Jump to content

RoSan

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Andro1d, I don't need help anymore. I've reformatted and reinstalled Windows since posting this request. Thank you for following up.
  2. Dear wonderful expert helpers, I've suspect I have a rootkit infection that is redirecting links to google.com to google.com/webhp instead. This occurs in all 4 browsers (IE, Chrome, Firefox, Opera). I also think it is creating pop-ups. I tried scanning with MalwareBytes Free and Microsoft Security Essentials (with latest definitions on both)—no hits. I also ran CCleaner, adwcleaner and aswMBR but no hits again (CCleaner cleaned some standard junk like Temp Internet Files). I have the aswMBR log but I closed adwcleaner before I realized it does not automatically make a log. I suspect this came from MP3 Skype Recorder (you'll see the program in my logs below), despite being careful to make sure it wasn't installing some 3rd party garbage. The requested FRST64 logs are below. I added the aswMBR log just in case it is useful. I put headers FRST.txt, Addition.txt, and aswMBR.txt to help you Ctrl+F to each quickly. Thank you for your help. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Ro (administrator) on WAYNETECH on 29-04-2014 19:23:54 Running from C:\Users\Ro\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Flux Software LLC) C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe (Spotify Ltd) C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\system32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\system32\wbengine.exe (Microsoft Corporation) C:\Windows\System32\vds.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [F.lux] => C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [spotify Web Helper] => C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-06-13] (Spotify Ltd) HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {5f305cce-0ee6-11e2-96fe-90e6ba104d07} - E:\setup.exe HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {7e36c833-761c-11e3-ba49-90e6ba104d07} - F:\LG_PC_Programs.exe Startup: C:\Users\Rack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ro\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File) Startup: C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop_List_View_Win7_x64.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.evidera.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDF48039BEE3CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 FireFox: ======== FF ProfilePath: C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Extension: LastPass - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\support@lastpass.com [2014-03-21] FF Extension: Facebook Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\facebook@disconnect.me.xpi [2014-04-13] FF Extension: Google Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\google@disconnect.me.xpi [2014-04-13] FF Extension: Remove Cookies for Site - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-23] FF Extension: Download Status Bar - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-24] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-28] CHR Extension: (Google Drive) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28] CHR Extension: (YouTube) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28] CHR Extension: (Adblock Plus) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-28] CHR Extension: (Google Search) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-28] CHR Extension: (Facebook Disconnect) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-06-28] CHR Extension: (AdBlock) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-28] CHR Extension: (JavaScript Popup Blocker) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-06-28] CHR Extension: (Google Wallet) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28] ==================== Services (Whitelisted) ================= R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-05] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 19:23 - 2014-04-29 19:24 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:22 - 2014-04-29 19:23 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:40 - 2014-04-29 18:57 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-22 12:05 - 2014-04-22 12:06 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2013-08-20 22:23 - 00001159 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-04 14:31 - 2014-04-04 14:35 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-03 10:55 - 2014-04-03 11:04 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2014-04-03 18:59 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-02 20:33 - 2009-05-14 09:26 - 00015416 _____ () C:\Windows\system32\Drivers\ASACPI.sys 2014-04-02 20:33 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys 2014-04-02 20:33 - 2006-01-10 16:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll 2014-04-02 20:33 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll 2014-04-02 20:33 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:27 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-02 20:27 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics ==================== One Month Modified Files and Folders ======= 2014-04-29 19:24 - 2014-04-29 19:23 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt 2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST 2014-04-29 19:23 - 2014-04-29 19:22 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe 2014-04-29 19:21 - 2012-09-18 21:59 - 01056408 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 19:19 - 2012-09-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-04-29 19:19 - 2012-09-19 01:53 - 00000000 ____D () C:\Windows\Panther 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-29 19:02 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-29 19:01 - 2012-10-15 23:26 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-29 18:58 - 2013-09-15 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-29 18:58 - 2012-10-15 23:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-29 18:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-29 18:57 - 2014-04-29 18:40 - 00000000 ____D () C:\AdwCleaner 2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt 2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat 2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe 2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe 2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk 2014-04-28 12:12 - 2012-09-20 21:12 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\vlc 2014-04-26 15:12 - 2012-11-26 12:51 - 00000000 ____D () C:\Users\Ro\AppData\Local\Black_Tree_Gaming 2014-04-26 15:12 - 2012-09-19 18:00 - 00000000 ____D () C:\Games 2014-04-26 15:11 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-04-26 09:35 - 2012-11-26 11:55 - 00000000 ____D () C:\Users\Ro\AppData\Local\Skyrim 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software 2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-25 19:38 - 2014-02-10 15:43 - 00000000 ____D () C:\Users\Ro\AppData\Local\Paint.NET 2014-04-25 19:27 - 2013-01-20 19:54 - 00000000 ____D () C:\Users\Ro\Desktop\ZOMGPLZ 2014-04-25 07:42 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-24 20:17 - 2012-09-18 21:59 - 00001413 _____ () C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html 2014-04-24 19:38 - 2012-11-21 14:41 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Skype 2014-04-24 19:33 - 2014-01-12 19:58 - 00000000 ____D () C:\Users\Ro\AppData\Local\Unity 2014-04-24 19:33 - 2012-10-28 15:52 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins 2014-04-24 08:39 - 2013-10-13 23:06 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll 2014-04-23 08:47 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro 2014-04-22 12:06 - 2014-04-22 12:05 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx 2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm 2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm 2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe 2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm 2014-04-18 11:15 - 2012-11-04 17:20 - 00000000 ____D () C:\Users\Ro\Documents\My Games 2014-04-18 08:45 - 2012-11-03 00:36 - 00000000 ____D () C:\Users\Ro\Documents\ZOMGPLZ 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Users\Ro\AppData\Local\Ubisoft Game Launcher 2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft 2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk 2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk 2014-04-13 15:35 - 2012-10-15 23:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation 2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA 2014-04-11 19:00 - 2012-10-26 10:21 - 00000000 ____D () C:\Users\Rack\AppData\Roaming\Dropbox 2014-04-11 10:56 - 2012-10-26 10:22 - 00000000 ___RD () C:\Users\Rack\Dropbox 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder 2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder 2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi 2014-04-10 08:20 - 2012-09-19 17:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-04-08 18:59 - 2014-03-13 22:50 - 00000000 ____D () C:\Users\Ro\AppData\Local\Battle.net 2014-04-08 18:44 - 2014-03-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2014-04-06 22:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-04 14:35 - 2014-04-04 14:31 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx 2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx 2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn 2014-04-04 08:18 - 2014-03-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-04-03 18:59 - 2014-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\ASUS 2014-04-03 18:59 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro\AppData\Local\VirtualStore 2014-04-03 15:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-04-03 11:04 - 2014-04-03 10:55 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx 2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv 2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls 2014-04-02 20:33 - 2013-07-15 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip 2014-04-02 20:28 - 2012-09-19 17:45 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-02 20:27 - 2012-09-19 17:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-04-02 20:27 - 2012-09-19 17:45 - 00001945 _____ () C:\Windows\epplauncher.mif 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx 2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm 2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics 2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm 2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics Some content of TEMP: ==================== C:\Users\Ro\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 09:12 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Ro at 2014-04-29 19:24:11 Running from C:\Users\Ro\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) f.lux (HKCU\...\Flux) (Version: - ) FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version: - SQUARE ENIX) Folder Size 2.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.8.0.0 - MindGems, Inc.) GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden LaCie Network Assistant 1.5.16.73 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.16.73 - LaCie) Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig) NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation) NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation) NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation) NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics) SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.0.128.g3134f863 - Spotify AB) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version: - ) ==================== Restore Points ========================= 29-04-2014 22:24:27 Removed MP3 Skype recorder ==================== Hosts content: ========================== 2009-07-13 22:34 - 2013-07-07 12:22 - 00575906 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 fr.a2dfp.net 127.0.0.1 m.fr.a2dfp.net 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 abcstats.com 127.0.0.1 a.abv.bg 127.0.0.1 adserver.abv.bg 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 ca.abv.bg 127.0.0.1 www2.a-counter.kiev.ua 127.0.0.1 track.acclaimnetwork.com 127.0.0.1 accuserveadsystem.com 127.0.0.1 www.accuserveadsystem.com 127.0.0.1 achmedia.com 127.0.0.1 csh.actiondesk.com 127.0.0.1 www.activemeter.com #[Tracking.Cookie] 127.0.0.1 ads.activepower.net 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie] 127.0.0.1 cms.ad2click.nl 127.0.0.1 ad2games.com 127.0.0.1 ads.ad2games.com 127.0.0.1 content.ad20.net 127.0.0.1 core.ad20.net 127.0.0.1 banner.ad.nu 127.0.0.1 cl21.v4.adaction.se 127.0.0.1 adadvisor.net 127.0.0.1 tag1.adaptiveads.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {1AA70187-E072-43FE-96D7-ECCA44D4E629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {74A43562-AA48-4BA0-BC29-37D9E1B0BC2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.) Task: {E3A46183-6069-4025-9C84-33035E3B7DCA} - System32\Tasks\{3A3CA8E3-12CF-4236-A870-C7E512BB18F9} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing Task: {F0C6C727-04A8-4F4E-9759-D6E30473E95F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69526344-1342381157-3629351510-1001Core1cd96b12d111dff.job => C:\Users\Ro\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-15 14:24 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-10-28 15:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2014-03-29 11:12 - 2014-03-29 11:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-03-21 19:04 - 2014-03-21 19:04 - 01020928 _____ () C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7597 Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6598 Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5600 Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/28/2014 10:23:02 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4602 System errors: ============= Error: (04/28/2014 00:33:28 PM) (Source: atapi) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort5. Error: (04/27/2014 08:18:56 PM) (Source: Service Control Manager) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. Error: (04/26/2014 06:43:27 PM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow. Error: (04/26/2014 09:21:09 AM) (Source: volsnap) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/24/2014 08:39:39 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 11:39:40 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 06:35:18 PM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/23/2014 08:44:35 AM) (Source: Service Control Manager) (User: ) Description: The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions: ========================= Error: (04/22/2014 11:40:08 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3344 seconds with 1320 seconds of active time. This session ended with a crash. Error: (02/06/2014 10:57:40 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 425 seconds with 240 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 8191.05 MB Available physical RAM: 6384.79 MB Total Pagefile: 16380.29 MB Available Pagefile: 14451.53 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:27.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 56F7885B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ aswMBR.txt aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-04-29 18:45:18 ----------------------------- 18:45:18.680 OS Version: Windows x64 6.1.7601 Service Pack 1 18:45:18.680 Number of processors: 2 586 0x170A 18:45:18.681 ComputerName: WAYNETECH UserName: Ro 18:45:18.835 Initialize success 18:46:23.046 AVAST engine defs: 14042901 18:46:49.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6 18:46:49.724 Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 3 18:46:49.728 Disk 0 MBR read successfully 18:46:49.730 Disk 0 MBR scan 18:46:49.737 Disk 0 Windows 7 default MBR code 18:46:49.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:46:49.773 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848 18:46:49.821 Disk 0 scanning C:\Windows\system32\drivers 18:46:55.046 Service scanning 18:47:08.961 Modules scanning 18:47:08.961 Disk 0 trace - called modules: 18:47:08.961 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800704a2c0]<<spjf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 18:47:08.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007679060] 18:47:08.977 3 CLASSPNP.SYS[fffff88001a3e43f] -> nt!IofCallDriver -> [0xfffffa80071b8520] 18:47:08.977 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0xfffffa80071c7060] 18:47:08.992 \Driver\atapi[0xfffffa8007198610] -> IRP_MJ_CREATE -> 0xfffffa800704a2c0 18:47:09.211 AVAST engine scan C:\Windows 18:47:09.788 AVAST engine scan C:\Windows\system32 18:49:02.296 AVAST engine scan C:\Windows\system32\drivers 18:49:07.912 AVAST engine scan C:\Users\Ro 18:51:18.157 AVAST engine scan C:\ProgramData 18:52:57.756 Scan finished successfully 18:56:04.219 Disk 0 MBR has been saved successfully to "C:\Users\Ro\Documents\MBR.dat" 18:56:04.252 The log file has been saved successfully to "C:\Users\Ro\Documents\aswMBR.txt"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.