NHX Posted June 16, 2013 ID:691757 Share Posted June 16, 2013 Avast is giving me constant warnings about a winmonitor.exe malware. I ran a malwarebytes full scan and nothing was detected, but nothing Avast is unable to complete a full system scan without blue screening due to kernel_inpage_data_error. I am running windows 8 64-bit. Can someone help? Link to post Share on other sites More sharing options...
NHX Posted June 16, 2013 Author ID:691932 Share Posted June 16, 2013 Bump Link to post Share on other sites More sharing options...
MrCharlie Posted June 16, 2013 ID:691933 Share Posted June 16, 2013 Welcome to the forum, please start HEREPost back the 2 logs here.....DDS.txt and Attach.txt(please don't put logs in code or quotes)P2P Warning:If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.<====><====><====><====><====><====><====><====>Next................Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.(please don't put logs in code or quotes)MrCNote:Please read all of my instructions completely including these.Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to InstantlyRemoving malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of malware isn't instantaneous, please be patient.<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.------->Your topic will be closed if you haven't replied within 3 days!<--------(If I don't respond within 24 hours, please send me a PM) Link to post Share on other sites More sharing options...
NHX Posted June 16, 2013 Author ID:691992 Share Posted June 16, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 1/27/2013 2:01:19 PMSystem Uptime: 6/15/2013 11:47:31 PM (16 hours ago).Motherboard: Acer | | VA50_HC_CRProcessor: Intel® Core i5-3210M CPU @ 2.50GHz | U3E1 | 1800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 449 GiB total, 174.477 GiB free..==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Bluetooth USB ModuleDevice ID: USB\VID_0489&PID_E04E\6&226C637B&0&1Manufacturer: Qualcomm Atheros CommunicationsName: Bluetooth USB ModulePNP Device ID: USB\VID_0489&PID_E04E\6&226C637B&0&1Service: BTHUSB.Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}Description: CD-ROM DriveDevice ID: SCSI\CDROM&VEN_MATSHITA&PROD_DVD-RAM_UJ8C2Q\4&103B6BA3&0&020000Manufacturer: (Standard CD-ROM drives)Name: MATSHITA DVD-RAM UJ8C2QPNP Device ID: SCSI\CDROM&VEN_MATSHITA&PROD_DVD-RAM_UJ8C2Q\4&103B6BA3&0&020000Service: cdrom.==== System Restore Points ===================.RP26: 5/30/2013 10:30:17 AM - Installed MIDI-OXRP27: 6/7/2013 3:37:35 PM - Scheduled CheckpointRP28: 6/12/2013 10:40:10 PM - Windows UpdateRP29: 6/16/2013 1:05:21 PM - Windows Update.==== Installed Programs ======================.7-Zip 9.20 (x64 edition)99 levels to hellAdobe AIRAdobe Flash Player 11 PluginAdobe Help ManagerAdobe Illustrator CS6Adobe Photoshop CS6Adobe Reader XI (11.0.03)Adobe Shockwave Player 12.0AlchemyAoA Audio Extractor PlatinumApple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 2.0.3avast! Free AntivirusBitTorrentBome's SendSX V1.22BonjourBroadcom Card Reader Driver InstallerCelemony Melodyne version 2.1CopyPod (remove only)Dear EstherDecisionTools Suite 6.1Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDropboxDungeon DefendersDynamite JackEffectrix 1.4Electric Sheep 2.7b34cEnglish Country TuneETDWare PS/2-X64 11.6.8.001_WHQLEvolandFabFilter Pro-Q VST RTAS v1.0.1.6Focusrite USB Audio Driver 1.10FTL: Faster Than LightGlaceVerb 1.01Google ChromeGoogle Update HelperiExplorer 3.2.2.6Intel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyIntel® SDK for OpenCL - CPU Only Runtime PackageIntel® Trusted Connect Service ClientIntrusion 2iTunesiZotope Alloy 2Java 7 Update 13Java 7 Update 17 (64-bit)Java Auto UpdaterJava SE Development Kit 7 Update 13 (64-bit)JDownloader 0.9Korg Legacy Collection v1.1.10Last.fm Scrobbler 2.1.35Little InfernoLive 8.2.2Malwarebytes Anti-Malware version 1.75.0.1300Microsoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 32-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - EspañolMicrosoft Office Shared 32-bit MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft Word MUI (English) 2013Microsoft XNA Framework Redistributable 4.0Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86MIDI-OXMixed In Key 4Mozilla Maintenance ServiceMozilla Thunderbird 17.0.2 (x86 en-US)Mp3tag v2.55aMyWinLocker SuiteNative Instruments Controller EditorNative Instruments Hardware Controller SupportNative Instruments MaschineNative Instruments Maschine Controller DriverNative Instruments Maschine DriverNative Instruments MassiveNative Instruments Service CenterNightSkyNotepad++NVIDIA Control Panel 310.90NVIDIA Graphics Driver 310.90NVIDIA Install ApplicationNVIDIA Optimus 1.11.3NVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Update 1.11.3NVIDIA Update ComponentsOffice AddinOutils de vérification linguistique 2013 de Microsoft Office - FrançaisPale Moon 20.1-x64 (x64 en-US)PDF Settings CS6Portal 2PowerISOProteusPSP VintageWarmer 2.0.0Qualcomm Atheros Bluetooth Suite (64)Qualcomm Atheros WiFi Driver InstallationQuickTimeRane SL 2 (ver. 1.0.0a6)Realtek High Definition Audio DriverReason 5.0ReCycle 2.2.4reFX Nexus VSTi RTAS v2.2.0SanctumScratch Live 2.2.2 (22236)Secure Download ManagerSecureW2 Enterprise Client 3.5.9Shared C Run-time for x64ShredderSolar 2SoundToys Native Effects V4SP-404SX Wave ConverterStart8SteamSteinberg Hypersonic 2Super HexagonSuper House of Dead NinjasswMSMTeam Fortress 2Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Lync 2013 (KB2768004) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726961) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810014) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810017) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810018) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2760334) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2810015) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2727013) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2767865) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2810019) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768007) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768337) 64-Bit EditionVisual Studio 2005 Tools for Office Second Edition RuntimeVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)VLC media player 2.0.5Worms Revolution.==== Event Viewer Messages From Past Week ========.6/9/2013 2:19:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.6/9/2013 2:19:13 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/15/2013 9:27:22 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.6/15/2013 9:16:44 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.6/15/2013 8:08:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.6/15/2013 8:07:29 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:07:29 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/15/2013 8:06:05 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/15/2013 4:07:17 AM, Error: Microsoft-Windows-Ntfs [98] - Volume G: (\Device\HarddiskVolume7) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.6/15/2013 2:13:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa8004ad9ae0, 0xfffff8a0061515ae). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061513-24218-01.6/15/2013 12:35:02 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume G:. The exact nature of the corruption is unknown. The file system structures need to be scanned and fixed offline.6/15/2013 12:35:02 AM, Error: Microsoft-Windows-Ntfs [98] - Volume G: (\Device\HarddiskVolume8) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.6/15/2013 11:48:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa800553b010, 0xfffff88018c37000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061513-33828-01.6/15/2013 11:47:44 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.6/12/2013 10:07:31 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000133 (0x0000000000000000, 0x0000000000000501, 0x0000000000000500, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061213-17421-01.6/12/2013 1:40:41 PM, Error: disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.6/10/2013 5:45:46 PM, Error: volsnap [14] - The shadow copies of volume G: were aborted because of an IO failure on volume G:.6/10/2013 4:52:50 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume G:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x11000000000034. The name of the file is "\$RECYCLE.BIN\S-1-5-21-2842586972-3675289626-172333529-1002\$IV9X26P".6/10/2013 4:52:19 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.6/10/2013 4:41:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.6/10/2013 4:41:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service..==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.13.2Run by NHx at 15:09:33 on 2013-06-16Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3911.2151 [GMT -4:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\dwm.exeC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\Stardock\Start8\Start8Srv.exeC:\Program Files (x86)\Stardock\Start8\Start8_64.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exeC:\Program Files\Elantech\ETDService.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exeC:\Windows\RfBtnSvc64.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\SecureW2\sw2_service.exeC:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exeC:\Windows\system32\taskhostex.exeC:\Program Files\Elantech\ETDCtrl.exeC:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exeC:\Program Files\Elantech\ETDCtrlHelper.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\explorer.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exeC:\Users\xcomu_000\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Windows\System32\RuntimeBroker.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Common Files\Steam\SteamService.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Windows\system32\SndVol.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\WinMonitor.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://acer13.msn.comuDefault_Page_URL = hxxp://acer13.msn.commWinlogon: Userinit = userinit.exeBHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLLBHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silentuRun: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZEDuRun: [AdobeBridge] <no file>mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exemRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startupmRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimedRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}StartupFolder: C:\Users\XCOMU_~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\xcomu_000\AppData\Roaming\Dropbox\bin\Dropbox.exemPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: DisableCAD = dword:1IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B}\24C61636B677164756276416C6C6373547164756051627B6 : DHCPNameServer = 129.71.254.12 129.71.200.10TCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B}\6534550235166656E456470275962756C6563737 : DHCPNameServer = 128.172.1.1 128.172.90.11TCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B}\6534550274575637470275962756C6563737 : DHCPNameServer = 128.172.1.5 128.172.90.11TCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B}\73E4439533 : DHCPNameServer = 192.168.1.1 71.252.0.12TCP: Interfaces\{672D121D-D3D6-4F31-832A-9DDA0312851B}\75574516E676C414E4 : DHCPNameServer = 192.168.1.1Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLHandler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLAppInit_DLLs= C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettingsx64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLLx64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLLx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchx64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-mPolicies-System: PromptOnSecureDesktop = dword:0x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0x64-mPolicies-System: DisableCAD = dword:1x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dllx64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dllx64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLx64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-29 65336]R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-11-1 645952]R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-1-27 30648]R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-3-29 1025808]R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-3-29 377920]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-3-29 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-3-29 80816]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-10 211584]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-29 45248]R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-9-3 28560]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-1 165760]R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2012-11-9 6370680]R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-11-1 93296]R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-1-31 142960]R2 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2012-11-2 106920]R2 TolbarUpdater;Toolbar Updater;C:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exe [2012-8-15 508416]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-1 364416]R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-11-1 81536]R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-8-13 72280]R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-8-13 21080]R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-11-1 33944]R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\Drivers\cbfs3.sys [2013-6-12 352144]R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\Drivers\ETD.sys [2012-9-3 318864]R3 FFUsbAudio;Focusrite USB Audio Driver;C:\Windows\System32\Drivers\ffusbaudio.sys [2013-1-28 53080]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-3 342528]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-11-1 26736]S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-29 178624]S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-11-1 88728]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-11-1 344216]S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-11-1 114840]S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-11-1 178840]S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-11-1 76952]S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-11-1 135832]S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-11-1 567808]S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]S3 gbxavs;Maschine Midi;C:\Windows\System32\Drivers\gbxavs.sys [2011-7-7 357968]S3 gbxusb_svc;Maschine Controller;C:\Windows\System32\Drivers\gbxusb.sys [2011-7-7 68688]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]S3 SL2Usb;SL2 Driver;C:\Windows\System32\Drivers\SL2Usb.sys [2013-4-9 56952]S3 strmdrvl;Rane SL 2;C:\Windows\System32\Drivers\strmdrvl.sys [2013-4-9 35912]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-9-28 53760]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-25 89088].=============== Created Last 30 ================.2013-06-15 16:48:50 -------- d-----w- C:\Users\xcomu_000\AppData\Roaming\Daichi2013-06-14 21:48:11 -------- d-----w- C:\Program Files (x86)\Common Files\VST32013-06-13 01:52:41 -------- d-----w- C:\Users\xcomu_000\AppData\Roaming\Celemony Software GmbH2013-06-13 01:51:24 -------- d-----w- C:\Program Files\VstPlugins2013-06-13 01:51:22 -------- d-----w- C:\Program Files\Celemony2013-06-13 01:51:19 -------- d-----w- C:\Program Files\Common Files\VST32013-06-13 01:51:19 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software2013-06-13 01:51:17 -------- d-----w- C:\ProgramData\Celemony Software GmbH2013-06-13 01:51:17 -------- d-----w- C:\Program Files\Common Files\Celemony2013-06-13 01:41:59 1889280 ----a-w- C:\Windows\System32\crypt32.dll2013-06-13 01:41:59 1569792 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-06-13 01:41:58 1255936 ----a-w- C:\Windows\System32\certutil.exe2013-06-13 01:41:57 68096 ----a-w- C:\Windows\System32\cryptsvc.dll2013-06-13 01:41:57 141312 ----a-w- C:\Windows\System32\cryptnet.dll2013-06-13 01:41:57 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-06-13 01:41:57 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe2013-06-13 01:41:10 733184 ----a-w- C:\Windows\System32\win32spl.dll2013-06-13 01:39:59 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll2013-06-13 01:26:35 -------- d-----w- C:\Users\xcomu_000\AppData\Local\Macroplant_LLC2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-06-13 01:19:05 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-06-13 01:16:11 190480 ----a-w- C:\Windows\System32\CbFsMntNtf3.dll2013-06-13 01:16:10 158224 ----a-w- C:\Windows\SysWow64\CbFsMntNtf3.dll2013-06-13 01:16:10 141328 ----a-w- C:\Windows\System32\CbFsNetRdr3.dll2013-06-13 01:16:08 223760 ----a-w- C:\Windows\SysWow64\CbFsNetRdr3.dll2013-06-13 01:15:58 352144 ----a-w- C:\Windows\System32\drivers\cbfs3.sys2013-06-13 01:15:42 -------- d-----w- C:\Program Files (x86)\iExplorer2013-06-07 22:12:35 -------- d-----w- C:\Users\xcomu_000\AppData\Roaming\Mp3tag2013-06-05 14:21:27 -------- d-----w- C:\Users\xcomu_000\AppData\Roaming\Moonchild Productions2013-06-05 14:21:27 -------- d-----w- C:\Users\xcomu_000\AppData\Local\Moonchild Productions2013-06-05 14:20:26 -------- d-----w- C:\Program Files\Pale Moon2013-05-30 15:29:43 -------- d-----w- C:\Program Files (x86)\BorgStation2013-05-30 14:30:42 -------- d-----w- C:\Program Files (x86)\MIDIOX2013-05-30 14:18:12 -------- d-----w- C:\Program Files (x86)\Bome's SendSX2013-05-28 18:28:32 -------- d-----w- C:\Users\xcomu_000\AppData\Roaming\Little Inferno2013-05-24 23:25:33 -------- d-----w- C:\Program Files (x86)\Mp3tag2013-05-21 01:00:18 5079256 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-05-21 01:00:18 4843712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-05-21 01:00:18 25367232 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-05-21 00:34:04 6795992 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe2013-05-21 00:34:04 6572736 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll2013-05-21 00:33:36 35345600 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL2013-05-19 16:37:25 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP2013-05-19 16:37:22 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard2013-05-19 16:37:16 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll2013-05-19 16:37:16 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll2013-05-19 16:37:16 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll2013-05-19 16:37:16 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll2013-05-19 16:37:15 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll2013-05-19 16:37:14 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll2013-05-19 16:37:14 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll2013-05-19 16:37:11 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll2013-05-19 16:37:11 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll2013-05-19 16:37:09 107368 ----a-w- C:\Windows\System32\xinput1_3.dll2013-05-18 02:30:59 785408 ----a-w- C:\Windows\System32\audiosrv.dll.==================== Find3M ====================.2013-06-14 22:37:48 165888 ----a-w- C:\Windows\SysWow64\WinMonitor.exe2013-06-14 22:37:47 17864381 ----a-w- C:\Windows\SysWow64\libs.exe2013-06-04 22:09:22 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-04 22:09:22 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-05-15 22:37:03 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-05-15 22:35:49 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-05-14 13:14:01 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-14 09:23:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-04 07:45:29 2233600 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-04-28 22:30:55 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-04-28 22:30:12 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-28 22:28:33 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-04-28 22:28:29 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-04-28 22:28:00 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-04-16 02:34:44 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-13 05:56:35 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-12 04:24:05 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-04-12 04:24:04 963488 ----a-w- C:\Windows\System32\deployJava1.dll2013-04-12 04:24:04 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-04-11 06:40:48 6987528 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-09 05:33:02 489576 ----a-w- C:\Windows\System32\AudioEng.dll2013-04-09 05:33:02 446792 ----a-w- C:\Windows\System32\AudioSes.dll2013-04-09 05:33:02 253544 ----a-w- C:\Windows\System32\audiodg.exe2013-04-09 05:27:43 284424 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-04-09 05:20:02 86280 ----a-w- C:\Windows\System32\kdnet.dll2013-04-09 05:20:02 306952 ----a-w- C:\Windows\System32\kd_02_10ec.dll2013-04-09 05:18:05 77960 ----a-w- C:\Windows\System32\kdvm.dll2013-04-09 05:17:57 1829408 ----a-w- C:\Windows\System32\ntdll.dll2013-04-09 04:52:07 816128 ----a-w- C:\Windows\System32\SearchIndexer.exe2013-04-09 04:52:07 373760 ----a-w- C:\Windows\System32\SearchProtocolHost.exe2013-04-09 04:52:07 197120 ----a-w- C:\Windows\System32\SearchFilterHost.exe2013-04-09 04:52:07 126464 ----a-w- C:\Windows\System32\Robocopy.exe2013-04-09 04:52:06 804352 ----a-w- C:\Windows\System32\RecoveryDrive.exe2013-04-09 04:51:51 367616 ----a-w- C:\Windows\System32\conhost.exe2013-04-09 04:51:45 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-04-09 04:51:41 99840 ----a-w- C:\Windows\System32\wscsvc.dll2013-04-09 04:51:41 456704 ----a-w- C:\Windows\System32\wpncore.dll2013-04-09 04:51:20 13648384 ----a-w- C:\Windows\System32\Windows.UI.Xaml.dll2013-04-09 04:51:17 595456 ----a-w- C:\Windows\System32\Windows.Networking.dll2013-04-09 04:51:17 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-04-09 04:51:05 10116096 ----a-w- C:\Windows\System32\twinui.dll2013-04-09 04:51:03 3552768 ----a-w- C:\Windows\System32\tquery.dll2013-04-09 04:50:53 414720 ----a-w- C:\Windows\System32\GenuineCenter.dll2013-04-09 04:50:39 422400 ----a-w- C:\Windows\System32\schannel.dll2013-04-09 04:50:39 1285632 ----a-w- C:\Windows\System32\schedsvc.dll2013-04-09 04:50:03 96256 ----a-w- C:\Windows\System32\mssprxy.dll2013-04-09 04:50:03 745984 ----a-w- C:\Windows\System32\mssvp.dll2013-04-09 04:50:03 2107904 ----a-w- C:\Windows\System32\mssrch.dll2013-04-09 04:50:02 65024 ----a-w- C:\Windows\System32\msscntrs.dll2013-04-09 04:50:02 435200 ----a-w- C:\Windows\System32\mssph.dll2013-04-09 04:50:02 13824 ----a-w- C:\Windows\System32\msshooks.dll2013-04-09 04:49:54 1444864 ----a-w- C:\Windows\System32\MSAudDecMFT.dll2013-04-09 04:49:45 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll2013-04-09 04:49:45 281088 ----a-w- C:\Windows\System32\mfreadwrite.dll2013-04-09 04:49:36 817152 ----a-w- C:\Windows\System32\kerberos.dll2013-04-09 04:49:33 210432 ----a-w- C:\Windows\System32\iuilp.dll2013-04-09 04:49:16 50176 ----a-w- C:\Windows\System32\fmifs.dll2013-04-09 04:49:16 231936 ----a-w- C:\Windows\System32\fhengine.dll2013-04-09 04:49:09 172544 ----a-w- C:\Windows\System32\dwmredir.dll2013-04-09 04:49:06 196096 ----a-w- C:\Windows\System32\dmvdsitf.dll2013-04-09 04:48:43 2303488 ----a-w- C:\Windows\System32\authui.dll2013-04-09 04:48:42 169472 ----a-w- C:\Windows\System32\AudioEndpointBuilder.dll2013-04-09 04:48:34 419840 ----a-w- C:\Windows\System32\intl.cpl2013-04-09 02:35:13 4038144 ----a-w- C:\Windows\System32\win32k.sys2013-04-09 02:34:49 83968 ----a-w- C:\Windows\System32\drivers\hidclass.sys2013-04-09 02:34:42 27648 ----a-w- C:\Windows\System32\drivers\hidusb.sys2013-04-09 02:34:30 95744 ----a-w- C:\Windows\System32\drivers\hidbth.sys2013-04-09 02:33:41 60416 ----a-w- C:\Windows\System32\drivers\ndproxy.sys2013-04-09 02:33:05 623104 ----a-w- C:\Windows\System32\drivers\srv2.sys2013-04-09 02:32:02 805376 ----a-w- C:\Windows\System32\drivers\PEAuth.sys2013-04-09 02:31:14 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys2013-04-09 02:31:01 83456 ----a-w- C:\Windows\System32\drivers\wanarp.sys2013-04-08 23:44:25 123880 ----a-w- C:\Windows\SysWow64\wscapi.dll2013-04-08 23:39:14 1408896 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-04-08 23:37:29 426024 ----a-w- C:\Windows\SysWow64\AudioEng.dll2013-04-08 23:37:29 324368 ----a-w- C:\Windows\SysWow64\AudioSes.dll2013-04-08 21:52:16 670208 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe2013-04-08 21:52:16 302592 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe2013-04-08 21:52:16 171008 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe2013-04-08 21:52:16 106496 ----a-w- C:\Windows\SysWow64\Robocopy.exe2013-04-08 21:52:06 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-04-04 23:30:17 503080 ----a-w- C:\Windows\System32\ci.dll2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-02 23:37:46 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-04-02 23:12:32 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-03-31 22:40:57 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll2013-03-30 18:16:05 1403784 ----a-w- C:\Windows\System32\winload.efi2013-03-30 18:16:05 1267424 ----a-w- C:\Windows\System32\winload.exe2013-03-28 22:09:09 1093880 ----a-w- C:\Windows\System32\winresume.exe2013-03-28 22:09:04 1217328 ----a-w- C:\Windows\System32\winresume.efi2013-03-22 03:49:55 2382336 ----a-w- C:\Windows\SysWow64\esent.dll2013-03-21 22:47:13 2851840 ----a-w- C:\Windows\System32\esent.dll.============= FINISH: 15:10:13.02 ===============RogueKiller V8.6.0 _x64_ [Jun 15 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8Started in : Normal modeUser : NHx [Admin rights]Mode : Scan -- Date : 06/16/2013 15:16:19| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] ToolbarUpdater.exe -- C:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exe [-] -> KILLED [TermProc]¤¤¤ Registry Entries : 5 ¤¤¤[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[sCREENSVR][sUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\es.scr [-]) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++--- User ---[MBR] 47c02c7ca0e2635bd412b44a4d9b64b6[bSP] e23edef54538f17ad6fcbaec8c253e93 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_06162013_151619.txt >> Link to post Share on other sites More sharing options...
MrCharlie Posted June 16, 2013 ID:691996 Share Posted June 16, 2013 Please download Farbar Recovery Scan Tool and save it to a folder. (64bit version)Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.MrC Link to post Share on other sites More sharing options...
NHX Posted June 16, 2013 Author ID:692045 Share Posted June 16, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01Ran by NHx (administrator) on 16-06-2013 18:09:47Running from C:\Users\xcomu_000\DownloadsWindows 8 (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: Normal==================== Processes (Whitelisted) =================(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe(Dritek System INC.) C:\Windows\RfBtnSvc64.exe(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_service.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe(Dropbox, Inc.) C:\Users\xcomu_000\AppData\Roaming\Dropbox\bin\Dropbox.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Serato) C:\Program Files (x86)\Serato\ScratchLIVE\ScratchLive.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-10] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [1212048 2012-06-07] (Realtek Semiconductor)HKLM\...\Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe" [64640 2012-08-10] ()HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3933496 2012-09-20] (Logitech, Inc.)HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [478984 2012-12-15] (Adobe Systems Incorporated)HKCU\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-06] (Valve Corporation)HKCU\...\Run: [bitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED [882520 2013-04-13] (BitTorrent Inc.)HKCU\...\Run: [AdobeBridge] [x]HKCU\...\Run: [iSproggler] "C:\Users\xcomu_000\Downloads\iSproggler-1.2.0-bin\iSproggler.exe" [x]HKCU\...\Run: [GoogleChromeAutoLaunch_C66C15D03587D6C363059E1901888850] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-05-29] (Google Inc.)MountPoints2: D - "D:\Autorun.exe" MountPoints2: E - "E:\Autorun.exe" HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)HKLM-x32\...\Run: [secureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe [211880 2012-11-02] (SecureW2 B.V.)HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336992 2012-12-09] (Power Software Ltd)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKU\Default\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]HKU\Default User\...\RunOnce: [RegAutoPlay] C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe /r [x]AppInit_DLLs: C:\Windows\system32\nvinitx.dll [246024 2012-12-29] (NVIDIA Corporation)Startup: C:\Users\xcomu_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\xcomu_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)BootExecute: autocheck autochk /m /P \Device\HarddiskVolume8autocheck autochk * ==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.comHKCU SearchScopes: DefaultScope {94A31645-2C99-4161-BB09-3077BFA2364F} URL = SearchScopes: HKCU - {94A31645-2C99-4161-BB09-3077BFA2364F} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Chrome: =======CHR HomePage: hxxp://acer13.msn.com/CHR Extension: (Google Docs) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0CHR Extension: (Google Drive) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0CHR Extension: (YouTube) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Adblock Plus) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0CHR Extension: (Google Search) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (Tampermonkey) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.1.3440_0CHR Extension: (avast! WebRep) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0CHR Extension: (StayFocusd) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.10_0CHR Extension: (Gmail) - C:\Users\xcomu_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0==================== Services (Whitelisted) =================R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-06] (AVAST Software)R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.)R2 ETDService; C:\Program Files\Elantech\ETDService.exe [28560 2012-08-30] (ELAN Microelectronics Corp.)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-11-01] (Dritek System INC.)R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-01-31] (Stardock Software, Inc)R2 SW2SVC; C:\Program Files (x86)\SecureW2\sw2_service.exe [106920 2012-11-02] (SecureW2 B.V.)S2 TolbarUpdater; C:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exe [508416 2012-08-14] () <===== ATTENTIONS3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)==================== Drivers (Whitelisted) ====================R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-03-06] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-03-06] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2013-03-06] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-03-06] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-03-06] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2013-03-06] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2013-03-06] (AVAST Software)S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178624 2013-03-06] ()S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)R3 FFUsbAudio; C:\Windows\system32\DRIVERS\ffusbaudio.sys [53080 2011-10-31] (Focusrite Audio Engineering Ltd.)S3 gbxavs; C:\Windows\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)S3 gbxusb_svc; C:\Windows\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-01] (Dritek System Inc.)S3 SL2Usb; C:\Windows\System32\Drivers\SL2Usb.sys [56952 2011-01-18] (Cristalink Ltd)S3 strmdrvl; C:\Windows\System32\Drivers\strmdrvl.sys [35912 2011-03-14] (Rane Corporation)S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-06-16 18:06 - 2013-06-16 18:06 - 00000000 ____D C:\FRST2013-06-16 18:05 - 2013-06-16 18:05 - 01926844 ____A (Farbar) C:\Users\xcomu_000\Downloads\FRST64.exe2013-06-16 15:16 - 2013-06-16 15:16 - 00001721 ____A C:\Users\xcomu_000\Desktop\RKreport[0]_S_06162013_151619.txt2013-06-16 15:13 - 2013-06-16 15:19 - 00000000 ____D C:\Users\xcomu_000\Desktop\RK_Quarantine2013-06-16 15:12 - 2013-06-16 15:19 - 00047774 ____A C:\Users\xcomu_000\Documents\Malreport.txt2013-06-16 15:12 - 2013-06-16 15:12 - 03748864 ____A C:\Users\xcomu_000\Downloads\RogueKillerX64.exe2013-06-16 15:10 - 2013-06-16 15:10 - 00028642 ____A C:\Users\xcomu_000\Desktop\dds.txt2013-06-16 15:10 - 2013-06-16 15:10 - 00017401 ____A C:\Users\xcomu_000\Desktop\attach.txt2013-06-16 15:09 - 2013-06-16 15:09 - 00688992 ____R (Swearware) C:\Users\xcomu_000\Downloads\dds.com2013-06-16 15:08 - 2013-06-16 15:08 - 00000022 ____A C:\Users\xcomu_000\Documents\Forum Production Secrets.txt2013-06-16 14:11 - 2013-06-16 14:12 - 00000000 ____D C:\Users\xcomu_000\Downloads\SoundToys Native Effects VST RTAS v3.1.2 AiR2013-06-16 13:10 - 2013-06-16 13:10 - 00000216 ____A C:\Users\xcomu_000\Documents\Serato Color Code.txt2013-06-15 23:48 - 2013-06-15 23:48 - 00289720 ____A C:\Windows\Minidump\061513-33828-01.dmp2013-06-15 14:13 - 2013-06-15 14:13 - 00290584 ____A C:\Windows\Minidump\061513-24218-01.dmp2013-06-15 12:48 - 2013-06-15 12:48 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Daichi2013-06-14 18:38 - 2013-06-16 17:11 - 00000020 ____A C:\Windows\SysWOW64\time.dat2013-06-14 18:37 - 2013-06-16 17:29 - 00166400 ____A C:\Windows\SysWOW64\winmonitor.exe2013-06-14 18:37 - 2013-06-14 18:37 - 17864381 ____A C:\Windows\SysWOW64\libs.exe2013-06-14 18:37 - 2012-05-25 14:34 - 00000000 ____D C:\Windows\SysWOW64\profile2013-06-14 18:37 - 2012-05-25 14:34 - 00000000 ____D C:\Windows\SysWOW64\plugins2013-06-14 18:37 - 2012-05-16 14:03 - 01907200 ____A C:\Windows\SysWOW64\Skybound.Gecko.dll2013-06-14 18:37 - 2012-05-07 18:10 - 00000000 ____D C:\Windows\SysWOW64\dictionaries2013-06-14 18:37 - 2012-05-07 18:08 - 04380384 ____A C:\Windows\SysWOW64\omni.ja2013-06-14 18:37 - 2012-04-20 16:17 - 00001221 ____A C:\Windows\SysWOW64\precomplete2013-06-14 18:37 - 2012-04-20 16:17 - 00000478 ____A C:\Windows\SysWOW64\softokn3.chk2013-06-14 18:37 - 2012-04-20 16:17 - 00000478 ____A C:\Windows\SysWOW64\nssdbm3.chk2013-06-14 18:37 - 2012-04-20 16:17 - 00000478 ____A C:\Windows\SysWOW64\freebl3.chk2013-06-14 18:37 - 2012-04-20 16:17 - 00000036 ____A C:\Windows\SysWOW64\chrome.manifest2013-06-14 18:37 - 2012-04-20 16:11 - 14446592 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xul.dll2013-06-14 18:37 - 2012-04-20 16:11 - 00030720 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xpcshell.exe2013-06-14 18:37 - 2012-04-20 16:11 - 00012288 ____A (Mozilla Foundation) C:\Windows\SysWOW64\xpcom.dll2013-06-14 18:37 - 2012-04-20 16:11 - 00009728 ____A (Mozilla Corporation) C:\Windows\SysWOW64\plugin-container.exe2013-06-14 18:37 - 2012-04-20 16:11 - 00008192 ____A (Mozilla Foundation) C:\Windows\SysWOW64\redit.exe2013-06-14 18:37 - 2012-04-20 16:11 - 00000130 ____A C:\Windows\SysWOW64\dependentlibs.list2013-06-14 18:37 - 2012-04-20 16:08 - 00364544 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssckbi.dll2013-06-14 18:37 - 2012-04-20 16:08 - 00151552 ____A (Mozilla Foundation) C:\Windows\SysWOW64\ssl3.dll2013-06-14 18:37 - 2012-04-20 16:08 - 00098304 ____A (Mozilla Foundation) C:\Windows\SysWOW64\smime3.dll2013-06-14 18:37 - 2012-04-20 16:07 - 00638976 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nss3.dll2013-06-14 18:37 - 2012-04-20 16:07 - 00262144 ____A (Mozilla Foundation) C:\Windows\SysWOW64\freebl3.dll2013-06-14 18:37 - 2012-04-20 16:07 - 00163840 ____A (Mozilla Foundation) C:\Windows\SysWOW64\softokn3.dll2013-06-14 18:37 - 2012-04-20 16:07 - 00102400 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssdbm3.dll2013-06-14 18:37 - 2012-04-20 16:07 - 00098304 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nssutil3.dll2013-06-14 18:37 - 2012-04-20 16:04 - 00026624 ____A (Mozilla Foundation) C:\Windows\SysWOW64\IA2Marshal.dll2013-06-14 18:37 - 2012-04-20 16:04 - 00012288 ____A (Mozilla Foundation) C:\Windows\SysWOW64\AccessibleMarshal.dll2013-06-14 18:37 - 2012-04-20 16:03 - 00589824 ____A (Mozilla Foundation) C:\Windows\SysWOW64\gkmedias.dll2013-06-14 18:37 - 2012-04-20 15:38 - 00102400 ____A (Mozilla Foundation) C:\Windows\SysWOW64\libEGL.dll2013-06-14 18:37 - 2012-04-20 15:37 - 00458752 ____A (Mozilla Foundation) C:\Windows\SysWOW64\libGLESv2.dll2013-06-14 18:37 - 2012-04-20 15:34 - 00524288 ____A (sqlite.org) C:\Windows\SysWOW64\mozsqlite3.dll2013-06-14 18:37 - 2012-04-20 15:22 - 02002944 ____A C:\Windows\SysWOW64\js.exe2013-06-14 18:37 - 2012-04-20 15:22 - 01945600 ____A C:\Windows\SysWOW64\mozjs.dll2013-06-14 18:37 - 2012-04-20 15:19 - 00167936 ____A (Mozilla Foundation) C:\Windows\SysWOW64\nspr4.dll2013-06-14 18:37 - 2012-04-20 15:19 - 00026112 ____A (Mozilla Foundation) C:\Windows\SysWOW64\mozglue.dll2013-06-14 18:37 - 2012-04-20 15:19 - 00014848 ____A (Mozilla Foundation) C:\Windows\SysWOW64\plc4.dll2013-06-14 18:37 - 2012-04-20 15:19 - 00011776 ____A (Mozilla Foundation) C:\Windows\SysWOW64\plds4.dll2013-06-14 18:37 - 2012-04-20 15:19 - 00009216 ____A (Mozilla Foundation) C:\Windows\SysWOW64\mozalloc.dll2013-06-14 18:37 - 2006-12-02 06:22 - 00479232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcm80.dll2013-06-14 18:37 - 2006-12-01 22:03 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll2013-06-14 18:37 - 2006-12-01 22:03 - 00548864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll2013-06-14 18:37 - 2006-12-01 22:03 - 00001869 ____A C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest2013-06-12 21:57 - 2013-06-12 21:57 - 00000000 ____D C:\Users\xcomu_000\Documents\Celemony2013-06-12 21:52 - 2013-06-12 21:59 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Celemony Software GmbH2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\ProgramData\Celemony Software GmbH2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\VstPlugins2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\VST32013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\Celemony2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Celemony2013-06-12 21:49 - 2013-06-12 21:49 - 00000160 ____A C:\Users\xcomu_000\Documents\Shawn Gospel.txt2013-06-12 21:41 - 2013-04-27 01:20 - 00733184 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll2013-06-12 21:41 - 2013-04-23 19:13 - 01013248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe2013-06-12 21:41 - 2013-04-23 19:12 - 01569792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-06-12 21:41 - 2013-04-23 19:12 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-06-12 21:41 - 2013-04-23 18:56 - 01255936 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe2013-06-12 21:41 - 2013-04-23 18:55 - 01889280 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll2013-06-12 21:41 - 2013-04-23 18:55 - 00141312 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll2013-06-12 21:41 - 2013-04-23 18:55 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll2013-06-12 21:40 - 2013-05-15 18:36 - 14320640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-06-12 21:40 - 2013-05-15 18:35 - 19230720 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-06-12 21:40 - 2013-05-04 03:45 - 02233600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-06-12 21:40 - 2013-04-28 18:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-06-12 21:40 - 2013-04-28 18:30 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-06-12 21:40 - 2013-04-28 18:30 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-06-12 21:40 - 2013-04-28 18:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-06-12 21:40 - 2013-04-28 18:28 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-06-12 21:40 - 2013-04-28 18:28 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-06-12 21:40 - 2013-04-28 18:28 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-06-12 21:40 - 2013-04-28 18:27 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-06-12 21:40 - 2013-04-28 18:27 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-06-12 21:40 - 2013-04-02 19:37 - 00025088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll2013-06-12 21:40 - 2013-04-02 19:12 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll2013-06-12 21:39 - 2013-05-15 18:37 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2013-06-12 21:39 - 2013-05-15 18:35 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\UXInit.dll2013-06-12 21:39 - 2013-05-14 09:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-06-12 21:39 - 2013-05-14 05:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-06-12 21:39 - 2013-04-28 18:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-06-12 21:39 - 2013-04-28 18:30 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-06-12 21:39 - 2013-04-28 18:30 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-06-12 21:39 - 2013-04-28 18:28 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll2013-06-12 21:39 - 2013-04-28 18:28 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-06-12 21:39 - 2013-04-28 18:28 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-06-12 21:39 - 2013-04-28 18:27 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-06-12 21:28 - 2013-06-13 12:46 - 00000000 ____D C:\Users\xcomu_000\Desktop\Gospel of Shawn2013-06-12 21:26 - 2013-06-12 21:26 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Macroplant_LLC2013-06-12 21:17 - 2013-06-12 21:19 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-06-12 21:16 - 2012-04-09 16:27 - 00223760 ____A (EldoS Corporation) C:\Windows\SysWOW64\CbFsNetRdr3.dll2013-06-12 21:16 - 2012-04-09 16:27 - 00190480 ____A (EldoS Corporation) C:\Windows\System32\CbFsMntNtf3.dll2013-06-12 21:16 - 2012-04-09 16:27 - 00158224 ____A (EldoS Corporation) C:\Windows\SysWOW64\CbFsMntNtf3.dll2013-06-12 21:16 - 2012-04-09 16:27 - 00141328 ____A (EldoS Corporation) C:\Windows\System32\CbFsNetRdr3.dll2013-06-12 21:15 - 2013-06-12 21:15 - 00000000 ____D C:\Program Files (x86)\iExplorer2013-06-12 21:15 - 2012-04-09 16:27 - 00352144 ____A (EldoS Corporation) C:\Windows\System32\Drivers\cbfs3.sys2013-06-12 10:07 - 2013-06-12 10:07 - 00291592 ____A C:\Windows\Minidump\061213-17421-01.dmp2013-06-10 12:06 - 2013-06-15 02:47 - 00001586 ____A C:\Users\xcomu_000\Documents\Dubspot Ozone Course.txt2013-06-07 18:12 - 2013-06-16 00:40 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Mp3tag2013-06-07 12:19 - 2013-06-07 12:19 - 00001829 ____A C:\Users\UpdatusUser\Desktop\CopyPod.lnk2013-06-05 12:02 - 2013-06-05 13:25 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Notepad++2013-06-05 12:02 - 2013-06-05 13:25 - 00000000 ____D C:\Program Files (x86)\Notepad++2013-06-05 10:21 - 2013-06-05 10:21 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Moonchild Productions2013-06-05 10:21 - 2013-06-05 10:21 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Moonchild Productions2013-06-05 10:20 - 2013-06-05 10:20 - 00000000 ____D C:\Program Files\Pale Moon2013-06-05 09:16 - 2013-06-05 09:16 - 00337256 ____A C:\Windows\Minidump\060513-24187-01.dmp2013-06-03 22:22 - 2013-06-03 22:22 - 00337408 ____A C:\Windows\Minidump\060313-30125-01.dmp2013-06-01 23:18 - 2013-06-01 23:18 - 00342688 ____A C:\Windows\Minidump\060113-25890-01.dmp2013-05-30 21:51 - 2013-05-30 21:51 - 00294656 ____A C:\Windows\Minidump\053013-64953-01.dmp2013-05-30 11:29 - 2013-05-30 11:29 - 00000000 ____D C:\Program Files (x86)\BorgStation2013-05-30 11:18 - 2013-05-30 11:19 - 00344304 ____A C:\Windows\Minidump\053013-67281-01.dmp2013-05-30 10:30 - 2013-05-30 10:30 - 00000000 ____D C:\Program Files (x86)\MIDIOX2013-05-30 10:18 - 2013-05-30 10:18 - 00000000 ____D C:\Program Files (x86)\Bome's SendSX2013-05-28 14:28 - 2013-05-28 14:48 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Little Inferno2013-05-27 17:20 - 2013-05-27 17:20 - 00000070 ____A C:\Users\xcomu_000\Documents\Watch or Read.txt2013-05-24 19:25 - 2013-05-24 19:25 - 00000000 ____D C:\Program Files (x86)\Mp3tag2013-05-23 15:15 - 2013-05-23 15:17 - 00000319 ____A C:\Users\xcomu_000\Documents\Top 10 Albums.txt2013-05-22 19:19 - 2013-05-22 19:19 - 00331008 ____A C:\Windows\Minidump\052213-57406-01.dmp2013-05-22 19:18 - 2013-05-22 19:19 - 05044520 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-21 21:38 - 2013-05-21 21:38 - 00344360 ____A C:\Windows\Minidump\052113-32750-01.dmp2013-05-19 12:37 - 2013-05-19 12:37 - 00000201 ____A C:\Windows\DirectX.log2013-05-19 12:37 - 2013-05-19 12:37 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP2013-05-19 12:37 - 2010-06-02 04:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll2013-05-19 12:37 - 2010-06-02 04:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll2013-05-19 12:37 - 2010-06-02 04:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll2013-05-19 12:37 - 2010-06-02 04:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll2013-05-19 12:37 - 2010-05-26 11:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll2013-05-19 12:37 - 2010-05-26 11:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll2013-05-19 12:37 - 2010-05-26 11:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll2013-05-19 12:37 - 2010-05-26 11:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll2013-05-19 12:37 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll2013-05-19 12:37 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll2013-05-17 22:31 - 2013-04-09 01:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll2013-05-17 22:31 - 2013-04-09 01:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll2013-05-17 22:31 - 2013-04-09 00:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll2013-05-17 22:31 - 2013-04-09 00:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll2013-05-17 22:31 - 2013-04-09 00:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll2013-05-17 22:31 - 2013-04-09 00:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll2013-05-17 22:31 - 2013-04-09 00:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll2013-05-17 22:31 - 2013-04-09 00:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll2013-05-17 22:31 - 2013-04-09 00:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll2013-05-17 22:31 - 2013-04-08 22:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-17 22:31 - 2013-04-08 17:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll2013-05-17 22:31 - 2013-04-08 17:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll2013-05-17 22:31 - 2013-04-08 17:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll2013-05-17 22:31 - 2013-04-08 17:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll2013-05-17 22:31 - 2013-04-08 17:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll2013-05-17 22:30 - 2013-04-09 01:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll2013-05-17 22:30 - 2013-04-09 01:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll2013-05-17 22:30 - 2013-04-09 01:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe2013-05-17 22:30 - 2013-04-09 01:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys2013-05-17 22:30 - 2013-04-09 01:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll2013-05-17 22:30 - 2013-04-09 01:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll2013-05-17 22:30 - 2013-04-09 00:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe2013-05-17 22:30 - 2013-04-09 00:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe2013-05-17 22:30 - 2013-04-09 00:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe2013-05-17 22:30 - 2013-04-09 00:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe2013-05-17 22:30 - 2013-04-09 00:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe2013-05-17 22:30 - 2013-04-09 00:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll2013-05-17 22:30 - 2013-04-09 00:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll2013-05-17 22:30 - 2013-04-09 00:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll2013-05-17 22:30 - 2013-04-09 00:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll2013-05-17 22:30 - 2013-04-09 00:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe2013-05-17 22:30 - 2013-04-09 00:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll2013-05-17 22:30 - 2013-04-09 00:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll2013-05-17 22:30 - 2013-04-09 00:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll2013-05-17 22:30 - 2013-04-09 00:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-17 22:30 - 2013-04-09 00:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll2013-05-17 22:30 - 2013-04-09 00:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl2013-05-17 22:30 - 2013-04-09 00:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll2013-05-17 22:30 - 2013-04-08 22:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys2013-05-17 22:30 - 2013-04-08 22:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys2013-05-17 22:30 - 2013-04-08 22:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys2013-05-17 22:30 - 2013-04-08 22:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys2013-05-17 22:30 - 2013-04-08 22:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys2013-05-17 22:30 - 2013-04-08 22:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys2013-05-17 22:30 - 2013-04-08 22:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys2013-05-17 22:30 - 2013-04-08 22:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys2013-05-17 22:30 - 2013-04-08 19:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll2013-05-17 22:30 - 2013-04-08 19:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-05-17 22:30 - 2013-04-08 19:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2013-05-17 22:30 - 2013-04-08 19:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2013-05-17 22:30 - 2013-04-08 17:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe2013-05-17 22:30 - 2013-04-08 17:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll2013-05-17 22:30 - 2013-04-08 17:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe2013-05-17 22:30 - 2013-04-08 17:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe2013-05-17 22:30 - 2013-04-08 17:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe2013-05-17 22:30 - 2013-04-08 17:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2013-05-17 22:30 - 2013-04-08 17:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl2013-05-17 22:30 - 2013-04-08 17:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll2013-05-17 22:30 - 2013-04-08 17:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll2013-05-17 22:30 - 2013-04-04 19:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll2013-05-17 22:30 - 2013-04-02 18:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml2013-05-17 22:30 - 2013-03-30 14:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi2013-05-17 22:30 - 2013-03-30 14:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe2013-05-17 22:30 - 2013-03-28 18:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi2013-05-17 22:30 - 2013-03-28 18:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe2013-05-17 22:30 - 2013-03-15 18:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll2013-05-17 22:30 - 2013-03-15 18:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll2013-05-17 22:30 - 2012-12-13 00:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll2013-05-17 22:30 - 2012-12-12 23:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll==================== One Month Modified Files and Folders =======2013-06-16 18:06 - 2013-06-16 18:06 - 00000000 ____D C:\FRST2013-06-16 18:05 - 2013-06-16 18:05 - 01926844 ____A (Farbar) C:\Users\xcomu_000\Downloads\FRST64.exe2013-06-16 18:02 - 2013-01-27 15:01 - 01366748 ____A C:\Windows\WindowsUpdate.log2013-06-16 18:02 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\sru2013-06-16 17:59 - 2013-01-31 23:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-06-16 17:48 - 2013-03-13 14:27 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Last.fm2013-06-16 17:29 - 2013-06-14 18:37 - 00166400 ____A C:\Windows\SysWOW64\winmonitor.exe2013-06-16 17:22 - 2013-01-27 15:07 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-06-16 17:11 - 2013-06-14 18:38 - 00000020 ____A C:\Windows\SysWOW64\time.dat2013-06-16 15:19 - 2013-06-16 15:13 - 00000000 ____D C:\Users\xcomu_000\Desktop\RK_Quarantine2013-06-16 15:19 - 2013-06-16 15:12 - 00047774 ____A C:\Users\xcomu_000\Documents\Malreport.txt2013-06-16 15:16 - 2013-06-16 15:16 - 00001721 ____A C:\Users\xcomu_000\Desktop\RKreport[0]_S_06162013_151619.txt2013-06-16 15:12 - 2013-06-16 15:12 - 03748864 ____A C:\Users\xcomu_000\Downloads\RogueKillerX64.exe2013-06-16 15:10 - 2013-06-16 15:10 - 00028642 ____A C:\Users\xcomu_000\Desktop\dds.txt2013-06-16 15:10 - 2013-06-16 15:10 - 00017401 ____A C:\Users\xcomu_000\Desktop\attach.txt2013-06-16 15:09 - 2013-06-16 15:09 - 00688992 ____R (Swearware) C:\Users\xcomu_000\Downloads\dds.com2013-06-16 15:08 - 2013-06-16 15:08 - 00000022 ____A C:\Users\xcomu_000\Documents\Forum Production Secrets.txt2013-06-16 15:07 - 2013-01-27 16:28 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\BitTorrent2013-06-16 14:12 - 2013-06-16 14:11 - 00000000 ____D C:\Users\xcomu_000\Downloads\SoundToys Native Effects VST RTAS v3.1.2 AiR2013-06-16 13:10 - 2013-06-16 13:10 - 00000216 ____A C:\Users\xcomu_000\Documents\Serato Color Code.txt2013-06-16 02:35 - 2013-01-27 15:17 - 00000000 ____D C:\Program Files (x86)\Steam2013-06-16 02:23 - 2013-03-14 15:31 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Dropbox2013-06-16 02:22 - 2013-01-27 15:07 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-06-16 01:32 - 2013-03-14 15:35 - 00000000 ___RD C:\Users\xcomu_000\Dropbox2013-06-16 00:40 - 2013-06-07 18:12 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Mp3tag2013-06-16 00:40 - 2013-01-27 23:22 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\vlc2013-06-16 00:33 - 2013-03-13 11:46 - 00000000 ____D C:\Users\xcomu_000\Downloads\Music DLs2013-06-15 23:48 - 2013-06-15 23:48 - 00289720 ____A C:\Windows\Minidump\061513-33828-01.dmp2013-06-15 23:48 - 2013-01-28 00:45 - 00000000 ____D C:\Windows\Minidump2013-06-15 23:48 - 2012-07-26 03:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-06-15 23:47 - 2013-01-28 00:44 - 572691929 ____A C:\Windows\MEMORY.DMP2013-06-15 22:41 - 2013-03-02 17:15 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Audacity2013-06-15 14:58 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\rescache2013-06-15 14:13 - 2013-06-15 14:13 - 00290584 ____A C:\Windows\Minidump\061513-24218-01.dmp2013-06-15 12:48 - 2013-06-15 12:48 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Daichi2013-06-15 12:47 - 2013-03-18 01:47 - 00000000 ____D C:\Users\xcomu_000\Downloads\DL Sort2013-06-15 03:31 - 2013-01-27 15:01 - 00000000 ____D C:\users\xcomu_0002013-06-15 02:53 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\AUInstallAgent2013-06-15 02:47 - 2013-06-10 12:06 - 00001586 ____A C:\Users\xcomu_000\Documents\Dubspot Ozone Course.txt2013-06-14 18:37 - 2013-06-14 18:37 - 17864381 ____A C:\Windows\SysWOW64\libs.exe2013-06-14 18:30 - 2013-02-12 17:08 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\CrashDumps2013-06-14 18:10 - 2013-03-31 18:47 - 00000000 ____D C:\Program Files (x86)\SoundToys2013-06-14 18:00 - 2013-04-14 15:35 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\iZotope2013-06-14 17:48 - 2013-04-14 15:35 - 00000000 ____D C:\Users\xcomu_000\Documents\iZotope2013-06-14 17:48 - 2013-04-14 15:34 - 00000000 ____D C:\Program Files (x86)\iZotope2013-06-14 12:14 - 2013-01-27 15:01 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Packages2013-06-14 03:55 - 2013-01-27 15:07 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Deployment2013-06-13 21:02 - 2013-04-07 22:34 - 00000733 ____A C:\Users\xcomu_000\Documents\Music to get.txt2013-06-13 17:31 - 2013-03-30 15:36 - 00000000 ____D C:\Users\xcomu_000\Documents\Native Instruments2013-06-13 16:58 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\System32\NDF2013-06-13 12:46 - 2013-06-12 21:28 - 00000000 ____D C:\Users\xcomu_000\Desktop\Gospel of Shawn2013-06-13 11:50 - 2013-01-27 17:42 - 00000000 ____D C:\ProgramData\Microsoft Help2013-06-13 11:46 - 2013-01-28 15:54 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-06-12 21:59 - 2013-06-12 21:52 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Celemony Software GmbH2013-06-12 21:57 - 2013-06-12 21:57 - 00000000 ____D C:\Users\xcomu_000\Documents\Celemony2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\ProgramData\Celemony Software GmbH2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\VstPlugins2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\VST32013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Common Files\Celemony2013-06-12 21:51 - 2013-06-12 21:51 - 00000000 ____D C:\Program Files\Celemony2013-06-12 21:49 - 2013-06-12 21:49 - 00000160 ____A C:\Users\xcomu_000\Documents\Shawn Gospel.txt2013-06-12 21:26 - 2013-06-12 21:26 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Macroplant_LLC2013-06-12 21:19 - 2013-06-12 21:17 - 00000000 ____D C:\Program Files (x86)\QuickTime2013-06-12 21:15 - 2013-06-12 21:15 - 00000000 ____D C:\Program Files (x86)\iExplorer2013-06-12 10:07 - 2013-06-12 10:07 - 00291592 ____A C:\Windows\Minidump\061213-17421-01.dmp2013-06-11 23:59 - 2012-07-26 03:28 - 00848230 ____A C:\Windows\System32\PerfStringBackup.INI2013-06-10 16:43 - 2012-07-26 01:26 - 00262144 __ASH C:\Windows\System32\config\BBI2013-06-07 12:19 - 2013-06-07 12:19 - 00001829 ____A C:\Users\UpdatusUser\Desktop\CopyPod.lnk2013-06-06 22:52 - 2013-04-07 19:19 - 00000000 ____D C:\Users\xcomu_000\Downloads\Video2013-06-05 13:25 - 2013-06-05 12:02 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Notepad++2013-06-05 13:25 - 2013-06-05 12:02 - 00000000 ____D C:\Program Files (x86)\Notepad++2013-06-05 10:21 - 2013-06-05 10:21 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Moonchild Productions2013-06-05 10:21 - 2013-06-05 10:21 - 00000000 ____D C:\Users\xcomu_000\AppData\Local\Moonchild Productions2013-06-05 10:20 - 2013-06-05 10:20 - 00000000 ____D C:\Program Files\Pale Moon2013-06-05 09:16 - 2013-06-05 09:16 - 00337256 ____A C:\Windows\Minidump\060513-24187-01.dmp2013-06-04 18:09 - 2012-07-26 04:14 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-06-04 18:09 - 2012-07-26 04:14 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-06-03 22:22 - 2013-06-03 22:22 - 00337408 ____A C:\Windows\Minidump\060313-30125-01.dmp2013-06-01 23:18 - 2013-06-01 23:18 - 00342688 ____A C:\Windows\Minidump\060113-25890-01.dmp2013-05-30 21:51 - 2013-05-30 21:51 - 00294656 ____A C:\Windows\Minidump\053013-64953-01.dmp2013-05-30 21:49 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\LiveKernelReports2013-05-30 13:50 - 2013-01-27 16:55 - 00000000 ____D C:\Program Files (x86)\JDownloader2013-05-30 11:29 - 2013-05-30 11:29 - 00000000 ____D C:\Program Files (x86)\BorgStation2013-05-30 11:19 - 2013-05-30 11:18 - 00344304 ____A C:\Windows\Minidump\053013-67281-01.dmp2013-05-30 10:30 - 2013-05-30 10:30 - 00000000 ____D C:\Program Files (x86)\MIDIOX2013-05-30 10:18 - 2013-05-30 10:18 - 00000000 ____D C:\Program Files (x86)\Bome's SendSX2013-05-28 14:48 - 2013-05-28 14:28 - 00000000 ____D C:\Users\xcomu_000\AppData\Roaming\Little Inferno2013-05-28 10:41 - 2012-07-26 03:21 - 00043908 ____A C:\Windows\setupact.log2013-05-27 17:20 - 2013-05-27 17:20 - 00000070 ____A C:\Users\xcomu_000\Documents\Watch or Read.txt2013-05-27 15:01 - 2013-03-31 18:14 - 00000000 ____D C:\Users\xcomu_000\Downloads\PDF2013-05-24 19:25 - 2013-05-24 19:25 - 00000000 ____D C:\Program Files (x86)\Mp3tag2013-05-23 15:17 - 2013-05-23 15:15 - 00000319 ____A C:\Users\xcomu_000\Documents\Top 10 Albums.txt2013-05-22 19:19 - 2013-05-22 19:19 - 00331008 ____A C:\Windows\Minidump\052213-57406-01.dmp2013-05-22 19:19 - 2013-05-22 19:18 - 05044520 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-22 11:49 - 2013-03-30 15:35 - 00000000 ____D C:\Program Files (x86)\Native Instruments2013-05-21 21:39 - 2012-07-26 04:12 - 00000000 ___RD C:\Windows\ToastData2013-05-21 21:39 - 2012-07-26 04:12 - 00000000 ____D C:\Windows\WinStore2013-05-21 21:38 - 2013-05-21 21:38 - 00344360 ____A C:\Windows\Minidump\052113-32750-01.dmp2013-05-19 12:37 - 2013-05-19 12:37 - 00000201 ____A C:\Windows\DirectX.log2013-05-19 12:37 - 2013-05-19 12:37 - 00000000 ____D C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP2013-05-19 12:37 - 2013-03-06 13:55 - 00000000 ____D C:\Users\xcomu_000\Documents\My GamesFiles to move or delete:====================C:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exeC:\Windows\SysWOW64\WinMonitor.exeC:\Windows\SysWOW64\libs.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2013-06-12 10:52==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2013 01Ran by NHx at 2013-06-16 18:10:34 Run:Running from C:\Users\xcomu_000\DownloadsBoot Mode: Normal============================================================================== Installed Programs =======================7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)99 levels to hell (Version: 2.0.0.4)Adobe AIR (Version: 3.7.0.1860)Adobe Flash Player 11 Plugin (Version: 11.7.700.224)Adobe Help Manager (Version: 4.0.244)Adobe Illustrator CS6 (Version: 16.0)Adobe Photoshop CS6 (Version: 13.0)Adobe Reader XI (11.0.03) (Version: 11.0.03)Adobe Shockwave Player 12.0 (Version: 12.0.2.122)Alchemy (Version: 1.03)AoA Audio Extractor PlatinumApple Application Support (Version: 2.3.2)Apple Mobile Device Support (Version: 6.0.1.3)Apple Software Update (Version: 2.1.3.127)Audacity 2.0.3 (Version: 2.0.3)avast! Free Antivirus (Version: 8.0.1483.0)BitTorrent (Version: 7.7.3.28706)Bome's SendSX V1.22Bonjour (Version: 3.0.0.10)Broadcom Card Reader Driver Installer (Version: 15.4.7.1)Celemony Melodyne version 2.1CopyPod (remove only)Dear EstherDecisionTools Suite 6.1 (Version: 6.1.1)Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit EditionDropbox (Version: 2.0.22)Dungeon DefendersDynamite JackEffectrix 1.4 (Version: 1.4)Electric Sheep 2.7b34c (Version: 2.7b34c)English Country TuneETDWare PS/2-X64 11.6.8.001_WHQL (Version: 11.6.8.001)EvolandFabFilter Pro-Q VST RTAS v1.0.1.6Focusrite USB Audio Driver 1.10 (Version: 1.10)FTL: Faster Than LightGlaceVerb 1.01Google Chrome (Version: 27.0.1453.110)Google Update Helper (Version: 1.3.21.145)iExplorer 3.2.2.6Intel® Management Engine Components (Version: 8.1.0.1252)Intel® Processor Graphics (Version: 9.17.10.2828)Intel® Rapid Storage Technology (Version: 11.5.0.1207)Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)Intel® Trusted Connect Service Client (Version: 1.24.388.1)Intrusion 2iTunes (Version: 10.7.0.21)iZotope Alloy 2 (Version: 2.01)Java 7 Update 13 (Version: 7.0.130)Java 7 Update 17 (64-bit) (Version: 7.0.170)Java Auto Updater (Version: 2.1.9.0)Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130)JDownloader 0.9 (Version: 0.9)Korg Legacy Collection v1.1.10Last.fm Scrobbler 2.1.35Little InfernoLive 8.2.2Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Silverlight (Version: 5.1.20125.0)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)Microsoft_VC90_CRT_x86 (Version: 1.00.0000)MIDI-OX (Version: 7.02.372)Mixed In Key 4 (Version: 4.0.1)Mozilla Maintenance Service (Version: 17.0.2)Mozilla Thunderbird 17.0.2 (x86 en-US) (Version: 17.0.2)Mp3tag v2.55a (Version: v2.55a)MyWinLocker Suite (Version: 4.0.14.24)Native Instruments Controller Editor (Version: 1.5.3.1150)Native Instruments Hardware Controller SupportNative Instruments Maschine (Version: 1.8.2.247)Native Instruments Maschine Controller Driver (Version: 3.0.1.648)Native Instruments Maschine DriverNative Instruments Massive (Version: 1.3.0.2050)Native Instruments Service Center (Version: 2.2.6.676)NightSkyNotepad++ (Version: 6.3.3)NVIDIA Control Panel 310.90 (Version: 310.90)NVIDIA Graphics Driver 310.90 (Version: 310.90)NVIDIA Install Application (Version: 2.1002.95.599)NVIDIA Optimus 1.11.3 (Version: 1.11.3)NVIDIA PhysX (Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Update 1.11.3 (Version: 1.11.3)NVIDIA Update Components (Version: 1.11.3)Office Addin (Version: 2.01.3200)Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)Pale Moon 20.1-x64 (x64 en-US) (Version: 20.1-x64)PDF Settings CS6 (Version: 11.0)Portal 2PowerISO (Version: 5.5)ProteusPSP VintageWarmer 2.0.0 (Version: 2.0.0)Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)Qualcomm Atheros WiFi Driver Installation (Version: 11.05)QuickTime (Version: 7.72.80.56)Rane SL 2 (ver. 1.0.0a6)Realtek High Definition Audio Driver (Version: 6.0.1.6657)Reason 5.0 (Version: 5.0)ReCycle 2.2.4 (Version: 2.2.4)reFX Nexus VSTi RTAS v2.2.0SanctumScratch Live 2.2.2 (22236) (Version: 2.2.2)Secure Download Manager (Version: 3.1.01)SecureW2 Enterprise Client 3.5.9Shared C Run-time for x64 (Version: 10.0.0)Shredder (Version: 2.0.8.9)Solar 2SoundToys Native Effects V4SP-404SX Wave Converter (Version: 1.00.0014)Start8 (Version: 1.11)Steam (Version: 1.0.0.0)Steinberg Hypersonic 2Super HexagonSuper House of Dead NinjasswMSM (Version: 12.0.0.1)Team Fortress 2Update for Microsoft Access 2013 (KB2760350) 64-Bit EditionUpdate for Microsoft Excel 2013 (KB2760339) 64-Bit EditionUpdate for Microsoft Lync 2013 (KB2768004) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726961) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752025) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752094) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2752101) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760538) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2767860) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810010) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810014) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810017) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2810018) 64-Bit EditionUpdate for Microsoft Office 2013 (KB2817320) 64-Bit EditionUpdate for Microsoft OneNote 2013 (KB2760334) 64-Bit EditionUpdate for Microsoft Outlook 2013 (KB2810015) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2726947) 64-Bit EditionUpdate for Microsoft PowerPoint 2013 (KB2727013) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2767865) 64-Bit EditionUpdate for Microsoft SkyDrive Pro (KB2810019) 64-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 64-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768007) 64-Bit EditionUpdate for Microsoft Word 2013 (KB2768337) 64-Bit EditionVisual Studio 2005 Tools for Office Second Edition RuntimeVisual Studio Tools for the Office system 3.0 RuntimeVisual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)VLC media player 2.0.5 (Version: 2.0.5)Worms Revolution==================== Restore Points =========================30-05-2013 14:30:17 Installed MIDI-OX07-06-2013 19:37:35 Scheduled Checkpoint13-06-2013 02:40:10 Windows Update16-06-2013 17:05:21 Windows Update==================== Scheduled Tasks (whitelisted) =============Task: {03B38401-82AF-4800-8AC6-CFE8E3BBF14A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 CriticalTask: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandlerTask: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEventsTask: {2042FE20-28FB-423F-B1E3-A54A3C5E2788} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)Task: {210C1F6E-AD20-4E8C-8F51-12FD0847FF54} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenanceTask: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group PolicyTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata RefreshTask: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-TasksTask: {2E1AEEDA-C14E-4251-9498-4FCE04A9367D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-03-06] (AVAST Software)Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge UpdateTask: {3219A621-107B-4B52-97D1-2FB6A9F2B47D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance ConfiguratorTask: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTaskTask: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystemTask: {3E83A0CE-10E8-488B-9BBD-3774B1E43326} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-MaintenanceTask: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorageTask: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-25] (Microsoft Corporation)Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogonTask: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual MaintenanceTask: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot RequiredTask: {5EC10AAD-B9BC-44FE-8CB1-F53DB2413796} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstallTask: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-UpdateTask: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular MaintenanceTask: {81DCBCB9-D481-44AD-9A14-7449EEE36ACC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstallTask: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle MaintenanceTask: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)Task: {889A02E4-9406-4332-950C-98E052F215FD} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-09-20] ()Task: {8D6A32E3-7D0A-46C7-B238-AE7EE31A5B10} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2842586972-3675289626-172333529-1002Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync LicensesTask: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTimeTask: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnosticTask: {9E7A5660-1030-4D69-8CCF-33DBCD2055E3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTaskTask: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-25] (Microsoft Corporation)Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTaskTask: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTaskTask: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScanTask: {AFF07694-9467-4E5D-9B32-A89B4AC37326} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2842586972-3675289626-172333529-500Task: {B1455F41-68E4-4AB2-AB52-222DC6D5993F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnectTask: {BA95E72F-5B5D-433B-AACF-309F2103C632} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-27] (Google Inc.)Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecificTask: {BD4E8E43-4441-4A4B-8137-BE0060B0F289} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2013-01-27] ()Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity ScanTask: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data senderTask: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetworkTask: {D8322601-BF30-4367-B800-CD6F9167A35B} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2012-06-02] ()Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 CriticalTask: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash RecoveryTask: {E365560D-CAF8-4545-B0D1-E1D4C21A5D3E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskTask: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQMTask: {F73AEC39-C094-46BD-8165-052AD508992D} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2012-11-02] (SecureW2 B.V.)==================== Faulty Device Manager Devices =============Name: Bluetooth USB ModuleDescription: Bluetooth USB ModuleClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: Qualcomm Atheros CommunicationsService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: MATSHITA DVD-RAM UJ8C2QDescription: CD-ROM DriveClass Guid: {4d36e965-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard CD-ROM drives)Service: cdromProblem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.==================== Event log errors: =========================Application errors:==================Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 17609Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 17609Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:32:00 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 16406Error: (06/16/2013 02:32:00 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 16406Error: (06/16/2013 02:32:00 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:31:59 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15265Error: (06/16/2013 02:31:59 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15265Error: (06/16/2013 02:31:59 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:31:58 PM) (Source: Bonjour Service) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 14156System errors:=============Error: (06/16/2013 03:13:25 PM) (Source: Service Control Manager) (User: )Description: The Toolbar Updater service terminated unexpectedly. It has done this 1 time(s).Error: (06/15/2013 11:48:07 PM) (Source: BugCheck) (User: )Description: 0x0000007a (0x0000000000000004, 0x0000000000000000, 0xfffffa800553b010, 0xfffff88018c37000)C:\Windows\MEMORY.DMP061513-33828-01Error: (06/15/2013 11:48:05 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 11:39:12 PM on ?6/?15/?2013 was unexpected.Error: (06/15/2013 11:47:44 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)Description: 0xc000014d0Error: (06/15/2013 09:27:22 PM) (Source: Service Control Manager) (User: )Description: The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.Error: (06/15/2013 09:16:44 PM) (Source: Service Control Manager) (User: )Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.Error: (06/15/2013 08:08:06 PM) (Source: Service Control Manager) (User: )Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056Error: (06/15/2013 08:07:29 PM) (Source: Service Control Manager) (User: )Description: The Windows Update service terminated unexpectedly. It has done this 2 time(s).Error: (06/15/2013 08:07:29 PM) (Source: Service Control Manager) (User: )Description: The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error: (06/15/2013 08:07:29 PM) (Source: Service Control Manager) (User: )Description: The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Microsoft Office Sessions:=========================Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 17609Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 17609Error: (06/16/2013 02:32:02 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:32:00 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 16406Error: (06/16/2013 02:32:00 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 16406Error: (06/16/2013 02:32:00 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:31:59 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15265Error: (06/16/2013 02:31:59 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledEvent 15265Error: (06/16/2013 02:31:59 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: Continuously busy for more than a secondError: (06/16/2013 02:31:58 PM) (Source: Bonjour Service)(User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 14156==================== Memory info =========================== Percentage of memory in use: 53%Total physical RAM: 3911.27 MBAvailable physical RAM: 1829.95 MBTotal Pagefile: 7879.27 MBAvailable Pagefile: 5103.9 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.77 MB==================== Drives ================================Drive c: (Acer) (Fixed) (Total:449.19 GB) (Free:173.83 GB) NTFS (Disk=0 Partition=4)==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 466 GB) (Disk ID: B3A87CAD)Partition: GPT Partition Type==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted June 16, 2013 ID:692065 Share Posted June 16, 2013 Download the attached fixlist.txt to the same folder as FRST.Run FRST and click Fix only once and waitThe tool will create a log (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
NHX Posted June 17, 2013 Author ID:692078 Share Posted June 17, 2013 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2013 01Ran by NHx at 2013-06-16 20:35:17 Run:1Running from C:\Users\xcomu_000\DownloadsBoot Mode: Normal==============================================C:\Users\xcomu_000\AppData\Local\Temp\ToolbarUpdater.exe => Moved successfully.C:\Windows\SysWOW64\WinMonitor.exe => Moved successfully.C:\Windows\SysWOW64\libs.exe => Moved successfully.The system needs a manual reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted June 17, 2013 ID:692084 Share Posted June 17, 2013 How is it??? MrC Link to post Share on other sites More sharing options...
NHX Posted June 17, 2013 Author ID:692092 Share Posted June 17, 2013 Have not gotten the avast message since. Thank you! Link to post Share on other sites More sharing options...
MrCharlie Posted June 17, 2013 ID:692218 Share Posted June 17, 2013 Good......Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 17, 2013 ID:692429 Share Posted June 17, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts