9a,91,a5,6c,31,6f,c7,71,79,3b,35,45,d4,34,31,f6,11,c2,</p><p> 3f,76,e7,86,30,46,07,1c,c1,2c,96,b5,76,a5,7e,4e,1d,72,9f,1d,42,5e,07,58,8e,\</p><p>"rkeysecu"=hex:d5,e4,d5,55,cc,af,a3,9f,10,bf,1a,84,c2,c4,fc,4e</p><p>.</p><p>[HKEY_USERS\S-1-5-21-1161276472-256068021-3080704986-1002\Software\Win7zip]</p><p>@Denied: (A B 2 3) (Everyone)</p><p>"Uuid"=hex:12,44,88,41,54,9c,9f,42,a4,49,c8,33,f1,af,61,fa</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe</p><p>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>c:\windows\SysWOW64\Rundll32.exe</p><p>c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe</p><p>c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2014-10-17 18:56:08 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2014-10-17 22:56</p><p>.</p><p>Pre-Run: 409,050,112,000 bytes free</p><p>Post-Run: 435,681,153,024 bytes free</p><p>.</p><p>- - End Of File - - 31A1563CFFD9C10F5A81D36C469743C4</p></blockquote><p></p>
[QUOTE="jacobsophia, post: 279765, member: 29022"] ComboFix 14-10-15.01 - Andre Nguyen 10/17/2014 17:30:13.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.4165 [GMT -4:00] Running from: c:\users\Andre Nguyen\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\users\Andre Nguyen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ccskk.dll c:\users\Andre Nguyen\AppData\Roaming\a145a4d.exe c:\users\Andre Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a145a4d.exe c:\users\Andre Nguyen\Documents\~WRL3921.tmp c:\users\ANDREN~1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_ccskk.dll c:\windows\msvcr71.dll . . CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed. You should verify if current CLSID data is correct: . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} . HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment . . ((((((((((((((((((((((((( Files Created from 2014-09-17 to 2014-10-17 ))))))))))))))))))))))))))))))) . . 2014-10-17 22:37 . 2014-10-17 22:37 -------- d-----w- c:\users\hedev\AppData\Local\temp 2014-10-17 22:37 . 2014-10-17 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-10-17 21:05 . 2014-10-17 21:05 -------- d-sh--w- c:\programdata\USB Adapter Updater 2014-10-17 04:28 . 2014-10-17 04:53 -------- d-----w- C:\FRST 2014-10-15 03:55 . 2014-10-15 03:55 -------- d-----w- C:\a145a4d 2014-10-15 03:41 . 2014-10-15 03:41 0 ---ha-w- c:\users\Andre Nguyen\AppData\Local\BITDB6.tmp 2014-10-15 02:08 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys 2014-10-15 02:08 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll 2014-10-15 02:08 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll 2014-10-15 02:08 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll 2014-10-15 02:08 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll 2014-10-15 02:08 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll 2014-10-15 02:08 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll 2014-10-15 02:08 . 2014-07-07 02:06 842240 ----a-w- c:\windows\system32\blackbox.dll 2014-10-15 02:08 . 2014-07-07 01:40 744960 ----a-w- c:\windows\SysWow64\blackbox.dll 2014-10-15 02:08 . 2014-07-07 02:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2014-10-15 02:05 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll 2014-10-15 02:05 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2014-10-15 02:05 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll 2014-10-15 02:05 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll 2014-10-14 15:05 . 2014-10-14 15:06 -------- d-----w- c:\windows\system32\drivers\NSMx64\0301000.00E 2014-10-02 14:41 . 2014-10-15 03:32 -------- d-----w- c:\windows\system32\drivers\N360x64\1506000.020 2014-10-01 12:55 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-10-01 12:55 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-24 04:05 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-24 04:05 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-09-20 09:12 . 2014-09-20 09:12 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2014-09-20 09:12 . 2014-09-13 20:13 613696 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2014-09-20 07:42 . 2014-09-20 07:42 -------- d-----w- c:\program files (x86)\Common Files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-17 21:17 . 2012-10-12 07:34 380 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\sp_data.sys 2014-10-15 03:05 . 2012-10-16 17:24 103265616 ----a-w- c:\windows\system32\MRT.exe 2014-09-24 07:00 . 2012-10-23 22:42 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 07:00 . 2012-10-23 22:42 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-17 04:51 . 2012-10-12 11:03 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2014-09-13 23:48 . 2014-05-27 02:25 18106152 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2014-09-13 23:48 . 2012-10-16 14:19 2838424 ----a-w- c:\windows\SysWow64\nvapi.dll 2014-09-13 23:48 . 2012-10-12 11:03 20589536 ----a-w- c:\windows\system32\nvwgf2umx.dll 2014-09-13 23:48 . 2012-10-12 11:03 16875856 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2014-09-13 23:48 . 2012-10-12 11:03 3223120 ----a-w- c:\windows\system32\nvapi64.dll 2014-09-13 21:53 . 2012-10-12 11:03 6890696 ----a-w- c:\windows\system32\nvcpl.dll 2014-09-13 21:53 . 2012-10-12 11:03 3529872 ----a-w- c:\windows\system32\nvsvc64.dll 2014-09-13 21:53 . 2012-10-12 11:03 934216 ----a-w- c:\windows\system32\nvvsvc.exe 2014-09-13 21:53 . 2012-10-12 11:03 62608 ----a-w- c:\windows\system32\nvshext.dll 2014-09-13 21:53 . 2012-10-12 11:03 385168 ----a-w- c:\windows\system32\nvmctray.dll 2014-09-13 21:53 . 2012-10-12 11:03 2557640 ----a-w- c:\windows\system32\nvsvcr.dll 2014-09-11 15:37 . 2014-05-27 02:28 3961833 ----a-w- c:\windows\system32\nvcoproc.bin 2014-09-06 14:02 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-09-06 13:05 . 2012-10-12 07:49 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2014-08-23 02:07 . 2014-08-28 07:58 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 07:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-01 11:53 . 2014-09-09 21:09 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-08-01 11:35 . 2014-09-09 21:09 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-07-25 16:55 . 2014-08-15 20:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Andre Nguyen\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720] "BackgroundContainer"="c:\users\Andre Nguyen\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-11-06 319264] "Amazon Music"="c:\users\Andre Nguyen\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-07-22 3356480] "AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408] "uTorrent"="c:\users\Andre Nguyen\AppData\Roaming\uTorrent\uTorrent.exe" [2014-09-26 1385808] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192] "a145a4"="c:\a145a4d\a145a4d.exe" [2014-10-15 187904] "USB Adapter Updater"="c:\programdata\USB Adapter Updater\hemxccape.exe" [2014-10-17 348672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-16 5028464] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-10-12 3058304] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816] "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . c:\users\Andre Nguyen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-2-18 549040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TampMon] @="Service" . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Family;c:\windows\System32\Drivers\NSMx64\0301000.00E\SymRdrS.SYS;c:\windows\SYSNATIVE\Drivers\NSMx64\0301000.00E\SymRdrS.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x] R4 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [x] R4 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] R4 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [x] R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] R4 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] R4 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x] S1 ccSet_NSM;Norton Family Settings Manager;c:\windows\system32\drivers\NSMx64\0301000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSMx64\0301000.00E\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141016.001\IDSvia64.sys;c:\program files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141016.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x] S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [x] S2 NSM;Norton Family;c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe;c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 TampMon;Norton Family Tamper Monitoring;c:\program files (x86)\Norton Family\Engine\3.1.0.14\TampMon.exe;c:\program files (x86)\Norton Family\Engine\3.1.0.14\TampMon.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x] S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-09-25 03:08 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-23 07:00] . 2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02] . 2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02] . 2014-10-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . 2014-10-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2014-07-16 15:06 672416 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2014-06-24 21:08 164760 ----a-w- c:\users\Andre Nguyen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnld2msd&cd=2XzuyEtN2Y1L1QzuzyyE0D0B0CzyyEzyzytDyE0BtB0E0A0AtN0D0Tzu0CyCtDyCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1229637531&ir= mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 71.242.0.12 FF - ProfilePath - c:\users\Andre Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\2a1ho4yz.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: keyword.URL - hxxp://[url="http://www.bing.com/search?FORM=UP97DF&PC=UP97&q="]www.bing.com/search?FORM=UP97DF&PC=UP97&q=[/url] FF - prefs.js: browser.startup.homepage - hxxp://[url="http://www.msn.com/?pc=UP97&ocid=UP97DHP"]www.msn.com/?pc=UP97&ocid=UP97DHP[/url] . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe Wow6432Node-HKCU-Run-a145a4d - c:\users\Andre Nguyen\AppData\Roaming\a145a4d.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-Run-Norton Download Manager{NF30052-PROD-FSD40014} - c:\program files (x86)\Norton 360 Premier Edition\Engine\21.5.0.19\N360.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Fallout Tactics - c:\gog games\Fallout Tactics\unins000.exe AddRemove-Unofficial Official Mods Patch_is1 - c:\program files (x86)\Steam\steamapps\common\Oblivion\Data\Unofficial Official Mods Patch\unins000.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSM] "ImagePath"="\"c:\program files (x86)\Norton Family\Engine\3.1.0.14\NF.exe\" /s \"NSM\" /m \"c:\program files (x86)\Norton Family\Engine\3.1.0.14\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32;c:\program files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1161276472-256068021-3080704986-1002\Software\SecuROM\License information*] "datasecu"=hex:c3,ce,a0,9a,91,a5,6c,31,6f,c7,71,79,3b,35,45,d4,34,31,f6,11,c2, 3f,76,e7,86,30,46,07,1c,c1,2c,96,b5,76,a5,7e,4e,1d,72,9f,1d,42,5e,07,58,8e,\ "rkeysecu"=hex:d5,e4,d5,55,cc,af,a3,9f,10,bf,1a,84,c2,c4,fc,4e . [HKEY_USERS\S-1-5-21-1161276472-256068021-3080704986-1002\Software\Win7zip] @Denied: (A B 2 3) (Everyone) "Uuid"=hex:12,44,88,41,54,9c,9f,42,a4,49,c8,33,f1,af,61,fa . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\Rundll32.exe c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe . ************************************************************************** . Completion time: 2014-10-17 18:56:08 - machine was rebooted ComboFix-quarantined-files.txt 2014-10-17 22:56 . Pre-Run: 409,050,112,000 bytes free Post-Run: 435,681,153,024 bytes free . - - End Of File - - 31A1563CFFD9C10F5A81D36C469743C4 [/QUOTE]
Insert quotes…
Verification
Post reply
Top
