Thank you Ron The ESET scan finished just as I was going to bed, and this morning I ran the Farbar scan so here is the contents of the FRST log and the Addition log is attached. I will try and work on the TDSSKiller today but will be gone most of the afternoon so it might be tonight if I think I have time, after looking at the instructions. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01 Ran by Wen D (administrator) on 23-07-2013 06:27:27 Running from C:\Users\Wen D\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Memeo) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (AVerMedia Technologies, Inc.) C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_IATICEA.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (AVerMedia TECHNOLOGIES, Inc.) C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (C-motech Co.,Ltd) C:\Program Files (x86)\ACS_CDU680\EVDO-Modem\Bin\RDVCHG.exe () C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVerMedia Technologies, Inc. ) C:\Program Files (x86)\SnugTV\SnugTV Station\QuickStart.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Dropbox, Inc.) C:\Users\Wen D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Memeo Inc.) C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [x] HKLM\...\Run: [intelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation) HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.) HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-10] (Dell) HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\917\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) HKCU\...\Run: [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-20] (Microsoft Corporation) HKCU\...\Run: [EPSON Stylus CX8400 Series] - C:\Users\WEND~1\AppData\Local\Temp\E_S449F.tmp [126 2011-04-30] () HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.) HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [Facebook Update] - C:\Users\Wen D\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.) HKCU\...\Run: [Google Update] - C:\Users\Wen D\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-10-07] (Google Inc.) HKCU\...\Run: [AdobeBridge] - [x] MountPoints2: {162110b0-0c22-11e2-949e-8f8383a4ad0a} - F:\win\setup.exe -phs MountPoints2: {38c082ef-1e88-11e0-843c-000df0926462} - F:\LaunchU3.exe -a MountPoints2: {38c57d55-6786-11e0-a1bb-ac0240455401} - G:\unlock.exe autoplay=true MountPoints2: {9be99ee0-1b82-11e0-9813-000df0926462} - F:\HPLauncher.exe MountPoints2: {9d0fcd30-e802-11e2-b4eb-aa5188b23c07} - "F:\WD Drive Unlock.exe" autoplay=true HKLM-x32\...\Run: [NUSB3MON] - "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] - "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] - "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-09-28] (cyberlink) HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x] HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ACS_CDU680] - C:\Program Files (x86)\ACS_CDU680\EVDO-Modem\BIN\RDVCHG.EXE [316664 2008-06-03] (C-motech Co.,Ltd) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [Desktop Disc Tool] - "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-12-15] () HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [CCPrt] - "C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe" [1267320 2012-02-03] (Cisco Consumer Products LLC) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital) HKLM-x32\...\Run: [WD Anywhere Backup] - C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent [222432 2009-11-12] (Memeo Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk ShortcutTarget: AVerQuick.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe (AVerMedia TECHNOLOGIES, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorMunki Display Tray.lnk ShortcutTarget: ColorMunki Display Tray.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\ColorMunkiDisplayTray.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnugTV Quick Start.lnk ShortcutTarget: SnugTV Quick Start.lnk -> C:\Windows\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe (Macrovision Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Wen D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Wen D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Wen D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\Wen D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {D4078EC4-3248-4957-8247-2D24D2848F7D} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {94AB31F5-3253-40FD-A759-4AE172603604} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKCU - {94AB31F5-3253-40FD-A759-4AE172603604} URL = SearchScopes: HKCU - {D4078EC4-3248-4957-8247-2D24D2848F7D} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - No File Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.227.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wen D\AppData\Roaming\Mozilla\Firefox\Profiles\mf9xqlkf.default FF Homepage: about:newtab FF NetworkProxy: "no_proxies_on", "*.local" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Wen D\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Wen D\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Wen D\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Wen D\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Ghostery - C:\Users\Wen D\AppData\Roaming\Mozilla\Firefox\Profiles\mf9xqlkf.default\Extensions\firefox@ghostery.com FF Extension: Evernote Web Clipper - C:\Users\Wen D\AppData\Roaming\Mozilla\Firefox\Profiles\mf9xqlkf.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Talk Plugin) - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Wen D\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( ) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\Wen D\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Wen D\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Docs) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Skype Click to Call) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0 CHR Extension: (Gmail) - C:\Users\WEND~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software) R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [348160 2009-10-30] (AVerMedia) R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-06] () R2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [168448 2011-01-06] (AVerMedia TECHNOLOGIES, Inc.) S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [254448 2010-09-28] (CyberLink) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MemeoBackgroundService; C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe [25824 2009-11-12] (Memeo) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] () R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2012-02-08] () R2 SnugTV Service; C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [570880 2011-01-05] (AVerMedia Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-19] (Western Digital Technologies, Inc.) R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [203088 2011-03-10] (X-Rite Inc.) S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-05-09] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-06-27] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] () S3 AVerFx2hbtv64; C:\Windows\System32\drivers\AVerFx2hbtv64.sys [512512 2009-12-08] (AVerMedia TECHNOLOGIES, Inc.) S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [112768 2007-06-08] (C-motech Co.,Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation) S3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [26192 2011-06-15] (Windows ® Codename Longhorn DDK provider) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [299184 2011-10-16] (silex technology, Inc.) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2011-06-23] (Nicomsoft Ltd.) R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2011-06-23] (Nicomsoft Ltd.) S1 RxFilter; system32\DRIVERS\RxFilter.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-23 06:27 - 2013-07-23 06:27 - 00000000 ____D C:\FRST 2013-07-23 06:22 - 2013-07-23 06:21 - 01779447 _____ (Farbar) C:\Users\Wen D\Desktop\FRST64.exe 2013-07-23 06:21 - 2013-07-23 06:21 - 01779447 _____ (Farbar) C:\Users\Wen D\Downloads\FRST64.exe 2013-07-22 22:50 - 2013-07-22 22:50 - 00000555 _____ C:\Users\Wen D\Desktop\ESETthreatlist.txt 2013-07-22 20:23 - 2013-07-22 20:24 - 02347384 _____ (ESET) C:\Users\Wen D\Downloads\esetsmartinstaller_enu.exe 2013-07-22 20:16 - 2013-07-22 20:16 - 00001923 _____ C:\Users\Wen D\Desktop\AdwCleaner[s1].txt 2013-07-22 19:58 - 2013-07-22 19:58 - 00001923 _____ C:\AdwCleaner[s1].txt 2013-07-22 19:57 - 2013-07-22 19:51 - 00666633 _____ C:\Users\Wen D\Desktop\AdwCleaner.exe 2013-07-22 19:57 - 2013-07-22 19:13 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Wen D\Desktop\JRT.exe 2013-07-22 19:50 - 2013-07-22 19:51 - 00666633 _____ C:\Users\Wen D\Downloads\AdwCleaner.exe 2013-07-22 19:38 - 2013-07-22 19:38 - 00032286 _____ C:\Users\Wen D\Desktop\JRT.txt 2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Windows\ERUNT 2013-07-22 19:13 - 2013-07-22 19:13 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Wen D\Downloads\JRT.exe 2013-07-22 12:56 - 2013-07-22 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-22 12:52 - 2013-07-22 12:52 - 00000000 ____D C:\Users\Wen D\Downloads\mbar-1.06.0.1004 2013-07-22 12:30 - 2013-07-22 12:35 - 13399154 _____ C:\Users\Wen D\Downloads\mbar-1.06.0.1004.zip 2013-07-22 12:20 - 2013-07-22 12:20 - 00001997 _____ C:\Users\Wen D\Desktop\RKreport[0]_S_07222013_122018.txt 2013-07-22 12:17 - 2013-07-22 12:25 - 00000000 ____D C:\Users\Wen D\Desktop\RK_Quarantine 2013-07-22 12:16 - 2013-07-22 10:54 - 03778560 _____ C:\Users\Wen D\Desktop\RogueKillerX64.exe 2013-07-22 10:54 - 2013-07-22 10:54 - 03778560 _____ C:\Users\Wen D\Downloads\RogueKillerX64.exe 2013-07-22 10:49 - 2013-07-22 10:49 - 00000000 ____D C:\Windows\ERDNT 2013-07-22 10:48 - 2013-07-22 10:48 - 00000926 _____ C:\Users\Wen D\Desktop\NTREGOPT.lnk 2013-07-22 10:48 - 2013-07-22 10:48 - 00000907 _____ C:\Users\Wen D\Desktop\ERUNT.lnk 2013-07-22 10:48 - 2013-07-22 10:48 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-22 10:47 - 2013-07-22 10:47 - 00791393 _____ (Lars Hederer ) C:\Users\Wen D\Downloads\erunt-setup(1).exe 2013-07-22 10:36 - 2013-07-22 10:37 - 00286824 _____ C:\Windows\Minidump\072213-23602-01.dmp 2013-07-21 08:16 - 2013-07-21 08:16 - 00791393 _____ (Lars Hederer ) C:\Users\Wen D\Downloads\erunt-setup.exe 2013-07-21 07:46 - 2013-07-21 07:46 - 00291936 _____ C:\Windows\Minidump\072113-23259-01.dmp 2013-07-17 07:30 - 2013-07-17 07:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Wen D\Downloads\install_flash_player(1).exe 2013-07-14 09:49 - 2013-07-14 09:49 - 00288800 _____ C:\Windows\Minidump\071413-27019-01.dmp 2013-07-13 21:23 - 2013-07-13 21:23 - 00035047 _____ C:\Users\Wen D\Desktop\dds.txt 2013-07-13 21:23 - 2013-07-13 21:23 - 00019887 _____ C:\Users\Wen D\Desktop\attach.txt 2013-07-13 21:15 - 2013-07-13 21:15 - 00688992 ____R (Swearware) C:\Users\Wen D\Downloads\dds.scr 2013-07-13 21:07 - 2013-07-13 21:08 - 00291952 _____ C:\Windows\Minidump\071313-118389-01.dmp 2013-07-13 11:33 - 2013-07-13 11:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Wen D\Downloads\MicrosoftFixit.WinSecurity.LB.147297174599745364.2.1.Run.exe 2013-07-12 12:15 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-07-12 12:15 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-07-12 12:15 - 2012-08-23 06:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-07-12 12:15 - 2012-08-23 05:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-07-12 12:15 - 2012-08-23 05:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-07-12 12:15 - 2012-08-23 05:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-07-12 12:15 - 2012-08-23 05:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-07-12 12:15 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-07-12 12:15 - 2012-08-23 05:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-07-12 12:15 - 2012-08-23 05:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-07-12 12:15 - 2012-08-23 05:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-07-12 12:15 - 2012-08-23 05:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-07-12 12:15 - 2012-08-23 04:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-07-12 12:15 - 2012-08-23 03:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-07-12 12:15 - 2012-08-23 03:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-07-12 12:15 - 2012-08-23 03:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-07-12 12:15 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-07-12 12:15 - 2012-08-23 02:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-07-12 12:15 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-07-12 12:15 - 2012-08-23 02:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-07-12 12:15 - 2012-08-23 02:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-07-12 12:15 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-07-12 12:15 - 2012-08-23 00:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-07-12 12:15 - 2012-08-23 00:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-12 11:47 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-12 11:47 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-12 11:47 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-12 11:47 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-12 11:47 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-12 11:47 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-12 11:47 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-12 11:47 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 11:47 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-12 11:47 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-12 11:47 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-12 11:46 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-12 10:24 - 2009-07-13 20:49 - 00001266 _____ C:\Users\Wen D\Desktop\Windows Update.lnk 2013-07-12 08:28 - 2013-07-12 08:29 - 00282808 _____ C:\Windows\Minidump\071213-75317-01.dmp 2013-07-11 10:57 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 10:57 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 10:57 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 10:57 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 10:57 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 10:57 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 10:57 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-09 14:35 - 2013-07-09 14:36 - 00292064 _____ C:\Windows\Minidump\070913-26707-01.dmp 2013-07-08 17:44 - 2013-07-08 17:44 - 00000000 ____D C:\ProgramData\MemeoCommon 2013-07-08 17:41 - 2013-07-08 17:41 - 00001186 _____ C:\Users\Public\Desktop\WD Anywhere Backup.lnk 2013-07-08 17:41 - 2013-07-08 17:41 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\WD 2013-07-08 17:41 - 2013-07-08 17:41 - 00000000 ____D C:\Program Files (x86)\WD 2013-07-08 14:47 - 2013-07-08 14:47 - 00000000 ____D C:\Users\WEND~1\AppData\Local\Western_Digital_Technolog 2013-07-08 14:47 - 2013-07-08 14:47 - 00000000 ____D C:\Users\WEND~1\AppData\Local\Western Digital 2013-07-08 14:04 - 2013-07-08 14:04 - 00889416 _____ (Microsoft Corporation) C:\Users\Wen D\Downloads\dotNetFx40_Full_setup.exe 2013-07-08 13:33 - 2013-07-08 13:33 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-07-08 11:12 - 2013-07-08 14:46 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-07-08 10:18 - 2013-07-08 10:18 - 00292032 _____ C:\Windows\Minidump\070813-22198-01.dmp 2013-06-30 07:42 - 2013-06-30 07:42 - 00001927 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-06-27 14:18 - 2013-06-27 14:18 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 06:22 - 2013-06-27 06:22 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-26 09:45 - 2013-06-27 14:18 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-26 09:45 - 2013-06-27 14:18 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-25 07:03 - 2013-06-25 07:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-07-23 06:27 - 2013-07-23 06:27 - 00000000 ____D C:\FRST 2013-07-23 06:26 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-23 06:26 - 2009-07-13 20:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-23 06:25 - 2011-01-08 15:18 - 00000000 ____D C:\Users\WEND~1\AppData\Local\Adobe 2013-07-23 06:23 - 2009-07-13 21:13 - 00783458 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-23 06:21 - 2013-07-23 06:22 - 01779447 _____ (Farbar) C:\Users\Wen D\Desktop\FRST64.exe 2013-07-23 06:21 - 2013-07-23 06:21 - 01779447 _____ (Farbar) C:\Users\Wen D\Downloads\FRST64.exe 2013-07-23 06:17 - 2012-09-30 13:41 - 00000000 ___RD C:\Users\Wen D\Dropbox 2013-07-23 06:17 - 2012-09-30 13:32 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\Dropbox 2013-07-23 06:17 - 2012-07-12 18:34 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-07-23 06:16 - 2013-03-09 06:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-23 06:16 - 2010-12-21 16:55 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-23 06:16 - 2010-12-21 16:03 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks 2013-07-23 06:16 - 2010-12-21 16:03 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks 2013-07-23 06:16 - 2010-12-21 15:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup 2013-07-23 06:15 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-23 06:15 - 2009-07-13 20:51 - 00105532 _____ C:\Windows\setupact.log 2013-07-22 22:51 - 2009-07-13 21:10 - 01265098 _____ C:\Windows\WindowsUpdate.log 2013-07-22 22:50 - 2013-07-22 22:50 - 00000555 _____ C:\Users\Wen D\Desktop\ESETthreatlist.txt 2013-07-22 22:46 - 2013-03-09 06:24 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-22 22:08 - 2012-10-07 14:35 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001UA.job 2013-07-22 22:08 - 2012-04-15 07:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 21:42 - 2012-05-02 06:32 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001UA.job 2013-07-22 21:42 - 2012-05-02 06:32 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001Core.job 2013-07-22 20:24 - 2013-07-22 20:23 - 02347384 _____ (ESET) C:\Users\Wen D\Downloads\esetsmartinstaller_enu.exe 2013-07-22 20:16 - 2013-07-22 20:16 - 00001923 _____ C:\Users\Wen D\Desktop\AdwCleaner[s1].txt 2013-07-22 19:59 - 2010-12-21 16:53 - 00127606 _____ C:\Windows\PFRO.log 2013-07-22 19:58 - 2013-07-22 19:58 - 00001923 _____ C:\AdwCleaner[s1].txt 2013-07-22 19:51 - 2013-07-22 19:57 - 00666633 _____ C:\Users\Wen D\Desktop\AdwCleaner.exe 2013-07-22 19:51 - 2013-07-22 19:50 - 00666633 _____ C:\Users\Wen D\Downloads\AdwCleaner.exe 2013-07-22 19:38 - 2013-07-22 19:38 - 00032286 _____ C:\Users\Wen D\Desktop\JRT.txt 2013-07-22 19:27 - 2013-07-22 19:27 - 00000000 ____D C:\Windows\ERUNT 2013-07-22 19:13 - 2013-07-22 19:57 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Wen D\Desktop\JRT.exe 2013-07-22 19:13 - 2013-07-22 19:13 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Wen D\Downloads\JRT.exe 2013-07-22 18:58 - 2013-07-22 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-22 13:01 - 2013-05-22 15:14 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask 2013-07-22 12:52 - 2013-07-22 12:52 - 00000000 ____D C:\Users\Wen D\Downloads\mbar-1.06.0.1004 2013-07-22 12:35 - 2013-07-22 12:30 - 13399154 _____ C:\Users\Wen D\Downloads\mbar-1.06.0.1004.zip 2013-07-22 12:25 - 2013-07-22 12:17 - 00000000 ____D C:\Users\Wen D\Desktop\RK_Quarantine 2013-07-22 12:20 - 2013-07-22 12:20 - 00001997 _____ C:\Users\Wen D\Desktop\RKreport[0]_S_07222013_122018.txt 2013-07-22 11:30 - 2013-05-22 15:13 - 00000000 ____D C:\Program Files\My Dell 2013-07-22 11:30 - 2010-12-21 15:21 - 00000000 ____D C:\ProgramData\PCDr 2013-07-22 10:54 - 2013-07-22 12:16 - 03778560 _____ C:\Users\Wen D\Desktop\RogueKillerX64.exe 2013-07-22 10:54 - 2013-07-22 10:54 - 03778560 _____ C:\Users\Wen D\Downloads\RogueKillerX64.exe 2013-07-22 10:49 - 2013-07-22 10:49 - 00000000 ____D C:\Windows\ERDNT 2013-07-22 10:48 - 2013-07-22 10:48 - 00000926 _____ C:\Users\Wen D\Desktop\NTREGOPT.lnk 2013-07-22 10:48 - 2013-07-22 10:48 - 00000907 _____ C:\Users\Wen D\Desktop\ERUNT.lnk 2013-07-22 10:48 - 2013-07-22 10:48 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-07-22 10:47 - 2013-07-22 10:47 - 00791393 _____ (Lars Hederer ) C:\Users\Wen D\Downloads\erunt-setup(1).exe 2013-07-22 10:44 - 2011-03-25 18:33 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C4C3D17E-3155-41F5-8DE8-C45A96ED8C2A} 2013-07-22 10:37 - 2013-07-22 10:36 - 00286824 _____ C:\Windows\Minidump\072213-23602-01.dmp 2013-07-22 10:36 - 2011-07-21 18:58 - 00000000 ____D C:\Windows\Minidump 2013-07-22 10:36 - 2011-07-21 18:57 - 1013054976 _____ C:\Windows\MEMORY.DMP 2013-07-21 09:08 - 2012-10-07 14:35 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001Core.job 2013-07-21 08:16 - 2013-07-21 08:16 - 00791393 _____ (Lars Hederer ) C:\Users\Wen D\Downloads\erunt-setup.exe 2013-07-21 07:46 - 2013-07-21 07:46 - 00291936 _____ C:\Windows\Minidump\072113-23259-01.dmp 2013-07-20 17:20 - 2011-01-11 14:17 - 00000000 ____D C:\Users\Wen D\Documents\Camping Travel 2013-07-19 11:32 - 2011-01-11 14:16 - 00000000 ____D C:\Users\Wen D\Documents\Bills 2013-07-18 10:58 - 2011-01-17 11:35 - 00000000 ____D C:\Users\Wen D\Documents\Outlook Files 2013-07-18 10:56 - 2011-10-24 18:16 - 00000000 ____D C:\Users\WEND~1\AppData\Local\1D5AB6BD-26FA-4FB0-9CC0-8B3FD33FFBBE.aplzod 2013-07-17 07:31 - 2012-04-15 07:08 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-17 07:31 - 2012-04-15 07:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-17 07:31 - 2012-02-24 11:34 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-17 07:30 - 2013-07-17 07:30 - 17737608 _____ (Adobe Systems Incorporated) C:\Users\Wen D\Downloads\install_flash_player(1).exe 2013-07-17 07:25 - 2010-12-21 15:28 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-07-15 08:23 - 2012-07-12 18:35 - 00002077 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk 2013-07-14 09:49 - 2013-07-14 09:49 - 00288800 _____ C:\Windows\Minidump\071413-27019-01.dmp 2013-07-13 21:23 - 2013-07-13 21:23 - 00035047 _____ C:\Users\Wen D\Desktop\dds.txt 2013-07-13 21:23 - 2013-07-13 21:23 - 00019887 _____ C:\Users\Wen D\Desktop\attach.txt 2013-07-13 21:15 - 2013-07-13 21:15 - 00688992 ____R (Swearware) C:\Users\Wen D\Downloads\dds.scr 2013-07-13 21:08 - 2013-07-13 21:07 - 00291952 _____ C:\Windows\Minidump\071313-118389-01.dmp 2013-07-13 11:33 - 2013-07-13 11:33 - 00347424 _____ (Microsoft Corporation) C:\Users\Wen D\Downloads\MicrosoftFixit.WinSecurity.LB.147297174599745364.2.1.Run.exe 2013-07-13 10:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-07-13 09:49 - 2013-03-14 07:24 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-12 12:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF 2013-07-12 12:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-07-12 12:12 - 2010-12-21 16:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-07-12 11:44 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 11:41 - 2013-03-09 06:24 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-12 11:41 - 2013-03-09 06:24 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 11:33 - 2011-01-07 13:04 - 00000000 ____D C:\Users\Wen D 2013-07-12 09:38 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 09:38 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-12 09:23 - 2009-07-13 20:45 - 05163232 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 09:10 - 2012-04-01 09:12 - 00777674 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-07-12 09:03 - 2012-10-07 14:35 - 00003882 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001UA 2013-07-12 09:03 - 2012-10-07 14:35 - 00003486 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1960927932-507688188-3776875016-1001Core 2013-07-12 08:29 - 2013-07-12 08:28 - 00282808 _____ C:\Windows\Minidump\071213-75317-01.dmp 2013-07-11 13:33 - 2011-01-07 15:51 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-11 13:27 - 2011-01-16 13:19 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-11 13:21 - 2012-05-11 22:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 13:21 - 2012-05-11 22:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 13:19 - 2011-01-07 19:40 - 00000000 ____D C:\Users\Wen D\Documents\Quicken 2013-07-10 12:04 - 2011-07-10 10:47 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\Mozilla 2013-07-10 07:31 - 2011-01-11 14:17 - 00000000 ____D C:\Users\Wen D\Documents\computer info 2013-07-09 14:36 - 2013-07-09 14:35 - 00292064 _____ C:\Windows\Minidump\070913-26707-01.dmp 2013-07-08 17:44 - 2013-07-08 17:44 - 00000000 ____D C:\ProgramData\MemeoCommon 2013-07-08 17:41 - 2013-07-08 17:41 - 00001186 _____ C:\Users\Public\Desktop\WD Anywhere Backup.lnk 2013-07-08 17:41 - 2013-07-08 17:41 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\WD 2013-07-08 17:41 - 2013-07-08 17:41 - 00000000 ____D C:\Program Files (x86)\WD 2013-07-08 17:34 - 2011-04-15 10:19 - 00000000 ____D C:\ProgramData\Western Digital 2013-07-08 17:34 - 2011-04-15 10:19 - 00000000 ____D C:\Program Files (x86)\Western Digital 2013-07-08 14:47 - 2013-07-08 14:47 - 00000000 ____D C:\Users\WEND~1\AppData\Local\Western_Digital_Technolog 2013-07-08 14:47 - 2013-07-08 14:47 - 00000000 ____D C:\Users\WEND~1\AppData\Local\Western Digital 2013-07-08 14:46 - 2013-07-08 11:12 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat 2013-07-08 14:46 - 2010-12-21 15:06 - 00078278 _____ C:\Windows\DPINST.LOG 2013-07-08 14:04 - 2013-07-08 14:04 - 00889416 _____ (Microsoft Corporation) C:\Users\Wen D\Downloads\dotNetFx40_Full_setup.exe 2013-07-08 13:55 - 2011-01-22 15:01 - 00104280 _____ C:\Users\Wen D\GoToAssistDownloadHelper.exe 2013-07-08 13:33 - 2013-07-08 13:33 - 00000000 ____D C:\Windows\System32\Tasks\Western Digital 2013-07-08 10:18 - 2013-07-08 10:18 - 00292032 _____ C:\Windows\Minidump\070813-22198-01.dmp 2013-06-30 07:42 - 2013-06-30 07:42 - 00001927 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-06-30 07:23 - 2013-02-01 12:54 - 00000000 ____D C:\ProgramData\onOne Software 2013-06-30 07:22 - 2013-02-01 12:54 - 00000000 ____D C:\Program Files\onOne Software 2013-06-30 07:22 - 2013-02-01 12:54 - 00000000 ____D C:\Program Files (x86)\onOne Software 2013-06-30 07:19 - 2013-02-01 12:59 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\onOne Software 2013-06-30 07:19 - 2013-02-01 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\onOne Software 2013-06-30 07:19 - 2010-12-21 15:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-06-27 14:18 - 2013-06-27 14:18 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 14:18 - 2013-06-26 09:45 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-06-27 14:18 - 2013-06-26 09:45 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-06-27 14:18 - 2013-03-14 07:08 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys 2013-06-27 14:18 - 2012-07-12 18:35 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2013-06-27 14:18 - 2012-07-12 18:34 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2013-06-27 06:22 - 2013-06-27 06:22 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-27 06:22 - 2013-06-27 06:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-27 06:22 - 2012-10-13 16:11 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-27 06:22 - 2010-12-21 15:05 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-27 06:13 - 2012-04-25 06:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-06-25 07:03 - 2013-06-25 07:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-06-25 06:13 - 2011-01-07 13:04 - 00000000 ___RD C:\Users\Wen D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-06-25 06:12 - 2012-09-30 13:41 - 00001023 _____ C:\Users\Wen D\Desktop\Dropbox.lnk 2013-06-25 06:12 - 2012-09-30 13:33 - 00000000 ____D C:\Users\Wen D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-06-25 06:06 - 2009-07-13 21:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT Files to move or delete: ==================== C:\Users\Wen D\GoToAssistDownloadHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-13 10:14 ==================== End Of Log ============================ Addition.txt