usmcsniper

Members

View Profile See their activity

Posts
10
Joined
July 17, 2014
Last visited
July 28, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by usmcsniper

Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Normal Mode Reports AswMBR and FRST w/Additional report aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-28 13:25:18 ----------------------------- 13:25:18.878 OS Version: Windows x64 6.2.9200 13:25:18.878 Number of processors: 4 586 0x3A09 13:25:18.878 ComputerName: CRAPPY UserName: Vaporz 13:25:19.785 Initialize success 13:25:19.894 VM: initialized successfully 13:25:19.894 VM: Intel CPU supported 13:25:22.293 VM: disk I/O iaStorA.sys 13:25:25.855 AVAST engine defs: 14072802 13:25:40.905 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e 13:25:40.905 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX003M Size: 715404MB BusType: 11 13:25:41.030 Disk 0 MBR read successfully 13:25:41.030 Disk 0 MBR scan 13:25:41.030 Disk 0 Windows 7 default MBR code 13:25:41.046 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 13:25:41.155 Disk 0 scanning C:\windows\system32\drivers 13:25:48.454 Service scanning 13:25:54.940 Service RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 13:25:54.955 Service RtkBtFilter2 C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 13:25:59.221 Modules scanning 13:25:59.221 Disk 0 trace - called modules: 13:25:59.221 ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys THAccel.sys hal.dll 13:25:59.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0012478e460] 13:25:59.237 3 CLASSPNP.SYS[fffff800793aa27b] -> nt!IofCallDriver -> [0xffffe00124790e20] 13:25:59.456 AVAST engine scan C:\ 14:11:24.467 Scan finished successfully 14:31:23.339 Disk 0 MBR fix error 14:31:46.654 Disk 0 MBR has been saved successfully to "C:\Users\Vaporz\Desktop\MBR.dat" 14:31:46.654 The log file has been saved successfully to "C:\Users\Vaporz\Desktop\aswMBR728.txt" Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Vaporz (administrator) on CRAPPY on 28-07-2014 14:32:08 Running from C:\Users\Vaporz\Desktop Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (TOSHIBA CORPORATION) C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-07-20] (Realtek Semiconductor) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-17] (AVAST Software) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] () HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3448416712-2654459564-1289727005-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com SearchScopes: HKLM - DefaultScope {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKLM - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKCU - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Vaporz\AppData\Roaming\Mozilla\Firefox\Profiles\lxvygeaa.default FF Homepage: www.msn.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-17] (AVAST Software) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor) R2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-26] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-17] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-16] (Glarysoft Ltd) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] () R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2014-07-05] (Glarysoft Ltd) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-07-20] (Intel Corporation) R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics) S3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-07-20] (Realtek Semiconductor Corporation ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-27] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-26] (Microsoft Corporation) R3 aswVmm; \??\C:\Users\Vaporz\AppData\Local\Temp\aswVmm.sys [X] U3 aswMBR; \??\C:\Users\Vaporz\AppData\Local\Temp\aswMBR.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 14:31 - 2014-07-28 14:31 - 00001816 _____ () C:\Users\Vaporz\Desktop\aswMBR728.txt 2014-07-28 12:41 - 2014-07-28 12:41 - 00001043 _____ () C:\Users\Vaporz\Desktop\MWB.txt 2014-07-27 07:59 - 2014-07-27 08:00 - 110249712 _____ (Microsoft Corporation) C:\Users\Vaporz\Desktop\msert.exe 2014-07-27 07:38 - 2014-07-28 14:32 - 00014323 _____ () C:\Users\Vaporz\Desktop\FRST.txt 2014-07-27 07:38 - 2014-07-27 07:38 - 00030036 _____ () C:\Users\Vaporz\Desktop\Addition.txt 2014-07-27 07:26 - 2014-07-28 14:31 - 00000512 _____ () C:\Users\Vaporz\Desktop\MBR.dat 2014-07-27 07:26 - 2014-07-27 07:26 - 00001741 _____ () C:\Users\Vaporz\Desktop\aswMBR.txt 2014-07-27 06:16 - 2014-07-27 06:16 - 00000306 _____ () C:\windows\PFRO.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setuperr.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setupact.log 2014-07-27 01:20 - 2014-07-27 01:20 - 00474072 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-27 01:10 - 2014-07-27 01:10 - 00773632 _____ (Robert Simpson, et al.) C:\Users\Vaporz\AppData\Roaming\System.Data.SQLite.dll 2014-07-27 01:04 - 2014-07-27 01:04 - 05379160 _____ () C:\Users\Vaporz\Desktop\RogueKillerX64(1).exe 2014-07-27 00:41 - 2014-07-27 23:46 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\CrashDumps 2014-07-27 00:22 - 2014-07-27 00:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation 2014-07-27 00:16 - 2014-07-27 00:16 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\{16D8D997-18E4-42EB-9B86-ABEBB7D83C37} 2014-07-26 20:08 - 2014-07-26 20:08 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Macromedia 2014-07-26 20:06 - 2014-07-28 14:16 - 01575919 _____ () C:\windows\WindowsUpdate.log 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-25 21:42 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll 2014-07-25 21:42 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll 2014-07-25 21:42 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe 2014-07-23 07:04 - 2014-07-23 07:04 - 00016352 ____N () C:\bootsqm.dat 2014-07-21 00:13 - 2014-07-21 00:13 - 00380416 _____ () C:\Users\Vaporz\Desktop\8pw7k8e4.exe 2014-07-20 22:58 - 2014-07-20 22:58 - 05185536 _____ (AVAST Software) C:\Users\Vaporz\Desktop\aswmbr.exe 2014-07-20 19:32 - 2014-07-20 19:32 - 00871640 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-07-20 19:32 - 2014-07-20 19:32 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-07-20 13:14 - 2014-07-20 13:14 - 00556248 _____ (Realtek Semiconductor Corporation) C:\windows\system32\Drivers\SET436D.tmp 2014-07-20 13:14 - 2014-07-20 13:14 - 00100312 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys 2014-07-20 13:14 - 2014-07-20 13:14 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-07-20 13:13 - 2014-07-20 13:13 - 03962840 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 03068120 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 02834648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02800344 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2014-07-20 13:13 - 2014-07-20 13:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01099203 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT 2014-07-20 13:13 - 2014-07-20 13:13 - 01022168 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00948952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00628952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-07-20 12:50 - 2014-07-21 04:34 - 00002858 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Vaporz) 2014-07-20 12:50 - 2014-07-20 12:50 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 09:45 - 2014-07-20 10:19 - 00000000 ____D () C:\Program Files\Recuva 2014-07-20 09:45 - 2014-07-20 09:45 - 00001681 _____ () C:\Users\Public\Desktop\Recuva.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00001332 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00000000 ____D () C:\windows\en 2014-07-20 05:48 - 2014-07-20 05:48 - 00000000 ____D () C:\windows\softwaredistribution.bak2 2014-07-20 02:29 - 2014-07-20 02:29 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Macromedia 2014-07-19 16:16 - 2014-07-19 16:16 - 00000000 ____D () C:\Program Files (x86)\AC3Filter 2014-07-19 16:16 - 2013-04-05 21:27 - 02231296 _____ () C:\windows\system32\ac3filter64.acm 2014-07-19 16:16 - 2013-04-05 21:26 - 01679360 _____ () C:\windows\SysWOW64\ac3filter.acm 2014-07-19 16:05 - 2014-07-19 16:05 - 00001093 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-07-19 14:23 - 2014-07-19 14:23 - 00004608 _____ () C:\Users\Vaporz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-19 14:22 - 2014-07-19 20:14 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DivX 2014-07-19 14:22 - 2014-07-19 16:05 - 00001609 _____ () C:\Users\Vaporz\Desktop\DivX Movies.lnk 2014-07-19 14:22 - 2014-07-19 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-07-19 14:22 - 2014-07-19 14:22 - 00001158 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-07-19 14:22 - 2014-07-19 14:22 - 00000000 ____D () C:\Program Files\DivX 2014-07-19 14:21 - 2014-07-19 16:05 - 00000000 ____D () C:\ProgramData\DivX 2014-07-19 14:21 - 2014-07-19 16:05 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-07-19 14:20 - 2014-07-19 14:21 - 00999232 _____ (DivX, LLC) C:\Users\Vaporz\Desktop\DivXInstaller.exe 2014-07-17 18:23 - 2014-07-17 18:23 - 01354223 _____ () C:\Users\Vaporz\Desktop\adwcleaner_3.216.exe 2014-07-17 11:18 - 2014-07-17 11:18 - 00000000 ____D () C:\windows\PCHEALTH 2014-07-17 11:11 - 2014-07-17 11:11 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\AVAST Software 2014-07-17 10:57 - 2014-07-17 11:11 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-07-17 10:57 - 2014-07-17 10:57 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-07-17 10:57 - 2014-07-17 10:57 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-07-17 10:57 - 2014-07-17 10:57 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 10:56 - 2014-07-17 10:56 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 10:49 - 2014-07-17 10:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 10:00 - 2014-07-28 12:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-17 09:59 - 2014-07-17 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-17 09:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-17 09:59 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-17 09:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-07-17 09:45 - 2014-07-17 09:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-17 09:45 - 2014-07-17 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-17 09:44 - 2014-07-26 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-17 09:44 - 2014-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-07-17 08:48 - 2014-07-28 14:32 - 00000000 ____D () C:\FRST 2014-07-17 08:38 - 2014-07-27 06:15 - 00000000 ____D () C:\AdwCleaner 2014-07-17 08:35 - 2014-07-27 05:22 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-17 07:42 - 2014-07-17 07:42 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-07-17 07:41 - 2014-07-17 09:27 - 00001752 _____ () C:\sc-cleaner.txt 2014-07-17 07:22 - 2014-07-27 07:38 - 02093568 _____ (Farbar) C:\Users\Vaporz\Desktop\FRST64.exe 2014-07-17 07:12 - 2014-07-17 07:12 - 00000000 ____D () C:\windows\erdnt 2014-07-17 07:11 - 2014-07-17 07:11 - 01016261 _____ (Thisisu) C:\Users\Vaporz\Desktop\JRT.exe 2014-07-17 06:57 - 2014-07-17 06:57 - 00000085 _____ () C:\windows\wininit.ini 2014-07-17 06:57 - 2014-07-17 06:57 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-07-17 06:53 - 2014-07-17 06:53 - 00000706 _____ () C:\DelFix.txt 2014-07-17 04:51 - 2014-07-21 04:35 - 00004274 _____ () C:\windows\System32\Tasks\ReimageUpdater 2014-07-17 04:51 - 2014-07-21 04:35 - 00003436 _____ () C:\windows\System32\Tasks\Reimage Reminder 2014-07-17 04:50 - 2014-07-17 04:51 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-07-16 04:36 - 2014-06-05 07:13 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll 2014-07-16 04:36 - 2014-06-05 06:14 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll 2014-07-16 04:36 - 2014-06-01 19:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll 2014-07-16 04:36 - 2014-05-31 03:07 - 00467800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS 2014-07-16 04:36 - 2014-05-31 03:07 - 00440664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00419672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00089944 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00027480 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-07-16 04:36 - 2014-05-30 23:30 - 00037376 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-07-16 04:36 - 2014-05-30 23:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys 2014-07-16 04:36 - 2014-05-30 23:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys 2014-07-16 04:36 - 2014-05-30 21:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe 2014-07-16 04:36 - 2014-05-30 21:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll 2014-07-16 04:36 - 2014-05-30 21:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll 2014-07-16 04:36 - 2014-05-27 08:53 - 02518360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-07-16 04:36 - 2014-05-27 02:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll 2014-07-16 04:36 - 2014-05-27 02:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll 2014-07-16 04:36 - 2014-05-16 21:59 - 16871936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2014-07-16 04:36 - 2014-05-16 21:13 - 12711424 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-07-16 04:33 - 2014-07-19 14:31 - 00000000 ____D () C:\windows\softwaredistribution.bak1 2014-07-10 04:05 - 2014-07-10 04:05 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\sMedio 2014-07-09 05:26 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-07-09 05:17 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 05:17 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 05:17 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 05:17 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 05:17 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 05:17 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 05:17 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-07-09 05:17 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2014-07-09 05:17 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2014-07-09 05:17 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2014-07-09 05:17 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2014-07-09 05:17 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 05:16 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 05:16 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 05:16 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 05:16 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 05:16 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 05:16 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 05:15 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 05:15 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 05:15 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 05:15 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 05:15 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 05:15 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 05:15 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 05:15 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 05:15 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 05:15 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 05:15 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 05:15 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 05:15 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 05:15 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 05:15 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 05:15 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 05:15 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 05:15 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 05:15 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 05:15 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 05:15 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 05:15 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-07-09 05:15 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll 2014-07-09 05:15 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2014-07-09 05:15 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2014-07-09 05:15 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:15 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-07-09 05:15 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-07-09 05:15 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:15 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2014-07-09 05:15 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2014-07-09 05:15 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-07-09 05:15 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll 2014-07-09 05:15 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-07-09 05:15 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll 2014-07-09 05:15 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-07-03 01:44 - 2014-07-02 23:10 - 00000747 ____R () C:\windows\system32\Drivers\etc\hosts.20140703-014444.backup 2014-07-02 19:44 - 2014-07-02 19:44 - 00000017 _____ () C:\Users\Vaporz\AppData\Local\resmon.resmoncfg 2014-06-28 02:10 - 2014-06-28 02:14 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Windows Live ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-28 14:32 - 2014-07-27 07:38 - 00014323 _____ () C:\Users\Vaporz\Desktop\FRST.txt 2014-07-28 14:32 - 2014-07-17 08:48 - 00000000 ____D () C:\FRST 2014-07-28 14:31 - 2014-07-28 14:31 - 00001816 _____ () C:\Users\Vaporz\Desktop\aswMBR728.txt 2014-07-28 14:31 - 2014-07-27 07:26 - 00000512 _____ () C:\Users\Vaporz\Desktop\MBR.dat 2014-07-28 14:19 - 2014-06-25 15:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-28 14:19 - 2014-06-23 18:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-28 14:16 - 2014-07-26 20:06 - 01575919 _____ () C:\windows\WindowsUpdate.log 2014-07-28 14:12 - 2014-06-27 13:35 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CRAPPY-Vaporz Crappy 2014-07-28 14:00 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru 2014-07-28 13:58 - 2014-06-18 20:57 - 00000000 ____D () C:\windows\AppReadiness 2014-07-28 12:46 - 2014-07-17 10:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-28 12:41 - 2014-07-28 12:41 - 00001043 _____ () C:\Users\Vaporz\Desktop\MWB.txt 2014-07-28 09:06 - 2014-03-18 03:03 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-27 23:46 - 2014-07-27 00:41 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\CrashDumps 2014-07-27 23:04 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp 2014-07-27 08:00 - 2014-07-27 07:59 - 110249712 _____ (Microsoft Corporation) C:\Users\Vaporz\Desktop\msert.exe 2014-07-27 07:51 - 2014-06-26 14:15 - 00000000 ___DO () C:\Users\Vaporz\OneDrive 2014-07-27 07:47 - 2014-06-18 12:34 - 00000348 _____ () C:\windows\Tasks\GlaryInitialize 5.job 2014-07-27 07:47 - 2014-06-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-07-27 07:46 - 2014-06-20 19:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-27 07:46 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-27 07:38 - 2014-07-27 07:38 - 00030036 _____ () C:\Users\Vaporz\Desktop\Addition.txt 2014-07-27 07:38 - 2014-07-17 07:22 - 02093568 _____ (Farbar) C:\Users\Vaporz\Desktop\FRST64.exe 2014-07-27 07:26 - 2014-07-27 07:26 - 00001741 _____ () C:\Users\Vaporz\Desktop\aswMBR.txt 2014-07-27 06:16 - 2014-07-27 06:16 - 00000306 _____ () C:\windows\PFRO.log 2014-07-27 06:15 - 2014-07-17 08:38 - 00000000 ____D () C:\AdwCleaner 2014-07-27 05:22 - 2014-07-17 08:35 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setuperr.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setupact.log 2014-07-27 01:20 - 2014-07-27 01:20 - 00474072 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-27 01:10 - 2014-07-27 01:10 - 00773632 _____ (Robert Simpson, et al.) C:\Users\Vaporz\AppData\Roaming\System.Data.SQLite.dll 2014-07-27 01:04 - 2014-07-27 01:04 - 05379160 _____ () C:\Users\Vaporz\Desktop\RogueKillerX64(1).exe 2014-07-27 00:59 - 2014-06-20 19:45 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-27 00:51 - 2014-06-18 09:32 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3448416712-2654459564-1289727005-1001 2014-07-27 00:44 - 2012-11-13 01:22 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-27 00:22 - 2014-07-27 00:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation 2014-07-27 00:21 - 2012-11-13 01:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba 2014-07-27 00:21 - 2012-11-13 01:23 - 00000000 ____D () C:\Program Files\Toshiba 2014-07-27 00:17 - 2013-02-17 04:59 - 00000000 ____D () C:\windows\System32\Tasks\TOSHIBA 2014-07-27 00:17 - 2012-11-13 01:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-27 00:16 - 2014-07-27 00:16 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\{16D8D997-18E4-42EB-9B86-ABEBB7D83C37} 2014-07-26 20:16 - 2014-06-20 10:19 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Mozilla 2014-07-26 20:15 - 2014-07-17 09:44 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-26 20:08 - 2014-07-26 20:08 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Macromedia 2014-07-26 20:06 - 2014-06-20 10:19 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Mozilla 2014-07-26 20:04 - 2014-06-19 20:06 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Adobe 2014-07-26 19:52 - 2014-06-25 17:20 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-07-26 19:52 - 2014-06-25 17:18 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-26 19:51 - 2014-06-20 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-25 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache 2014-07-25 21:46 - 2014-06-18 12:34 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DiskDefrag 2014-07-25 10:13 - 2014-06-18 12:35 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-07-25 10:13 - 2014-06-18 12:34 - 00002970 _____ () C:\windows\System32\Tasks\GU5SkipUAC 2014-07-23 07:11 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-07-23 07:04 - 2014-07-23 07:04 - 00016352 ____N () C:\bootsqm.dat 2014-07-21 04:35 - 2014-07-17 04:51 - 00004274 _____ () C:\windows\System32\Tasks\ReimageUpdater 2014-07-21 04:35 - 2014-07-17 04:51 - 00003436 _____ () C:\windows\System32\Tasks\Reimage Reminder 2014-07-21 04:35 - 2013-02-17 05:07 - 00003236 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-07-21 04:34 - 2014-07-20 12:50 - 00002858 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Vaporz) 2014-07-21 04:21 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\NDF 2014-07-21 00:13 - 2014-07-21 00:13 - 00380416 _____ () C:\Users\Vaporz\Desktop\8pw7k8e4.exe 2014-07-20 22:58 - 2014-07-20 22:58 - 05185536 _____ (AVAST Software) C:\Users\Vaporz\Desktop\aswmbr.exe 2014-07-20 21:07 - 2014-06-26 13:48 - 00000000 ____D () C:\Users\Vaporz 2014-07-20 19:32 - 2014-07-20 19:32 - 00871640 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-07-20 19:32 - 2014-07-20 19:32 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-07-20 13:14 - 2014-07-20 13:14 - 00556248 _____ (Realtek Semiconductor Corporation) C:\windows\system32\Drivers\SET436D.tmp 2014-07-20 13:14 - 2014-07-20 13:14 - 00100312 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys 2014-07-20 13:14 - 2014-07-20 13:14 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-07-20 13:13 - 2014-07-20 13:13 - 03962840 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 03068120 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 02834648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02800344 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2014-07-20 13:13 - 2014-07-20 13:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01099203 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT 2014-07-20 13:13 - 2014-07-20 13:13 - 01022168 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00948952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00628952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-07-20 13:13 - 2014-06-26 13:38 - 00000000 ____D () C:\windows\SysWOW64\RTCOM 2014-07-20 12:50 - 2014-07-20 12:50 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 11:57 - 2012-11-13 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba 2014-07-20 10:19 - 2014-07-20 09:45 - 00000000 ____D () C:\Program Files\Recuva 2014-07-20 10:04 - 2014-06-26 13:48 - 00000000 ____D () C:\Users\Administrator 2014-07-20 09:45 - 2014-07-20 09:45 - 00001681 _____ () C:\Users\Public\Desktop\Recuva.lnk 2014-07-20 09:44 - 2013-08-22 08:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template 2014-07-20 06:06 - 2014-06-18 09:24 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Packages 2014-07-20 05:57 - 2014-07-20 05:57 - 00001332 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00000000 ____D () C:\windows\en 2014-07-20 05:56 - 2012-11-13 01:58 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-07-20 05:56 - 2012-11-13 01:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-07-20 05:48 - 2014-07-20 05:48 - 00000000 ____D () C:\windows\softwaredistribution.bak2 2014-07-20 02:29 - 2014-07-20 02:29 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Macromedia 2014-07-19 20:14 - 2014-07-19 14:22 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DivX 2014-07-19 20:14 - 2014-06-27 13:27 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\VirtualStore 2014-07-19 16:16 - 2014-07-19 16:16 - 00000000 ____D () C:\Program Files (x86)\AC3Filter 2014-07-19 16:05 - 2014-07-19 16:05 - 00001093 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-07-19 16:05 - 2014-07-19 14:22 - 00001609 _____ () C:\Users\Vaporz\Desktop\DivX Movies.lnk 2014-07-19 16:05 - 2014-07-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-07-19 16:05 - 2014-07-19 14:21 - 00000000 ____D () C:\ProgramData\DivX 2014-07-19 16:05 - 2014-07-19 14:21 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-07-19 14:31 - 2014-07-16 04:33 - 00000000 ____D () C:\windows\softwaredistribution.bak1 2014-07-19 14:23 - 2014-07-19 14:23 - 00004608 _____ () C:\Users\Vaporz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-19 14:22 - 2014-07-19 14:22 - 00001158 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-07-19 14:22 - 2014-07-19 14:22 - 00000000 ____D () C:\Program Files\DivX 2014-07-19 14:21 - 2014-07-19 14:20 - 00999232 _____ (DivX, LLC) C:\Users\Vaporz\Desktop\DivXInstaller.exe 2014-07-17 18:23 - 2014-07-17 18:23 - 01354223 _____ () C:\Users\Vaporz\Desktop\adwcleaner_3.216.exe 2014-07-17 11:18 - 2014-07-17 11:18 - 00000000 ____D () C:\windows\PCHEALTH 2014-07-17 11:15 - 2012-11-13 01:23 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-07-17 11:14 - 2014-02-22 14:55 - 00000000 ____D () C:\Users\Vaporz\Documents\Avast 2014-07-17 11:11 - 2014-07-17 11:11 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\AVAST Software 2014-07-17 11:11 - 2014-07-17 10:57 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-07-17 10:57 - 2014-07-17 10:57 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-07-17 10:57 - 2014-07-17 10:57 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-07-17 10:57 - 2014-07-17 10:57 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 10:56 - 2014-07-17 10:56 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 10:49 - 2014-07-17 10:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 10:45 - 2012-11-13 01:25 - 00000000 ____D () C:\ProgramData\Norton 2014-07-17 10:15 - 2013-02-17 05:07 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-07-17 09:59 - 2014-07-17 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-17 09:45 - 2014-07-17 09:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-17 09:45 - 2014-07-17 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-17 09:45 - 2014-07-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-07-17 09:38 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-07-17 09:27 - 2014-07-17 07:41 - 00001752 _____ () C:\sc-cleaner.txt 2014-07-17 08:54 - 2014-06-18 21:15 - 00000000 ____D () C:\windows\pss 2014-07-17 07:42 - 2014-07-17 07:42 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-07-17 07:34 - 2014-06-20 20:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-17 07:12 - 2014-07-17 07:12 - 00000000 ____D () C:\windows\erdnt 2014-07-17 07:11 - 2014-07-17 07:11 - 01016261 _____ (Thisisu) C:\Users\Vaporz\Desktop\JRT.exe 2014-07-17 06:57 - 2014-07-17 06:57 - 00000085 _____ () C:\windows\wininit.ini 2014-07-17 06:57 - 2014-07-17 06:57 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-07-17 06:57 - 2014-06-20 20:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-17 06:53 - 2014-07-17 06:53 - 00000706 _____ () C:\DelFix.txt 2014-07-17 04:51 - 2014-07-17 04:50 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-07-17 04:51 - 2014-06-26 12:16 - 00000163 _____ () C:\windows\Reimage.ini 2014-07-16 04:11 - 2014-06-26 06:44 - 00000000 ____D () C:\windows\softwaredistribution.bak 2014-07-16 04:02 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-07-10 04:05 - 2014-07-10 04:05 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\sMedio 2014-07-10 03:47 - 2014-06-27 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-09 21:16 - 2014-07-25 21:42 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll 2014-07-09 21:03 - 2014-07-25 21:42 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll 2014-07-09 20:33 - 2014-07-25 21:42 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe 2014-07-09 05:33 - 2014-03-18 02:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore 2014-07-09 05:28 - 2014-06-18 13:24 - 00000000 ____D () C:\windows\system32\MRT 2014-07-09 05:27 - 2014-06-18 13:24 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 05:19 - 2014-06-25 15:51 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-07-05 03:27 - 2014-06-18 12:34 - 00020160 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys 2014-07-02 23:10 - 2014-07-03 01:44 - 00000747 ____R () C:\windows\system32\Drivers\etc\hosts.20140703-014444.backup 2014-07-02 19:44 - 2014-07-02 19:44 - 00000017 _____ () C:\Users\Vaporz\AppData\Local\resmon.resmoncfg 2014-06-28 03:05 - 2014-04-11 17:35 - 00000000 ____D () C:\Users\Vaporz\Downloads\Ice Cube - Friday HQ 720P ESubs NimitMak SilverRG 2014-06-28 02:14 - 2014-06-28 02:10 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Windows Live ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-23 09:59 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Vaporz at 2014-07-28 14:32:41 Running from C:\Users\Vaporz\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Glary Utilities PRO 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.2.7 - Developer Tribe (Pvt) Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation) Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation) Toshiba Password Utility (x32 Version: 2.00.972 - Toshiba Corporation) Hidden TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.42.120 - Toshiba Corporation) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 19-07-2014 21:13:48 Installed Free MKV To MP4 Converter 20-07-2014 19:59:45 Driver Booster : Realtek Bluetooth 4.0 Module 26-07-2014 04:42:28 Windows Update 27-07-2014 07:16:13 Installed Toshiba Password Utility ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2014-07-20 22:42 - 00000747 ___RA C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {009D23DA-0B45-4C01-BCD8-CDFADE82CE66} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation) Task: {026EA220-D83D-46F0-8259-0E254B919077} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0836BCBC-A979-453F-A71F-F89BB6B03A61} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0FA6B997-5682-4EEA-8A71-DC32FA3E2F60} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {1234BC5A-4CC8-40C8-A0C7-48BF648999F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-17] (AVAST Software) Task: {17A19055-F9DB-4366-929C-F82A1E4A04B1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe Task: {1AD9BF85-CA43-4199-9C8A-C20BBF908A99} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-20] (Glarysoft Ltd) Task: {1C94DD14-AC81-45A8-BEF6-552167A0A2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {26AC4BFC-A7A1-488E-AF7F-D8C9A98F86B1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation) Task: {353B244E-A110-4AD7-A63A-01170AAA3F25} - System32\Tasks\Driver Booster SkipUAC (Vaporz) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {3AC52950-13AC-4015-8F3F-8BB47B28421B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5051FABF-5DCD-471E-AC66-A1B4DE26256B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CRAPPY-Vaporz Crappy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation) Task: {64F47007-13C1-437D-BBA1-7998E4EF1D32} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-07-20] (Glarysoft Ltd) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {976F6960-F59E-4F4E-9328-28B5053D8400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {9F008CBF-69C2-4714-95EE-7929C0280A62} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A7A26ADA-8CFB-460E-BFFB-82D2992CB9F5} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {AD64239E-64AA-4537-A0DE-4138E7BD3CA7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C1AC027D-51FE-4548-B656-EED29AFBF318} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {CA3FC884-5A24-417F-A8E4-A0C6C10DA98C} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DB1E6CC0-023B-45E0-9F61-81682DC2BD40} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E4691BC1-9ED4-424A-A0D0-CD2E37BDCB52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F6078087-E2E8-4883-8359-D3253157982C} - \Driver Booster Update No Task File <==== ATTENTION Task: {F949DCFC-8247-49BF-97BC-B9C180E4D4A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2011-10-13 14:38 - 2011-10-13 14:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe 2014-06-27 13:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2013-03-06 03:02 - 2013-03-06 03:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2014-07-17 10:57 - 2014-07-17 10:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-07-27 04:21 - 2014-07-27 04:21 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072700\algo.dll 2014-07-28 12:30 - 2014-07-28 12:30 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072802\algo.dll 2014-07-17 10:57 - 2014-07-17 10:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2014-07-20 20:01 - 2014-07-20 20:01 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll 2013-02-17 04:50 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-06-27 13:26 - 2014-06-27 13:26 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Vaporz\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18605156.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21653485.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68007639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18605156.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21653485.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68007639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: taisregispinger => 2 HKLM\...\StartupApproved\Run32: => "SDTray" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/28/2014 06:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 06:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 06:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 06:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 05:46:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 05:35:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 05:35:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 05:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 05:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/28/2014 04:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/28/2014 01:58:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: EncyclopaediaBritannica.EncyclopaediaBritannica. Error: (07/28/2014 01:58:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 4DF9E0F8.Netflix. Error: (07/28/2014 01:32:14 PM) (Source: disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (07/28/2014 01:29:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: EncyclopaediaBritannica.EncyclopaediaBritannica. Error: (07/28/2014 01:29:52 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 4DF9E0F8.Netflix. Error: (07/28/2014 00:51:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: EncyclopaediaBritannica.EncyclopaediaBritannica. Error: (07/28/2014 00:51:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 4DF9E0F8.Netflix. Error: (07/28/2014 00:24:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: EncyclopaediaBritannica.EncyclopaediaBritannica. Error: (07/28/2014 00:24:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: 4DF9E0F8.Netflix. Error: (07/28/2014 11:23:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070005: EncyclopaediaBritannica.EncyclopaediaBritannica. Microsoft Office Sessions: ========================= Error: (07/28/2014 06:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 06:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 06:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 06:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 05:46:29 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 05:35:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 05:35:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 05:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 05:10:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 Error: (07/28/2014 04:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141 CodeIntegrity Errors: =================================== Date: 2014-07-27 07:46:32.628 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 06:45:16.393 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 06:16:49.452 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 04:47:05.708 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 04:21:14.705 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 01:21:21.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-25 21:47:22.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-23 09:49:20.206 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-23 07:06:01.939 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-21 01:24:40.267 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 6027.22 MB Available physical RAM: 3289.27 MB Total Pagefile: 6987.22 MB Available Pagefile: 3888.04 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (TI10657400D) (Fixed) (Total:686.32 GB) (Free:630.05 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Im gonna run The FRST not in safe mode caused you questioned why I did. I figure with a minimal startup it would find the problem.....
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

06:46:44.647 Service RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 06:46:44.678 Service RtkBtFilter2 C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 06:46:53.976 Modules scanning 06:46:53.976 Disk 0 trace - called modules: 06:46:54.022 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 06:46:54.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000535b3060] 06:46:54.022 3 CLASSPNP.SYS[fffff8005055a27b] -> nt!IofCallDriver -> \Device\0000002e[0xffffe0005251b060] This part from the first post of the ASWMBR report log I've been told is not correct . The first two were highlighted in yellow.
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

You know if you hold shift and restart it will take you to the blue screen that gives you the options of startup, troubleshooting and advanced......well advanced options used to have refresh, restart, automatic repair, Prompt command and Safe mode 10 option restart. Now there is only Safe mode and Bios. I don't know why. Can you recommend to me some free programs that I can find to explore other possibilities to find out whats going on inside this machine. It would truly be appreciated.
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

I'm at a loss here dude. Not cause Mwb FOUND NOTHING BUT that my computer keeps developing problems. I've run ESET Online in the past Nothing! Avast, nothing!!!! Rogue killer finds stuff and it comes back. Same with Super AntiSpyware. JRT reports stuff too and comes back??? Im at a loss here.....
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/28/2014 Scan Time: 12:14:48 PM Logfile: MWB.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.28.06 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Vaporz Scan Type: Threat Scan Result: Completed Objects Scanned: 306057 Time Elapsed: 8 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Booting has no problems except that sometimes I have to reboot to get everything to appear or work properly. This has been ongoing since I bought this laptop which came with win 8 pre installed new. I've reset, refreshed and had microsoft people thru there remote technicians reload win 8. Trying to get to 8.1 was ridiculous and now its like i'm back at square 1 again and the system (8.1) is breaking down again.
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Win 8.1 programs have stopped opening. Comp is freezing. It tells me programs or registry items are missing or values have changed. I also have lost the ability to do refresh or restart or auto repair.... I'm a Marine. Not a computer genius like my friends here. That is why I am here. Seeking your help to get my Toshiba Laptop working properly and flawlessly once again.
- July 28, 2014
- 17 replies
Infected....

usmcsniper replied to usmcsniper's topic in Resolved Malware Removal Logs

Im really hoping someone can help me out here
- July 27, 2014
- 17 replies
Infected....

usmcsniper posted a topic in Resolved Malware Removal Logs

Here are my Awsmbr and Frst +addition reports..... aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software Run date: 2014-07-27 06:45:47 ----------------------------- 06:45:47.676 OS Version: Windows x64 6.3.9600 06:45:47.676 Number of processors: 4 586 0x3A09 06:45:47.676 ComputerName: CRAPPY UserName: Vaporz 06:45:49.082 Initialize success 06:45:49.098 VM: driver load error: 2 06:45:51.191 AVAST engine defs: 14072700 06:46:17.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e 06:46:17.536 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX003M Size: 715404MB BusType: 11 06:46:17.646 Disk 0 MBR read successfully 06:46:17.646 Disk 0 MBR scan 06:46:18.255 Disk 0 Windows 7 default MBR code 06:46:18.271 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 06:46:18.740 Disk 0 scanning C:\windows\system32\drivers 06:46:27.896 Service scanning 06:46:44.647 Service RtkBtFilter C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 06:46:44.678 Service RtkBtFilter2 C:\windows\system32\DRIVERS\RtkBtfilter.sys **LOCKED** 32 06:46:53.976 Modules scanning 06:46:53.976 Disk 0 trace - called modules: 06:46:54.022 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 06:46:54.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000535b3060] 06:46:54.022 3 CLASSPNP.SYS[fffff8005055a27b] -> nt!IofCallDriver -> \Device\0000002e[0xffffe0005251b060] 06:46:54.991 AVAST engine scan C:\ 07:22:00.214 Scan finished successfully 07:22:05.715 Disk 0 MBR fix error 07:26:41.602 Disk 0 MBR has been saved successfully to "C:\Users\Vaporz\Desktop\MBR.dat" 07:26:41.602 The log file has been saved successfully to "C:\Users\Vaporz\Desktop\aswMBR.txt" Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Vaporz (administrator) on CRAPPY on 27-07-2014 07:38:18 Running from C:\Users\Vaporz\Desktop Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.) HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation) HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] () HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-07-20] (Realtek Semiconductor) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-17] (AVAST Software) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] () HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC) HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3448416712-2654459564-1289727005-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-20] (Glarysoft Ltd) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk * BootDefrag.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com SearchScopes: HKLM - DefaultScope {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKLM - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS SearchScopes: HKCU - {E31ECC80-F5C5-41EA-B8FD-F25153C3420A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Vaporz\AppData\Roaming\Mozilla\Firefox\Profiles\lxvygeaa.default FF Homepage: www.msn.com FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-17] (AVAST Software) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) S2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed] S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation) S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-10] (Realtek Semiconductor) S2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214928 2013-10-17] (TOSHIBA CORPORATION) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-06-26] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-06-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-17] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software) R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-16] (Glarysoft Ltd) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] () S1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2014-07-05] (Glarysoft Ltd) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-07-20] (Intel Corporation) S2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics) S3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [48856 2013-11-28] (Realtek Microelectronics) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-07-20] (Realtek Semiconductor Corporation ) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-27] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-06-26] (Microsoft Corporation) S3 aswVmm; \??\C:\Users\Vaporz\AppData\Local\Temp\aswVmm.sys [X] U3 aswMBR; \??\C:\Users\Vaporz\AppData\Local\Temp\aswMBR.sys [X] U3 kxtdqpog; \??\C:\Users\Vaporz\AppData\Local\Temp\kxtdqpog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 07:38 - 2014-07-27 07:38 - 00012051 _____ () C:\Users\Vaporz\Desktop\FRST.txt 2014-07-27 07:38 - 2014-07-27 07:38 - 00000000 ____D () C:\Users\Vaporz\Desktop\FRST-OlderVersion 2014-07-27 07:26 - 2014-07-27 07:26 - 00001741 _____ () C:\Users\Vaporz\Desktop\aswMBR.txt 2014-07-27 07:26 - 2014-07-27 07:26 - 00000512 _____ () C:\Users\Vaporz\Desktop\MBR.dat 2014-07-27 06:16 - 2014-07-27 06:16 - 00000306 _____ () C:\windows\PFRO.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setuperr.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setupact.log 2014-07-27 01:20 - 2014-07-27 01:20 - 00474072 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-27 01:10 - 2014-07-27 01:10 - 00773632 _____ (Robert Simpson, et al.) C:\Users\Vaporz\AppData\Roaming\System.Data.SQLite.dll 2014-07-27 01:04 - 2014-07-27 01:04 - 05379160 _____ () C:\Users\Vaporz\Desktop\RogueKillerX64(1).exe 2014-07-27 00:41 - 2014-07-27 03:46 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\CrashDumps 2014-07-27 00:22 - 2014-07-27 00:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation 2014-07-27 00:16 - 2014-07-27 00:16 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\{16D8D997-18E4-42EB-9B86-ABEBB7D83C37} 2014-07-26 20:08 - 2014-07-26 20:08 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Macromedia 2014-07-26 20:06 - 2014-07-27 06:44 - 00325877 _____ () C:\windows\WindowsUpdate.log 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-25 21:42 - 2014-07-09 21:16 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll 2014-07-25 21:42 - 2014-07-09 21:03 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll 2014-07-25 21:42 - 2014-07-09 20:33 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe 2014-07-23 07:04 - 2014-07-23 07:04 - 00016352 ____N () C:\bootsqm.dat 2014-07-21 00:13 - 2014-07-21 00:13 - 00380416 _____ () C:\Users\Vaporz\Desktop\8pw7k8e4.exe 2014-07-20 22:58 - 2014-07-20 22:58 - 05185536 _____ (AVAST Software) C:\Users\Vaporz\Desktop\aswmbr.exe 2014-07-20 19:32 - 2014-07-20 19:32 - 00871640 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-07-20 19:32 - 2014-07-20 19:32 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-07-20 13:14 - 2014-07-20 13:14 - 00556248 _____ (Realtek Semiconductor Corporation) C:\windows\system32\Drivers\SET436D.tmp 2014-07-20 13:14 - 2014-07-20 13:14 - 00100312 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys 2014-07-20 13:14 - 2014-07-20 13:14 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-07-20 13:13 - 2014-07-20 13:13 - 03962840 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 03068120 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 02834648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02800344 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2014-07-20 13:13 - 2014-07-20 13:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01099203 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT 2014-07-20 13:13 - 2014-07-20 13:13 - 01022168 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00948952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00628952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-07-20 12:50 - 2014-07-21 04:34 - 00002858 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Vaporz) 2014-07-20 12:50 - 2014-07-20 12:50 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 09:45 - 2014-07-20 10:19 - 00000000 ____D () C:\Program Files\Recuva 2014-07-20 09:45 - 2014-07-20 09:45 - 00001681 _____ () C:\Users\Public\Desktop\Recuva.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00001332 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00000000 ____D () C:\windows\en 2014-07-20 05:48 - 2014-07-20 05:48 - 00000000 ____D () C:\windows\softwaredistribution.bak2 2014-07-20 02:29 - 2014-07-20 02:29 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Macromedia 2014-07-19 16:16 - 2014-07-19 16:16 - 00000000 ____D () C:\Program Files (x86)\AC3Filter 2014-07-19 16:16 - 2013-04-05 21:27 - 02231296 _____ () C:\windows\system32\ac3filter64.acm 2014-07-19 16:16 - 2013-04-05 21:26 - 01679360 _____ () C:\windows\SysWOW64\ac3filter.acm 2014-07-19 16:05 - 2014-07-19 16:05 - 00001093 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-07-19 14:23 - 2014-07-19 14:23 - 00004608 _____ () C:\Users\Vaporz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-19 14:22 - 2014-07-19 20:14 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DivX 2014-07-19 14:22 - 2014-07-19 16:05 - 00001609 _____ () C:\Users\Vaporz\Desktop\DivX Movies.lnk 2014-07-19 14:22 - 2014-07-19 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-07-19 14:22 - 2014-07-19 14:22 - 00001158 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-07-19 14:22 - 2014-07-19 14:22 - 00000000 ____D () C:\Program Files\DivX 2014-07-19 14:21 - 2014-07-19 16:05 - 00000000 ____D () C:\ProgramData\DivX 2014-07-19 14:21 - 2014-07-19 16:05 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-07-19 14:20 - 2014-07-19 14:21 - 00999232 _____ (DivX, LLC) C:\Users\Vaporz\Desktop\DivXInstaller.exe 2014-07-17 18:23 - 2014-07-17 18:23 - 01354223 _____ () C:\Users\Vaporz\Desktop\adwcleaner_3.216.exe 2014-07-17 11:18 - 2014-07-17 11:18 - 00000000 ____D () C:\windows\PCHEALTH 2014-07-17 11:11 - 2014-07-17 11:11 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\AVAST Software 2014-07-17 10:57 - 2014-07-17 11:11 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-07-17 10:57 - 2014-07-17 10:57 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-07-17 10:57 - 2014-07-17 10:57 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-07-17 10:57 - 2014-07-17 10:57 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 10:56 - 2014-07-17 10:56 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 10:49 - 2014-07-17 10:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 10:00 - 2014-07-27 05:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-17 09:59 - 2014-07-17 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-17 09:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-17 09:59 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-17 09:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-07-17 09:45 - 2014-07-17 09:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-17 09:45 - 2014-07-17 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-17 09:44 - 2014-07-26 20:15 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-17 09:44 - 2014-07-17 09:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-07-17 08:48 - 2014-07-27 07:38 - 00000000 ____D () C:\FRST 2014-07-17 08:38 - 2014-07-27 06:15 - 00000000 ____D () C:\AdwCleaner 2014-07-17 08:35 - 2014-07-27 05:22 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-17 07:42 - 2014-07-17 07:42 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-07-17 07:41 - 2014-07-17 09:27 - 00001752 _____ () C:\sc-cleaner.txt 2014-07-17 07:22 - 2014-07-27 07:38 - 02093568 _____ (Farbar) C:\Users\Vaporz\Desktop\FRST64.exe 2014-07-17 07:12 - 2014-07-17 07:12 - 00000000 ____D () C:\windows\erdnt 2014-07-17 07:11 - 2014-07-17 07:11 - 01016261 _____ (Thisisu) C:\Users\Vaporz\Desktop\JRT.exe 2014-07-17 06:57 - 2014-07-17 06:57 - 00000085 _____ () C:\windows\wininit.ini 2014-07-17 06:57 - 2014-07-17 06:57 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-07-17 06:53 - 2014-07-17 06:53 - 00000706 _____ () C:\DelFix.txt 2014-07-17 04:51 - 2014-07-21 04:35 - 00004274 _____ () C:\windows\System32\Tasks\ReimageUpdater 2014-07-17 04:51 - 2014-07-21 04:35 - 00003436 _____ () C:\windows\System32\Tasks\Reimage Reminder 2014-07-17 04:50 - 2014-07-17 04:51 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-07-16 04:36 - 2014-06-05 07:13 - 00216368 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll 2014-07-16 04:36 - 2014-06-05 06:14 - 00189016 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll 2014-07-16 04:36 - 2014-06-01 19:10 - 00423768 _____ (Microsoft Corporation) C:\windows\system32\hal.dll 2014-07-16 04:36 - 2014-05-31 03:07 - 00467800 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS 2014-07-16 04:36 - 2014-05-31 03:07 - 00440664 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00419672 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00089944 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys 2014-07-16 04:36 - 2014-05-31 03:07 - 00027480 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys 2014-07-16 04:36 - 2014-05-30 23:30 - 00037376 ____C (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys 2014-07-16 04:36 - 2014-05-30 23:27 - 00110592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys 2014-07-16 04:36 - 2014-05-30 23:26 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys 2014-07-16 04:36 - 2014-05-30 21:01 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe 2014-07-16 04:36 - 2014-05-30 21:01 - 00209408 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll 2014-07-16 04:36 - 2014-05-30 21:01 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll 2014-07-16 04:36 - 2014-05-27 08:53 - 02518360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2014-07-16 04:36 - 2014-05-27 02:56 - 00323584 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll 2014-07-16 04:36 - 2014-05-27 02:53 - 00270848 _____ (Microsoft Corporation) C:\windows\SysWOW64\DaOtpCredentialProvider.dll 2014-07-16 04:36 - 2014-05-16 21:59 - 16871936 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll 2014-07-16 04:36 - 2014-05-16 21:13 - 12711424 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll 2014-07-16 04:33 - 2014-07-19 14:31 - 00000000 ____D () C:\windows\softwaredistribution.bak1 2014-07-10 04:05 - 2014-07-10 04:05 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\sMedio 2014-07-09 05:26 - 2014-04-13 20:29 - 01018880 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-07-09 05:17 - 2014-06-18 16:46 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-07-09 05:17 - 2014-06-18 15:57 - 00225280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-07-09 05:17 - 2014-06-16 15:26 - 00779264 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe 2014-07-09 05:17 - 2014-06-16 15:24 - 00834048 _____ (Microsoft Corporation) C:\windows\system32\osk.exe 2014-07-09 05:17 - 2014-06-06 07:20 - 04190720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-07-09 05:17 - 2014-05-29 20:03 - 00563200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys 2014-07-09 05:17 - 2014-05-29 05:02 - 00565576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2014-07-09 05:17 - 2014-05-29 00:55 - 00735232 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2014-07-09 05:17 - 2014-05-28 23:40 - 00735232 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2014-07-09 05:17 - 2014-05-28 23:37 - 00436224 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2014-07-09 05:17 - 2014-05-28 22:34 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2014-07-09 05:17 - 2014-05-28 22:27 - 01417216 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2014-07-09 05:16 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-07-09 05:16 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-07-09 05:16 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-07-09 05:16 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-07-09 05:16 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-07-09 05:16 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-07-09 05:15 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-07-09 05:15 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-07-09 05:15 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-07-09 05:15 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-07-09 05:15 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-07-09 05:15 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-07-09 05:15 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-07-09 05:15 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-07-09 05:15 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-07-09 05:15 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-07-09 05:15 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-07-09 05:15 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-07-09 05:15 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-07-09 05:15 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-07-09 05:15 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-07-09 05:15 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-07-09 05:15 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-07-09 05:15 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-07-09 05:15 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-07-09 05:15 - 2014-06-06 06:04 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2014-07-09 05:15 - 2014-06-06 05:18 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2014-07-09 05:15 - 2014-05-31 03:07 - 00054776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2014-07-09 05:15 - 2014-05-31 03:06 - 00555736 _____ (Microsoft Corporation) C:\windows\system32\twinapi.appcore.dll 2014-07-09 05:15 - 2014-05-30 20:40 - 13287936 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll 2014-07-09 05:15 - 2014-05-30 20:30 - 11792384 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll 2014-07-09 05:15 - 2014-05-30 20:12 - 00249344 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:15 - 2014-05-30 20:06 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2014-07-09 05:15 - 2014-05-30 20:03 - 00827392 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2014-07-09 05:15 - 2014-05-30 20:01 - 00189952 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 05:15 - 2014-05-30 19:56 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2014-07-09 05:15 - 2014-05-30 19:54 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2014-07-09 05:15 - 2014-05-30 19:48 - 03463680 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2014-07-09 05:15 - 2014-05-30 19:37 - 01054208 _____ (Microsoft Corporation) C:\windows\system32\twinui.appcore.dll 2014-07-09 05:15 - 2014-05-30 19:36 - 00923136 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll 2014-07-09 05:15 - 2014-05-30 19:35 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.appcore.dll 2014-07-09 05:15 - 2014-05-30 19:32 - 00756224 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll 2014-07-03 01:44 - 2014-07-02 23:10 - 00000747 ____R () C:\windows\system32\Drivers\etc\hosts.20140703-014444.backup 2014-07-02 19:44 - 2014-07-02 19:44 - 00000017 _____ () C:\Users\Vaporz\AppData\Local\resmon.resmoncfg 2014-06-28 02:10 - 2014-06-28 02:14 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Windows Live 2014-06-27 13:35 - 2014-07-27 06:38 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CRAPPY-Vaporz Crappy 2014-06-27 13:28 - 2014-06-27 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-06-27 13:27 - 2014-07-19 20:14 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\VirtualStore 2014-06-27 13:26 - 2014-07-10 03:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-27 11:03 - 2014-06-27 11:03 - 00000000 __SHD () C:\Users\Vaporz\AppData\Local\EmieUserList 2014-06-27 11:03 - 2014-06-27 11:03 - 00000000 __SHD () C:\Users\Vaporz\AppData\Local\EmieSiteList ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 07:38 - 2014-07-27 07:38 - 00012051 _____ () C:\Users\Vaporz\Desktop\FRST.txt 2014-07-27 07:38 - 2014-07-27 07:38 - 00000000 ____D () C:\Users\Vaporz\Desktop\FRST-OlderVersion 2014-07-27 07:38 - 2014-07-17 08:48 - 00000000 ____D () C:\FRST 2014-07-27 07:38 - 2014-07-17 07:22 - 02093568 _____ (Farbar) C:\Users\Vaporz\Desktop\FRST64.exe 2014-07-27 07:26 - 2014-07-27 07:26 - 00001741 _____ () C:\Users\Vaporz\Desktop\aswMBR.txt 2014-07-27 07:26 - 2014-07-27 07:26 - 00000512 _____ () C:\Users\Vaporz\Desktop\MBR.dat 2014-07-27 06:44 - 2014-07-26 20:06 - 00325877 _____ () C:\windows\WindowsUpdate.log 2014-07-27 06:44 - 2013-08-22 07:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-27 06:38 - 2014-06-27 13:35 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CRAPPY-Vaporz Crappy 2014-07-27 06:28 - 2014-06-18 20:57 - 00000000 ____D () C:\windows\AppReadiness 2014-07-27 06:20 - 2014-06-26 14:15 - 00000000 ___DO () C:\Users\Vaporz\OneDrive 2014-07-27 06:19 - 2014-06-25 15:51 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-27 06:19 - 2014-06-23 18:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-27 06:18 - 2014-06-18 12:34 - 00000348 _____ () C:\windows\Tasks\GlaryInitialize 5.job 2014-07-27 06:18 - 2014-06-18 12:34 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5 2014-07-27 06:17 - 2014-06-20 19:53 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-27 06:16 - 2014-07-27 06:16 - 00000306 _____ () C:\windows\PFRO.log 2014-07-27 06:15 - 2014-07-17 08:38 - 00000000 ____D () C:\AdwCleaner 2014-07-27 05:27 - 2014-07-17 10:00 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-27 05:22 - 2014-07-17 08:35 - 00030312 _____ () C:\windows\system32\Drivers\TrueSight.sys 2014-07-27 05:21 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setuperr.log 2014-07-27 03:51 - 2014-07-27 03:51 - 00000000 _____ () C:\windows\setupact.log 2014-07-27 03:46 - 2014-07-27 00:41 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\CrashDumps 2014-07-27 03:02 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\sru 2014-07-27 01:20 - 2014-07-27 01:20 - 00474072 _____ () C:\windows\system32\FNTCACHE.DAT 2014-07-27 01:10 - 2014-07-27 01:10 - 00773632 _____ (Robert Simpson, et al.) C:\Users\Vaporz\AppData\Roaming\System.Data.SQLite.dll 2014-07-27 01:04 - 2014-07-27 01:04 - 05379160 _____ () C:\Users\Vaporz\Desktop\RogueKillerX64(1).exe 2014-07-27 00:59 - 2014-06-20 19:45 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-07-27 00:51 - 2014-06-18 09:32 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3448416712-2654459564-1289727005-1001 2014-07-27 00:44 - 2012-11-13 01:22 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-27 00:22 - 2014-07-27 00:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation 2014-07-27 00:21 - 2012-11-13 01:30 - 00000000 ____D () C:\Program Files (x86)\Toshiba 2014-07-27 00:21 - 2012-11-13 01:23 - 00000000 ____D () C:\Program Files\Toshiba 2014-07-27 00:17 - 2013-02-17 04:59 - 00000000 ____D () C:\windows\System32\Tasks\TOSHIBA 2014-07-27 00:17 - 2012-11-13 01:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-27 00:16 - 2014-07-27 00:16 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\{16D8D997-18E4-42EB-9B86-ABEBB7D83C37} 2014-07-26 20:16 - 2014-06-20 10:19 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Mozilla 2014-07-26 20:15 - 2014-07-17 09:44 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2014-07-26 20:08 - 2014-07-26 20:08 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Macromedia 2014-07-26 20:06 - 2014-06-20 10:19 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Mozilla 2014-07-26 20:04 - 2014-06-19 20:06 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Adobe 2014-07-26 19:52 - 2014-06-25 17:20 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-07-26 19:52 - 2014-06-25 17:18 - 00000000 ____D () C:\Program Files\CCleaner 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\ProgramData\Mozilla 2014-07-26 19:51 - 2014-07-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-26 19:51 - 2014-06-20 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-26 19:06 - 2014-03-18 03:03 - 00863592 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-25 21:59 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\rescache 2014-07-25 21:46 - 2014-06-18 12:34 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DiskDefrag 2014-07-25 10:13 - 2014-06-18 12:35 - 00001119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2014-07-25 10:13 - 2014-06-18 12:34 - 00002970 _____ () C:\windows\System32\Tasks\GU5SkipUAC 2014-07-23 07:11 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-07-23 07:04 - 2014-07-23 07:04 - 00016352 ____N () C:\bootsqm.dat 2014-07-21 04:35 - 2014-07-17 04:51 - 00004274 _____ () C:\windows\System32\Tasks\ReimageUpdater 2014-07-21 04:35 - 2014-07-17 04:51 - 00003436 _____ () C:\windows\System32\Tasks\Reimage Reminder 2014-07-21 04:35 - 2013-02-17 05:07 - 00003236 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-07-21 04:34 - 2014-07-20 12:50 - 00002858 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Vaporz) 2014-07-21 04:21 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\system32\NDF 2014-07-21 00:13 - 2014-07-21 00:13 - 00380416 _____ () C:\Users\Vaporz\Desktop\8pw7k8e4.exe 2014-07-20 22:58 - 2014-07-20 22:58 - 05185536 _____ (AVAST Software) C:\Users\Vaporz\Desktop\aswmbr.exe 2014-07-20 21:07 - 2014-06-26 13:48 - 00000000 ____D () C:\Users\Vaporz 2014-07-20 19:32 - 2014-07-20 19:32 - 00871640 _____ (Realtek ) C:\windows\system32\Drivers\Rt630x64.sys 2014-07-20 19:32 - 2014-07-20 19:32 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2014-07-20 13:14 - 2014-07-20 13:14 - 00556248 _____ (Realtek Semiconductor Corporation) C:\windows\system32\Drivers\SET436D.tmp 2014-07-20 13:14 - 2014-07-20 13:14 - 00100312 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys 2014-07-20 13:14 - 2014-07-20 13:14 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2014-07-20 13:13 - 2014-07-20 13:13 - 03962840 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 03068120 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys 2014-07-20 13:13 - 2014-07-20 13:13 - 02834648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02800344 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2014-07-20 13:13 - 2014-07-20 13:13 - 01286872 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 01099203 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT 2014-07-20 13:13 - 2014-07-20 13:13 - 01022168 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00948952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00628952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2014-07-20 13:13 - 2014-07-20 13:13 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2014-07-20 13:13 - 2014-06-26 13:38 - 00000000 ____D () C:\windows\SysWOW64\RTCOM 2014-07-20 12:50 - 2014-07-20 12:50 - 00000000 ____D () C:\ProgramData\IObit 2014-07-20 11:57 - 2012-11-13 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba 2014-07-20 10:19 - 2014-07-20 09:45 - 00000000 ____D () C:\Program Files\Recuva 2014-07-20 10:04 - 2014-06-26 13:48 - 00000000 ____D () C:\Users\Administrator 2014-07-20 09:45 - 2014-07-20 09:45 - 00001681 _____ () C:\Users\Public\Desktop\Recuva.lnk 2014-07-20 09:44 - 2013-08-22 08:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template 2014-07-20 06:06 - 2014-06-18 09:24 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Packages 2014-07-20 05:57 - 2014-07-20 05:57 - 00001332 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-07-20 05:57 - 2014-07-20 05:57 - 00000000 ____D () C:\windows\en 2014-07-20 05:56 - 2012-11-13 01:58 - 00001401 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-07-20 05:56 - 2012-11-13 01:58 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-07-20 05:48 - 2014-07-20 05:48 - 00000000 ____D () C:\windows\softwaredistribution.bak2 2014-07-20 02:29 - 2014-07-20 02:29 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\Macromedia 2014-07-19 20:14 - 2014-07-19 14:22 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\DivX 2014-07-19 20:14 - 2014-06-27 13:27 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\VirtualStore 2014-07-19 16:16 - 2014-07-19 16:16 - 00000000 ____D () C:\Program Files (x86)\AC3Filter 2014-07-19 16:05 - 2014-07-19 16:05 - 00001093 _____ () C:\Users\Public\Desktop\DivX Player.lnk 2014-07-19 16:05 - 2014-07-19 14:22 - 00001609 _____ () C:\Users\Vaporz\Desktop\DivX Movies.lnk 2014-07-19 16:05 - 2014-07-19 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2014-07-19 16:05 - 2014-07-19 14:21 - 00000000 ____D () C:\ProgramData\DivX 2014-07-19 16:05 - 2014-07-19 14:21 - 00000000 ____D () C:\Program Files (x86)\DivX 2014-07-19 14:31 - 2014-07-16 04:33 - 00000000 ____D () C:\windows\softwaredistribution.bak1 2014-07-19 14:23 - 2014-07-19 14:23 - 00004608 _____ () C:\Users\Vaporz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-19 14:22 - 2014-07-19 14:22 - 00001158 _____ () C:\Users\Public\Desktop\DivX Converter.lnk 2014-07-19 14:22 - 2014-07-19 14:22 - 00000000 ____D () C:\Program Files\DivX 2014-07-19 14:21 - 2014-07-19 14:20 - 00999232 _____ (DivX, LLC) C:\Users\Vaporz\Desktop\DivXInstaller.exe 2014-07-17 18:23 - 2014-07-17 18:23 - 01354223 _____ () C:\Users\Vaporz\Desktop\adwcleaner_3.216.exe 2014-07-17 11:18 - 2014-07-17 11:18 - 00000000 ____D () C:\windows\PCHEALTH 2014-07-17 11:15 - 2012-11-13 01:23 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-07-17 11:14 - 2014-02-22 14:55 - 00000000 ____D () C:\Users\Vaporz\Documents\Avast 2014-07-17 11:11 - 2014-07-17 11:11 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\AVAST Software 2014-07-17 11:11 - 2014-07-17 10:57 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2014-07-17 10:57 - 2014-07-17 10:57 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe 2014-07-17 10:57 - 2014-07-17 10:57 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr 2014-07-17 10:57 - 2014-07-17 10:57 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys 2014-07-17 10:57 - 2014-07-17 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-07-17 10:56 - 2014-07-17 10:56 - 00000000 ____D () C:\Program Files\AVAST Software 2014-07-17 10:49 - 2014-07-17 10:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-07-17 10:45 - 2012-11-13 01:25 - 00000000 ____D () C:\ProgramData\Norton 2014-07-17 10:15 - 2013-02-17 05:07 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2014-07-17 09:59 - 2014-07-17 09:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-17 09:45 - 2014-07-17 09:45 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk 2014-07-17 09:45 - 2014-07-17 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2014-07-17 09:45 - 2014-07-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2014-07-17 09:38 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\LiveKernelReports 2014-07-17 09:27 - 2014-07-17 07:41 - 00001752 _____ () C:\sc-cleaner.txt 2014-07-17 08:54 - 2014-06-18 21:15 - 00000000 ____D () C:\windows\pss 2014-07-17 07:42 - 2014-07-17 07:42 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2014-07-17 07:34 - 2014-06-20 20:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-17 07:12 - 2014-07-17 07:12 - 00000000 ____D () C:\windows\erdnt 2014-07-17 07:11 - 2014-07-17 07:11 - 01016261 _____ (Thisisu) C:\Users\Vaporz\Desktop\JRT.exe 2014-07-17 06:57 - 2014-07-17 06:57 - 00000085 _____ () C:\windows\wininit.ini 2014-07-17 06:57 - 2014-07-17 06:57 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking 2014-07-17 06:57 - 2014-06-20 20:46 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-17 06:53 - 2014-07-17 06:53 - 00000706 _____ () C:\DelFix.txt 2014-07-17 04:51 - 2014-07-17 04:50 - 00000000 ____D () C:\ProgramData\Reimage Protector 2014-07-17 04:51 - 2014-06-26 12:16 - 00000163 _____ () C:\windows\Reimage.ini 2014-07-16 04:11 - 2014-06-26 06:44 - 00000000 ____D () C:\windows\softwaredistribution.bak 2014-07-16 04:02 - 2013-08-22 06:25 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-07-10 04:05 - 2014-07-10 04:05 - 00000000 ____D () C:\Users\Vaporz\AppData\Roaming\sMedio 2014-07-10 03:47 - 2014-06-27 13:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-09 21:16 - 2014-07-25 21:42 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\SkyDriveTelemetry.dll 2014-07-09 21:03 - 2014-07-25 21:42 - 04756992 _____ (Microsoft Corporation) C:\windows\system32\SyncEngine.dll 2014-07-09 20:33 - 2014-07-25 21:42 - 01120256 _____ (Microsoft Corporation) C:\windows\system32\SkyDrive.exe 2014-07-09 05:33 - 2014-03-18 02:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\windows\ToastData 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-09 05:33 - 2013-08-22 08:36 - 00000000 ____D () C:\windows\WinStore 2014-07-09 05:28 - 2014-06-18 13:24 - 00000000 ____D () C:\windows\system32\MRT 2014-07-09 05:27 - 2014-06-18 13:24 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 05:19 - 2014-06-25 15:51 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-07-05 03:27 - 2014-06-18 12:34 - 00020160 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys 2014-07-02 23:10 - 2014-07-03 01:44 - 00000747 ____R () C:\windows\system32\Drivers\etc\hosts.20140703-014444.backup 2014-07-02 19:44 - 2014-07-02 19:44 - 00000017 _____ () C:\Users\Vaporz\AppData\Local\resmon.resmoncfg 2014-06-28 03:05 - 2014-04-11 17:35 - 00000000 ____D () C:\Users\Vaporz\Downloads\Ice Cube - Friday HQ 720P ESubs NimitMak SilverRG 2014-06-28 02:14 - 2014-06-28 02:10 - 00000000 ____D () C:\Users\Vaporz\AppData\Local\Windows Live 2014-06-27 13:30 - 2014-06-27 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-06-27 11:03 - 2014-06-27 11:03 - 00000000 __SHD () C:\Users\Vaporz\AppData\Local\EmieUserList 2014-06-27 11:03 - 2014-06-27 11:03 - 00000000 __SHD () C:\Users\Vaporz\AppData\Local\EmieSiteList ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-23 09:59 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Vaporz at 2014-07-27 07:38:44 Running from C:\Users\Vaporz\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC) Glary Utilities PRO 5.4 (HKLM-x32\...\Glary Utilities 5) (Version: 5.4.0.11 - Glarysoft Ltd) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.) REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Registry Recycler (HKLM-x32\...\Registry Recycler_is1) (Version: 0.9.2.7 - Developer Tribe (Pvt) Ltd.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.2.0000 - Toshiba Corporation) Toshiba Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.972 - Toshiba Corporation) Toshiba Password Utility (x32 Version: 2.00.972 - Toshiba Corporation) Hidden TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.42.120 - Toshiba Corporation) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 17-07-2014 14:42:27 Installed HiJackThis 19-07-2014 21:13:48 Installed Free MKV To MP4 Converter 20-07-2014 19:59:45 Driver Booster : Realtek Bluetooth 4.0 Module 26-07-2014 04:42:28 Windows Update 27-07-2014 07:16:13 Installed Toshiba Password Utility ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2014-07-20 22:42 - 00000747 ___RA C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {009D23DA-0B45-4C01-BCD8-CDFADE82CE66} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation) Task: {026EA220-D83D-46F0-8259-0E254B919077} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0836BCBC-A979-453F-A71F-F89BB6B03A61} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0FA6B997-5682-4EEA-8A71-DC32FA3E2F60} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {1234BC5A-4CC8-40C8-A0C7-48BF648999F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-17] (AVAST Software) Task: {17A19055-F9DB-4366-929C-F82A1E4A04B1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe Task: {1AD9BF85-CA43-4199-9C8A-C20BBF908A99} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-07-20] (Glarysoft Ltd) Task: {1C94DD14-AC81-45A8-BEF6-552167A0A2BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {26AC4BFC-A7A1-488E-AF7F-D8C9A98F86B1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated) Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation) Task: {353B244E-A110-4AD7-A63A-01170AAA3F25} - System32\Tasks\Driver Booster SkipUAC (Vaporz) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {3AC52950-13AC-4015-8F3F-8BB47B28421B} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5051FABF-5DCD-471E-AC66-A1B4DE26256B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for CRAPPY-Vaporz Crappy => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation) Task: {64F47007-13C1-437D-BBA1-7998E4EF1D32} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-07-20] (Glarysoft Ltd) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8AB78820-EDD5-4303-9CC0-057E2F71A962} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {976F6960-F59E-4F4E-9328-28B5053D8400} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A7A26ADA-8CFB-460E-BFFB-82D2992CB9F5} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {AD64239E-64AA-4537-A0DE-4138E7BD3CA7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {C1AC027D-51FE-4548-B656-EED29AFBF318} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {CA3FC884-5A24-417F-A8E4-A0C6C10DA98C} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DB1E6CC0-023B-45E0-9F61-81682DC2BD40} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {E4691BC1-9ED4-424A-A0D0-CD2E37BDCB52} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F6078087-E2E8-4883-8359-D3253157982C} - \Driver Booster Update No Task File <==== ATTENTION Task: {F949DCFC-8247-49BF-97BC-B9C180E4D4A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-17 10:57 - 2014-07-17 10:57 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-07-17 10:57 - 2014-07-17 10:57 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Vaporz\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\18605156.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\21653485.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\68007639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\18605156.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\21653485.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\68007639.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: taisregispinger => 2 HKLM\...\StartupApproved\Run32: => "SDTray" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/27/2014 06:43:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/27/2014 06:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/27/2014 06:40:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/27/2014 06:40:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927151 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/27/2014 07:38:46 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:46 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:45 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:45 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:42 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:42 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:42 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/27/2014 07:38:19 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:19 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/27/2014 07:38:10 AM) (Source: DCOM) (EventID: 10005) (User: CRAPPY) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Microsoft Office Sessions: ========================= Error: (07/27/2014 06:43:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: winstore_cw5n1h2txyewy!Windows.Store-2144927151 Error: (07/27/2014 06:41:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927151 Error: (07/27/2014 06:40:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927151 Error: (07/27/2014 06:40:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CRAPPY) Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2144927151 CodeIntegrity Errors: =================================== Date: 2014-07-27 06:45:16.393 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 06:16:49.452 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 04:47:05.708 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 04:21:14.705 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-27 01:21:21.296 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-25 21:47:22.043 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-23 09:49:20.206 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-23 07:06:01.939 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-21 01:24:40.267 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-07-21 01:00:34.422 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 6027.22 MB Available physical RAM: 4020.11 MB Total Pagefile: 6987.22 MB Available Pagefile: 5235.61 MB Total Virtual: 131072 MB Available Virtual: 131071.82 MB ==================== Drives ================================ Drive c: (TI10657400D) (Fixed) (Total:686.32 GB) (Free:629 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
- July 27, 2014
- 17 replies

Sign In

usmcsniper

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by usmcsniper

Infected....

Infected....

Infected....

Infected....

Infected....

Infected....

Infected....

Infected....

Infected....

Infected....

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information