Jump to content

I think I might have a R.A.T

itzfanboi
 Share

Recommended Posts

itzfanboi

itzfanboi

Posted
Posted

Well about a month ago I was on teamviewer with someone, and they opened a program they sent me on my computer before I was able to stop them. I'm not sure if it was anything malicious or not, but I'd like to be safe. Here are my logs.

 

DDS

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Devon at 18:39:09 on 2013-07-11
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8082.6104 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\jmesoft\Service.exe
C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\dashost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\WinStore\WSHost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\iCap\iCap.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Windows\jmesoft\JME_LOAD.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} - 
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spotify] "C:\Users\Devon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Devon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [jmekey] C:\windows\jmesoft\hotkey.exe
mRun: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
mRun: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
mRun: [updateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [ModeSwitch] "C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe" /AutoRun
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
StartupFolder: C:\Users\Devon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\iCap.lnk - C:\Program Files (x86)\iCap\iCap.exe
StartupFolder: C:\Users\Devon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703} : NameServer = 75.75.75.75,75.75.76.76
TCP: Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703}\449616E66214C6D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703}\E4544574541425 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\Drivers\aswRvrt.sys [2013-4-1 65336]
R0 aswVmm;aswVmm;C:\windows\System32\Drivers\aswVmm.sys [2013-4-1 189936]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-1-5 1030952]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswSP.sys [2013-1-5 378944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\Drivers\dtsoftbus01.sys [2013-4-4 283200]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-1-5 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-1-5 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-1 46808]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-3-6 2457232]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-22 165760]
R2 JME Keyboard;JME Keyboard Driver;C:\Windows\jmesoft\Service.exe [2012-9-22 32768]
R2 LenovoCOMSvc;LenovoCOMService;C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [2012-9-22 37888]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-11 701512]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-18 70152]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-6-23 4150112]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-22 364416]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\windows\System32\Drivers\hitmanpro37.sys [2013-7-11 32000]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-7-12 342528]
R3 LitModeCtrl;LitModeCtrl;C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [2012-9-22 141824]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-7-11 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2012-9-22 252048]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-9-22 683664]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498768]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-1-4 21712]
S3 hcwhdpvr;Hauppauge HD PVR Capture Service;C:\windows\System32\Drivers\hcwhdpvr.sys [2012-12-27 192072]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\Drivers\rtwlane.sys [2012-6-29 1498768]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TSVAD_PCM;Wirecast Virtual Microphone Driver;C:\windows\System32\Drivers\tsvadpcm.sys [2012-8-22 33552]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\windows\System32\Drivers\vasdDev.sys [2013-2-6 1454896]
S3 WsAudioDevice_383;WsAudioDevice_383;C:\windows\System32\Drivers\VirtualAudio.sys [2013-7-1 31080]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2012-9-22 102376]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [userChoice]
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice]
.
=============== Created Last 30 ================
.
2013-07-11 22:33:11 32000 ----a-w- C:\windows\System32\drivers\hitmanpro37.sys
2013-07-11 21:49:43 -------- d-----w- C:\Program Files\HitmanPro
2013-07-11 21:48:49 -------- d-----w- C:\ProgramData\HitmanPro
2013-07-11 21:46:28 -------- d-----w- C:\Program Files (x86)\SweetIM
2013-07-11 21:46:04 -------- d-----w- C:\windows\SysWow64\WNLT
2013-07-11 20:56:17 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-11 20:56:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-02 19:33:07 -------- d-----w- C:\Users\Devon\AppData\Roaming\.minecraft
2013-07-01 19:35:22 -------- d-----w- C:\Program Files (x86)\mum
2013-07-01 17:43:46 -------- d-----w- C:\Users\Devon\AppData\Roaming\Mumble
2013-07-01 14:56:00 -------- d-----w- C:\Users\Devon\AppData\Local\Wondershare
2013-07-01 14:55:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2013-07-01 14:55:50 31080 ----a-w- C:\windows\System32\drivers\VirtualAudio.sys
2013-07-01 14:55:49 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-07-01 01:52:08 -------- d-----w- C:\Program Files (x86)\Gyazo
2013-06-24 17:17:38 144384 ----a-w- C:\windows\System32\tssdisai.dll
2013-06-22 18:20:44 -------- d-----w- C:\Users\Devon\AppData\Local\ConsoleApplication2
2013-06-21 03:49:55 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 19:47:46 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 19:47:44 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 09:16:35 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-06-15 09:16:34 888320 ----a-w- C:\windows\System32\autochk.exe
2013-06-15 09:16:34 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-06-15 09:16:33 793088 ----a-w- C:\windows\SysWow64\autochk.exe
2013-06-15 09:16:33 542208 ----a-w- C:\windows\System32\untfs.dll
2013-06-15 09:16:33 482816 ----a-w- C:\windows\SysWow64\untfs.dll
2013-06-15 00:12:48 -------- d-----w- C:\Users\Devon\AppData\Local\McMyAdmin
2013-06-14 19:38:59 411136 ----a-w- C:\windows\SysWow64\mfmp4srcsnk.dll
2013-06-14 19:38:59 173568 ----a-w- C:\windows\System32\storewuauth.dll
2013-06-14 19:38:59 141824 ----a-w- C:\windows\System32\wuwebv.dll
2013-06-14 19:38:58 98304 ----a-w- C:\windows\System32\wudriver.dll
2013-06-14 19:38:58 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-06-14 19:38:58 309760 ----a-w- C:\windows\SysWow64\BCP47Langs.dll
2013-06-14 19:38:58 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-06-14 19:38:57 39424 ----a-w- C:\windows\System32\wuapp.exe
2013-06-14 19:38:56 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-06-14 19:38:56 17408 ----a-w- C:\windows\System32\muifontsetup.dll
2013-06-14 19:38:55 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
2013-06-14 19:38:55 14336 ----a-w- C:\windows\SysWow64\muifontsetup.dll
2013-06-13 14:09:22 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-13 14:09:22 -------- d-----w- C:\Program Files\iTunes
2013-06-13 14:09:22 -------- d-----w- C:\Program Files\iPod
2013-06-13 14:09:22 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-13 14:06:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-13 14:06:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-13 14:06:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-13 14:06:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-13 14:06:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-13 14:05:04 -------- d-----w- C:\Program Files\Bonjour
2013-06-13 14:05:04 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-06-12 23:56:46 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CC88A3E-0E11-41D5-8607-DC4ADE054B1D}\mpengine.dll
2013-06-12 19:13:46 2233600 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-12 18:53:54 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-06-12 18:53:54 1569792 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-06-12 18:53:53 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-06-12 18:53:53 141312 ----a-w- C:\windows\System32\cryptnet.dll
2013-06-12 18:53:53 1255936 ----a-w- C:\windows\System32\certutil.exe
2013-06-12 18:53:53 1013248 ----a-w- C:\windows\SysWow64\certutil.exe
2013-06-12 18:53:52 109056 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-06-12 17:19:22 733184 ----a-w- C:\windows\System32\win32spl.dll
2013-06-12 15:27:20 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-06-12 15:27:20 25088 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-06-12 13:44:54 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-06-12 13:44:54 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-06-12 13:44:54 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 13:44:52 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-06-12 13:44:52 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-06-12 13:44:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-12 13:44:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-12 08:49:15 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-06-27 21:22:05 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-06-27 21:22:05 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-24 17:19:26 56072 ----a-w- C:\windows\System32\certsentry.dll
2013-06-21 03:49:46 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-21 03:49:46 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll
2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll
2013-05-31 21:10:06 281768 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys
2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr
2013-05-04 07:58:17 120736 ----a-w- C:\windows\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-05-04 06:59:51 1483776 ----a-w- C:\windows\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\windows\System32\Magnify.exe
2013-05-04 06:59:25 251904 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\windows\System32\wucltux.dll
2013-05-04 06:59:21 2842112 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-05-04 06:59:08 13644288 ----a-w- C:\windows\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\windows\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\windows\System32\twinui.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\windows\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\windows\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\windows\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\windows\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\windows\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\windows\System32\netplwiz.dll
2013-05-04 06:57:46 560640 ----a-w- C:\windows\System32\mfmp4srcsnk.dll
2013-05-04 06:57:31 820736 ----a-w- C:\windows\System32\gpprefcl.dll
2013-05-04 06:57:15 501760 ----a-w- C:\windows\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\windows\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\windows\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\windows\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\windows\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\windows\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\windows\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\windows\System32\intl.cpl
2013-05-04 04:58:14 758784 ----a-w- C:\windows\SysWow64\Magnify.exe
2013-05-04 04:57:58 2620928 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-05-04 04:57:49 10788864 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\windows\SysWow64\stobject.dll
2013-05-04 04:57:04 151040 ----a-w- C:\windows\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\windows\SysWow64\netprofm.dll
2013-05-04 04:56:35 582144 ----a-w- C:\windows\SysWow64\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- C:\windows\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\windows\SysWow64\biwinrt.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-04 04:55:58 389632 ----a-w- C:\windows\SysWow64\intl.cpl
2013-05-04 04:51:38 14848 ----a-w- C:\windows\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\windows\System32\drivers\hidusb.sys
2013-05-04 04:47:02 427520 ----a-w- C:\windows\System32\drivers\rdbss.sys
2013-05-04 04:10:47 14848 ----a-w- C:\windows\SysWow64\rars.rs
2013-05-02 15:29:56 278800 ------w- C:\windows\System32\MpSigStub.exe
2013-05-01 07:59:12 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2013-04-23 02:30:19 77824 ----a-w- C:\windows\xuninst.exe
2013-04-16 02:34:44 1455368 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-04-13 05:56:35 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
.
============= FINISH: 18:39:59.63 ===============
 

 

 

Attach

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro with Media Center
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2012 7:10:18 AM
System Uptime: 7/11/2013 6:32:22 PM (0 hours ago)
.
Motherboard: LENOVO |  | MAHOBAY
Processor: Intel® Core i5-3330 CPU @ 3.00GHz | SOCKET 0 | 3001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 905 GiB total, 787.006 GiB free.
D: is CDROM ()
E: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 6/28/2013 12:28:53 PM - Removed .NET Reflector Desktop
RP53: 7/1/2013 1:41:52 PM - Installed Mumble 1.2.4
RP54: 7/8/2013 6:58:03 PM - Windows Update
RP55: 7/10/2013 7:09:44 PM - Removed Telerik RadControls for Windows 8 XAML Q1 2013 SP1
.
==== Installed Programs ======================
.
 Tools for .Net 3.5
Adobe AIR
Adobe Download Assistant
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Extreme
avast! Free Antivirus
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Bonjour
D3DX10
DAEMON Tools Lite
Dotfuscator and Analytics Community Edition
Driver & Application Installation
Entity Framework Designer for Visual Studio 2012 - enu
FileZilla Client 3.7.1
Fraps (remove only)
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Gyazo 1.0.1
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Update
HxD Hex Editor version 1.7.7.0
iCloud
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel AppUp(SM) center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Internet Explorer Toolbar 4.9 by SweetPacks
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 25
Java Auto Updater
Lenovo Blacksilk USB Keyboard Driver
Lenovo Photos
Lenovo Power2Go
Lenovo PowerDVD10
Lenovo Rescue System
Little Inferno
LocalESPC
LocalESPCui for en-us
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft Managed DirectX (1126)
Microsoft NuGet - Visual Studio 2012
Microsoft NuGet - Visual Studio 2012 Express for Windows 8
Microsoft Office
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects  (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows 8
Microsoft Visual Studio Express 2012 for Windows 8 - ENU
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Microsoft WSE 3.0 Runtime
Movie Maker
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Mumble 1.2.4
Notepad++
OpenOffice.org 3.4.1
Photo Common
Photo Gallery
Power Control Switch
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT 
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
Shared C Run-time for x64
Skype™ 6.6
Speccy
Spotify
Steam
SugarSync Manager
System Requirements Lab CYRI
TeamViewer 8
Update for  (KB2504637)
Update for Microsoft Visual Studio 2012 (KB2781514)
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.20 (32-bit)
XSplit
.
==== Event Viewer Messages From Past Week ========
.
7/11/2013 6:39:11 PM, Error: Service Control Manager [7016]  - The LitModeCtrl service has reported an invalid current state 32.
7/11/2013 6:33:29 PM, Error: Service Control Manager [7024]  - The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:  The operation completed successfully.
7/11/2013 6:33:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
7/11/2013 6:32:29 PM, Error: Application Popup [875]  - 
7/11/2013 6:32:26 PM, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
7/11/2013 6:31:15 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for DeleteFlag with the following error:  Access is denied.
7/11/2013 6:12:52 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Start with the following error:  Access is denied.
7/10/2013 4:19:26 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/10/2013 4:19:26 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

  •   Please close all open programs and internet browsers.
  •   Double click on Adwcleaner.exe to run the tool.
  •   Click on Delete.
  •   Confirm each time with OK.
  •   Your computer will be rebooted automatically. A text file will open after the restart.
  •   Please post the content of that logfile in your reply.
  •   You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

 

Next,

 

download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs,

 

Kevin

Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

ADW

 

 

# AdwCleaner v2.305 - Logfile created 07/11/2013 at 18:58:10

# Updated 11/07/2013 by Xplode
# Operating system : Windows 8 Pro with Media Center  (64 bits)
# User : Devon - DEVON-PC
# Boot Mode : Normal
# Running from : C:\Users\Devon\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Devon\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\Users\Devon\AppData\Local\Wondershare
Folder Deleted : C:\Users\Devon\AppData\LocalLow\SweetIM
Folder Deleted : C:\windows\SysWOW64\WNLT
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v28.0.1500.71
 
File : C:\Users\Devon\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[s1].txt - [5691 octets] - [11/07/2013 18:58:10]
 
########## EOF - C:\AdwCleaner[s1].txt - [5751 octets] ##########
 

 

 

FRST

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-07-2013

Ran by Devon (administrator) on 11-07-2013 19:02:53
Running from C:\Users\Devon\Desktop
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(iCap) C:\Program Files (x86)\iCap\iCap.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [igfxTray] - C:\windows\system32\igfxtray.exe [171040 2012-10-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [399392 2012-10-10] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\windows\system32\igfxpers.exe [441888 2012-10-10] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12497552 2012-05-27] (Realtek Semiconductor)
HKCU\...\Run: [steam] - "C:\Program Files (x86)\Steam\Steam.exe" -silent [1672616 2013-07-09] (Valve Corporation)
HKCU\...\Run: [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] - "C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-01-10] (Google Inc.)
HKCU\...\Run: [spotify] - "C:\Users\Devon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-07-01] (Spotify Ltd)
HKCU\...\Run: [spotify Web Helper] - "C:\Users\Devon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-01] (Spotify Ltd)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
HKLM-x32\...\Run: [jmekey] - C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [CLMLServer] - "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [updateP2GoShortCut] - "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ModeSwitch] - "C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe" /AutoRun [751104 2012-03-31] (Lenovo)
HKLM-x32\...\Run: [intel AppUp(SM) center] - "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKCU - {5B6154AF-DF31-4A5B-98C3-08193D0E4FA5} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703}: [NameServer]75.75.75.75,75.75.76.76
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Devon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Devon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Devon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2457232 2012-07-24] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37888 2011-11-04] (Lenovo)
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-04-06] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S1 archlp; C:\Windows\SysWow64\drivers\archlp.sys [161792 2009-02-06] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-04] (DT Soft Ltd)
S3 hcwhdpvr; C:\Windows\system32\DRIVERS\hcwhdpvr.sys [192072 2012-03-26] (Hauppauge, Inc.)
S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32000 2013-07-11] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498768 2012-07-25] (Realtek Semiconductor Corporation                           )
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 TSVAD_PCM; C:\Windows\system32\drivers\tsvadpcm.sys [33552 2012-08-22] (Windows ® Win 7 DDK provider)
S3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2013-05-30] (Wondershare)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-11 19:02 - 2013-07-11 19:02 - 00000000 ____D C:\FRST
2013-07-11 18:58 - 2013-07-11 18:58 - 00005808 ____A C:\AdwCleaner[s1].txt
2013-07-11 18:33 - 2013-07-11 18:33 - 04929080 ____A C:\windows\system32\FNTCACHE.DAT
2013-07-11 18:33 - 2013-07-11 18:33 - 00032000 ____A C:\windows\system32\Drivers\hitmanpro37.sys
2013-07-11 18:26 - 2013-07-11 18:26 - 00000000 ____D C:\Users\ADMINI~1
2013-07-11 18:11 - 2013-07-11 18:11 - 00002560 ____A C:\windows\system32\.crusader
2013-07-11 17:49 - 2013-07-11 17:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-11 16:56 - 2013-07-11 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 16:56 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-10 22:38 - 2013-07-10 22:38 - 00003348 ____A C:\windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2013-07-10 17:28 - 2013-06-01 05:25 - 00496640 ____A (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-10 17:28 - 2013-06-01 05:21 - 00595968 ____A (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-10 17:28 - 2013-05-30 19:14 - 04036096 ____A (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-10 17:28 - 2013-04-11 18:30 - 01421312 ____A (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-10 17:28 - 2013-04-11 18:22 - 01838080 ____A (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 14329856 ____A (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 02877440 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 01767936 ____A (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 01141248 ____A (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 00690688 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-10 17:27 - 2013-06-11 19:43 - 00493056 ____A (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-10 17:27 - 2013-06-11 19:42 - 13760512 ____A (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-10 17:27 - 2013-06-11 19:42 - 02046976 ____A (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-10 17:27 - 2013-06-11 19:26 - 02241024 ____A (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-10 17:27 - 2013-06-11 19:26 - 01365504 ____A (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-10 17:27 - 2013-06-11 19:26 - 00051712 ____A (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-10 17:27 - 2013-06-11 19:25 - 19238912 ____A (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-10 17:27 - 2013-06-11 19:25 - 15404032 ____A (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-10 17:27 - 2013-06-11 19:25 - 03958784 ____A (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-10 17:27 - 2013-06-11 19:25 - 02648576 ____A (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-10 17:27 - 2013-06-11 19:25 - 00855552 ____A (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-10 17:27 - 2013-06-11 19:25 - 00603136 ____A (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-10 17:27 - 2013-05-04 02:59 - 02842112 ____A (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-10 17:27 - 2013-05-04 00:57 - 02620928 ____A (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-01 15:35 - 2013-07-01 15:35 - 00000000 ____D C:\Program Files (x86)\mum
2013-07-01 10:55 - 2013-05-30 13:56 - 00031080 ____A (Wondershare) C:\windows\system32\Drivers\VirtualAudio.sys
2013-06-30 21:52 - 2013-06-30 21:52 - 00000000 ____D C:\Program Files (x86)\Gyazo
2013-06-27 17:22 - 2013-06-27 17:22 - 00000175 ____A C:\windows\system32\Drivers\aswVmm.sys.sum
2013-06-26 13:49 - 2013-06-27 17:22 - 00000175 ____A C:\windows\system32\Drivers\aswSP.sys.sum
2013-06-26 13:49 - 2013-06-27 17:22 - 00000175 ____A C:\windows\system32\Drivers\aswSnx.sys.sum
2013-06-25 08:58 - 2013-06-25 08:58 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-06-24 13:17 - 2013-05-15 18:35 - 00144384 ____A (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2013-06-20 23:50 - 2013-06-20 23:49 - 00263592 ____A (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00175016 ____A (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00175016 ____A (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00096168 ____A (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-18 15:47 - 2013-06-27 18:04 - 00693112 ____A (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-18 15:47 - 2013-06-27 18:04 - 00078200 ____A (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-15 05:16 - 2013-05-30 19:24 - 01257472 ____A (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-06-15 05:16 - 2013-05-30 19:08 - 00974848 ____A (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2013-06-15 05:16 - 2013-05-23 19:01 - 01300992 ____A (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-06-15 05:16 - 2013-05-23 18:27 - 01022464 ____A (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-06-15 05:16 - 2013-05-14 22:25 - 00888320 ____A (Microsoft Corporation) C:\windows\system32\autochk.exe
2013-06-15 05:16 - 2013-05-14 22:25 - 00542208 ____A (Microsoft Corporation) C:\windows\system32\untfs.dll
2013-06-15 05:16 - 2013-05-14 22:24 - 00793088 ____A (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2013-06-15 05:16 - 2013-05-14 22:24 - 00482816 ____A (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2013-06-14 15:39 - 2013-05-04 03:58 - 00120736 ____A (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2013-06-14 15:39 - 2013-05-04 03:34 - 00446720 ____A (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-06-14 15:39 - 2013-05-04 03:34 - 00284416 ____A (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-06-14 15:39 - 2013-05-04 03:34 - 00213248 ____A (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-06-14 15:39 - 2013-05-04 03:30 - 00058312 ____A (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-06-14 15:39 - 2013-05-04 02:59 - 13644288 ____A (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-06-14 15:39 - 2013-05-04 02:59 - 03241472 ____A (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-06-14 15:39 - 2013-05-04 02:59 - 01619968 ____A (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-06-14 15:39 - 2013-05-04 02:59 - 01483776 ____A (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2013-06-14 15:39 - 2013-05-04 02:59 - 00812544 ____A (Microsoft Corporation) C:\windows\system32\Magnify.exe
2013-06-14 15:39 - 2013-05-04 02:59 - 00760320 ____A (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-06-14 15:39 - 2013-05-04 02:59 - 00251904 ____A (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 10116096 ____A (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 01332736 ____A (Microsoft Corporation) C:\windows\system32\sysmain.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00470528 ____A (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00330240 ____A (Microsoft Corporation) C:\windows\system32\stobject.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00328192 ____A (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00169984 ____A (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00151552 ____A (Microsoft Corporation) C:\windows\system32\netprofm.dll
2013-06-14 15:39 - 2013-05-04 02:58 - 00093696 ____A (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 02305024 ____A (Microsoft Corporation) C:\windows\system32\authui.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 01131520 ____A (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00820736 ____A (Microsoft Corporation) C:\windows\system32\gpprefcl.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00708096 ____A (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00560640 ____A (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00501760 ____A (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00389120 ____A (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00179712 ____A (Microsoft Corporation) C:\windows\system32\bisrv.dll
2013-06-14 15:39 - 2013-05-04 02:57 - 00122368 ____A (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2013-06-14 15:39 - 2013-05-04 02:56 - 00419840 ____A (Microsoft Corporation) C:\windows\system32\intl.cpl
2013-06-14 15:39 - 2013-05-04 00:58 - 00758784 ____A (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2013-06-14 15:39 - 2013-05-04 00:58 - 00621056 ____A (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 10788864 ____A (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 08857088 ____A (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 00303616 ____A (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 00247296 ____A (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 00151040 ____A (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2013-06-14 15:39 - 2013-05-04 00:57 - 00115712 ____A (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2013-06-14 15:39 - 2013-05-04 00:56 - 02035712 ____A (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-06-14 15:39 - 2013-05-04 00:56 - 00582144 ____A (Microsoft Corporation) C:\windows\SysWOW64\gpprefcl.dll
2013-06-14 15:39 - 2013-05-04 00:56 - 00449536 ____A (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2013-06-14 15:39 - 2013-05-04 00:56 - 00092160 ____A (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2013-06-14 15:39 - 2013-05-04 00:55 - 00389632 ____A (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2013-06-14 15:39 - 2013-05-04 00:51 - 00014848 ____A (Microsoft) C:\windows\system32\rars.rs
2013-06-14 15:39 - 2013-05-04 00:48 - 00083968 ____A (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-06-14 15:39 - 2013-05-04 00:48 - 00027648 ____A (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2013-06-14 15:39 - 2013-05-04 00:47 - 00427520 ____A (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2013-06-14 15:39 - 2013-05-04 00:10 - 00014848 ____A (Microsoft) C:\windows\SysWOW64\rars.rs
2013-06-14 15:38 - 2013-05-04 02:59 - 00141824 ____A (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-06-14 15:38 - 2013-05-04 02:59 - 00098304 ____A (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-06-14 15:38 - 2013-05-04 02:59 - 00039424 ____A (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-06-14 15:38 - 2013-05-04 02:58 - 00173568 ____A (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-06-14 15:38 - 2013-05-04 02:57 - 00017408 ____A (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2013-06-14 15:38 - 2013-05-04 00:58 - 00125952 ____A (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-06-14 15:38 - 2013-05-04 00:58 - 00083968 ____A (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-06-14 15:38 - 2013-05-04 00:58 - 00034304 ____A (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-06-14 15:38 - 2013-05-04 00:57 - 00018432 ____A (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2013-06-14 15:38 - 2013-05-04 00:57 - 00014336 ____A (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2013-06-14 15:38 - 2013-05-04 00:56 - 00411136 ____A (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2013-06-14 15:38 - 2013-05-04 00:56 - 00309760 ____A (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2013-06-14 15:38 - 2013-05-02 18:04 - 00386646 ____A C:\windows\system32\ApnDatabase.xml
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files\iTunes
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files\iPod
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-13 10:05 - 2013-06-13 10:05 - 00000000 ____D C:\Program Files\Bonjour
2013-06-13 10:05 - 2013-06-13 10:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-12 15:13 - 2013-05-04 03:45 - 02233600 ____A (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-06-12 14:53 - 2013-04-23 19:13 - 01013248 ____A (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2013-06-12 14:53 - 2013-04-23 19:12 - 01569792 ____A (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-06-12 14:53 - 2013-04-23 19:12 - 00109056 ____A (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2013-06-12 14:53 - 2013-04-23 18:56 - 01255936 ____A (Microsoft Corporation) C:\windows\system32\certutil.exe
2013-06-12 14:53 - 2013-04-23 18:55 - 01889280 ____A (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-06-12 14:53 - 2013-04-23 18:55 - 00141312 ____A (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-06-12 14:53 - 2013-04-23 18:55 - 00068096 ____A (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-06-12 13:19 - 2013-04-27 01:20 - 00733184 ____A (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-06-12 11:27 - 2013-04-02 19:37 - 00025088 ____A (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-06-12 11:27 - 2013-04-02 19:12 - 00030720 ____A (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-06-12 09:44 - 2013-05-15 18:37 - 00044032 ____A (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-06-12 09:44 - 2013-05-15 18:35 - 00053760 ____A (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-06-12 09:44 - 2013-05-14 09:14 - 02706432 ____A (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-06-12 09:44 - 2013-05-14 05:23 - 02706432 ____A (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-06-12 09:44 - 2013-04-28 18:28 - 00915968 ____A (Microsoft Corporation) C:\windows\system32\uxtheme.dll
 
==================== One Month Modified Files and Folders =======
 
2013-07-11 19:02 - 2013-07-11 19:02 - 00000000 ____D C:\FRST
2013-07-11 19:00 - 2013-03-28 09:05 - 00000910 ____A C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 18:59 - 2012-07-26 03:22 - 00000006 ___AH C:\windows\Tasks\SA.DAT
2013-07-11 18:58 - 2013-07-11 18:58 - 00005808 ____A C:\AdwCleaner[s1].txt
2013-07-11 18:58 - 2012-07-26 01:26 - 00524288 __ASH C:\windows\system32\config\BBI
2013-07-11 18:56 - 2012-12-25 08:19 - 00003596 ____A C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-509363783-3859362196-2852128182-1001
2013-07-11 18:46 - 2012-09-22 23:52 - 01655400 ____A C:\windows\WindowsUpdate.log
2013-07-11 18:43 - 2013-02-05 09:23 - 00000926 ____A C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001UA.job
2013-07-11 18:39 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru
2013-07-11 18:37 - 2012-07-26 03:28 - 00898288 ____A C:\windows\system32\PerfStringBackup.INI
2013-07-11 18:33 - 2013-07-11 18:33 - 04929080 ____A C:\windows\system32\FNTCACHE.DAT
2013-07-11 18:33 - 2013-07-11 18:33 - 00032000 ____A C:\windows\system32\Drivers\hitmanpro37.sys
2013-07-11 18:27 - 2012-12-25 08:38 - 00000830 ____A C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 18:26 - 2013-07-11 18:26 - 00000000 ____D C:\Users\ADMINI~1
2013-07-11 18:20 - 2013-03-28 09:05 - 00000914 ____A C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 18:11 - 2013-07-11 18:11 - 00002560 ____A C:\windows\system32\.crusader
2013-07-11 18:11 - 2012-12-25 08:11 - 00000000 ___RD C:\Users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-11 17:49 - 2013-07-11 17:49 - 00000000 ____D C:\Program Files\HitmanPro
2013-07-11 17:30 - 2012-12-26 16:17 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-11 16:56 - 2013-07-11 16:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 15:43 - 2013-02-05 09:23 - 00000874 ____A C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001Core.job
2013-07-10 22:44 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\NDF
2013-07-10 22:40 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:40 - 2013-03-14 03:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:40 - 2012-08-01 11:51 - 00028844 ____A C:\windows\PFRO.log
2013-07-10 22:39 - 2013-02-09 12:16 - 00000000 ____D C:\windows\System32\Tasks\COMODO
2013-07-10 22:39 - 2012-07-26 03:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:38 - 2013-07-10 22:38 - 00003348 ____A C:\windows\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}
2013-07-10 19:17 - 2013-02-09 12:15 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-07-10 19:15 - 2013-03-05 14:48 - 00000000 ____D C:\windows\SysWOW64\quicktime
2013-07-10 19:14 - 2013-06-10 03:31 - 00000000 ____D C:\Program Files (x86)\Telerik
2013-07-10 17:35 - 2012-12-26 04:07 - 78185248 ____A (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-10 17:02 - 2012-12-25 08:27 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-06 07:15 - 2013-03-28 09:05 - 00003886 ____A C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-06 07:15 - 2013-03-28 09:05 - 00003650 ____A C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-05 15:38 - 2013-02-05 09:23 - 00003872 ____A C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001UA
2013-07-05 15:38 - 2013-02-05 09:23 - 00003492 ____A C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001Core
2013-07-03 04:52 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-07-01 15:35 - 2013-07-01 15:35 - 00000000 ____D C:\Program Files (x86)\mum
2013-07-01 10:55 - 2012-07-26 03:21 - 00002405 ____A C:\windows\setupact.log
2013-06-30 21:52 - 2013-06-30 21:52 - 00000000 ____D C:\Program Files (x86)\Gyazo
2013-06-27 18:04 - 2013-06-18 15:47 - 00693112 ____A (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 18:04 - 2013-06-18 15:47 - 00078200 ____A (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 17:22 - 2013-06-27 17:22 - 00000175 ____A C:\windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 17:22 - 2013-06-26 13:49 - 00000175 ____A C:\windows\system32\Drivers\aswSP.sys.sum
2013-06-27 17:22 - 2013-06-26 13:49 - 00000175 ____A C:\windows\system32\Drivers\aswSnx.sys.sum
2013-06-27 17:22 - 2013-04-01 07:32 - 00189936 ____A C:\windows\system32\Drivers\aswVmm.sys
2013-06-27 17:22 - 2013-01-05 10:24 - 01030952 ____A (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-06-27 17:22 - 2013-01-05 10:24 - 00378944 ____A (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-06-26 13:19 - 2013-01-05 10:24 - 00004182 ____A C:\windows\System32\Tasks\avast! Emergency Update
2013-06-26 06:26 - 2012-07-26 01:37 - 00000000 ____D C:\windows\servicing
2013-06-25 08:58 - 2013-06-25 08:58 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-06-24 13:19 - 2013-02-09 12:15 - 00056072 ____A (COMODO CA Limited) C:\windows\system32\certsentry.dll
2013-06-20 23:49 - 2013-06-20 23:50 - 00263592 ____A (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00175016 ____A (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00175016 ____A (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-06-20 23:49 - 2013-06-20 23:49 - 00096168 ____A (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-20 23:49 - 2012-12-25 08:45 - 00867240 ____A (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-06-20 23:49 - 2012-12-25 08:45 - 00789416 ____A (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-06-20 22:53 - 2013-02-09 12:16 - 00003028 ____A C:\windows\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2013-06-18 16:12 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache
2013-06-18 15:45 - 2012-07-26 04:12 - 00000000 ___RD C:\windows\ToastData
2013-06-18 15:45 - 2012-07-26 04:12 - 00000000 ____D C:\windows\WinStore
2013-06-18 15:45 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-06-18 15:45 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-06-18 15:45 - 2012-07-26 01:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-06-18 15:45 - 2012-07-26 01:38 - 00000000 ____D C:\windows\system32\Dism
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files\iTunes
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files\iPod
2013-06-13 10:09 - 2013-06-13 10:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-13 10:06 - 2013-02-05 02:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-06-13 10:05 - 2013-06-13 10:05 - 00000000 ____D C:\Program Files\Bonjour
2013-06-13 10:05 - 2013-06-13 10:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-06-13 10:05 - 2013-04-02 17:28 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-06-11 19:43 - 2013-07-10 17:27 - 14329856 ____A (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-06-11 19:43 - 2013-07-10 17:27 - 02877440 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-06-11 19:43 - 2013-07-10 17:27 - 01767936 ____A (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-06-11 19:43 - 2013-07-10 17:27 - 01141248 ____A (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-06-11 19:43 - 2013-07-10 17:27 - 00690688 ____A (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-06-11 19:43 - 2013-07-10 17:27 - 00493056 ____A (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-06-11 19:42 - 2013-07-10 17:27 - 13760512 ____A (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-06-11 19:42 - 2013-07-10 17:27 - 02046976 ____A (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-06-11 19:26 - 2013-07-10 17:27 - 02241024 ____A (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-06-11 19:26 - 2013-07-10 17:27 - 01365504 ____A (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-06-11 19:26 - 2013-07-10 17:27 - 00051712 ____A (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-06-11 19:25 - 2013-07-10 17:27 - 19238912 ____A (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-06-11 19:25 - 2013-07-10 17:27 - 15404032 ____A (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-06-11 19:25 - 2013-07-10 17:27 - 03958784 ____A (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-06-11 19:25 - 2013-07-10 17:27 - 02648576 ____A (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-06-11 19:25 - 2013-07-10 17:27 - 00855552 ____A (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-06-11 19:25 - 2013-07-10 17:27 - 00603136 ____A (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-06-11 14:27 - 2012-12-25 08:38 - 00003718 ____A C:\windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-11 03:38
 
==================== End Of Log ============================

 

 

 

Addition 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-07-2013

Ran by Devon at 2013-07-11 19:03:38
Running from C:\Users\Devon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 Tools for .Net 3.5 (x32 Version: 3.11.50727)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Download Assistant (x32 Version: 1.2.5)
Adobe Flash Media Live Encoder 3.2 (x32 Version: 3.2.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft TotalMedia Extreme (x32)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0)
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0)
Bonjour (Version: 3.0.0.10)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298)
Driver & Application Installation (x32 Version: 6.12.0815)
Entity Framework Designer for Visual Studio 2012 - enu (x32 Version: 11.1.20702.00)
FileZilla Client 3.7.1 (x32 Version: 3.7.1)
Fraps (remove only) (x32)
Google Chrome (x32 Version: 28.0.1500.71)
Google Drive (x32 Version: 1.10.4769.632)
Google Talk Plugin (x32 Version: 4.2.1.14031)
Google Update Helper (x32 Version: 1.3.21.149)
Gyazo 1.0.1 (x32)
HP Deskjet 1000 J110 series Basic Device Software (Version: 28.0.1313.0)
HP Deskjet 1000 J110 series Help (x32 Version: 140.0.65.65)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 28.0.1313.0)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Update (x32 Version: 5.003.003.001)
HxD Hex Editor version 1.7.7.0 (x32 Version: 1.7.7.0)
iCloud (Version: 2.1.2.8)
IIS 8.0 Express (Version: 8.0.1557)
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2867)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Internet Explorer Toolbar 4.9 by SweetPacks (x32 Version: 4.9.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Blacksilk USB Keyboard Driver (x32 Version: V1.4.11.0608)
Lenovo Photos (x32)
Lenovo Power2Go (x32 Version: 6.0.6418)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52)
Lenovo Rescue System (Version: 4.0.0.0822)
Lenovo Rescue System (x32 Version: 4.0.0.0822)
Little Inferno (x32)
LocalESPC (x32 Version: 8.59.25584)
LocalESPCui for en-us (x32 Version: 8.59.25584)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (x32 Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (x32 Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (x32 Version: 3.0.30710.0)
Microsoft ASP.NET MVC 3 (x32 Version: 3.0.20105.0)
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools (x32 Version: 4.0.20710.0)
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0)
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (x32 Version: 1.0.20710.0)
Microsoft ASP.NET Web Pages (x32 Version: 1.0.20105.0)
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools (x32 Version: 2.0.20710.0)
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20710.0)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727)
Microsoft LightSwitch for Visual Studio 2012 Core (x32 Version: 11.0.50727)
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU (x32 Version: 11.0.50727)
Microsoft Managed DirectX (1126) (x32 Version: 9.00.1126)
Microsoft NuGet - Visual Studio 2012 (x32 Version: 2.0.30625.9003)
Microsoft NuGet - Visual Studio 2012 Express for Windows 8 (x32 Version: 2.0.30625.9003)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.50709.17929)
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu (x32 Version: 11.0.50709.17929)
Microsoft Report Viewer Add-On for Visual Studio 2012 (x32 Version: 11.1.2802.16)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.60310.0)
Microsoft Silverlight 5 SDK (x32 Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Data-Tier App Framework  (x32 Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x32 Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (x32 Version: 11.0.2100.60)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (x32 Version: 11.1.20627.00)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1600.1)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1)
Microsoft System CLR Types for SQL Server 2012 (x32 Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers - ENU Resources (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Compilers (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Core Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Extended Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2012 Devenv (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Devenv Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Core x86 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 IntelliTrace Front End x86 (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools - ENU (Version: 11.0.50727)
Microsoft Visual Studio 2012 Performance Collection Tools (Version: 11.0.50727)
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727)
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1)
Microsoft Visual Studio Express 2012 for Windows 8 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Express 2012 for Windows 8 - ENU (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Express 2012 for Windows 8 (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Premium 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Professional 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU (Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727)
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 - ENU (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 (x32 Version: 11.0.50727.1)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727)
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727)
Microsoft Web Deploy 3.0 (Version: 3.1236.1631)
Microsoft Web Deploy dbSqlPackage Provider - enu (x32 Version: 10.3.20225.0)
Microsoft Web Developer Tools - Visual Studio 2012 (x32 Version: 1.0.30710.0)
Microsoft Web Platform Installer 4.0 (Version: 4.0.1622)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (Version: 1.0)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Mumble 1.2.4 (x32 Version: 1.2.4)
Notepad++ (x32 Version: 6.3.2)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Photo Gallery (x32 Version: 16.4.3505.0912)
Power Control Switch (x32 Version: 4.0.0.0704)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1)
Prerequisites for SSDT  (x32 Version: 11.0.2100.60)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6649)
Realtek USB 2.0 Card Reader (x32 Version: 6.2.8400.30137)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0187)
rosoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
Speccy (Version: 1.21)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
Steam (x32 Version: 1.0.0.0)
SugarSync Manager (x32 Version: 1.9.61.90905)
System Requirements Lab CYRI (x32 Version: 5.0.6.0)
TeamViewer 8 (x32 Version: 8.0.19045)
Update for  (KB2504637) (x32 Version: 1)
Update for Microsoft Visual Studio 2012 (KB2781514) (x32 Version: 11.0.51219)
Visual Studio 2012 Prerequisites - ENU Language Pack (Version: 11.0.50727)
Visual Studio 2012 Prerequisites (Version: 11.0.50727)
Visual Studio Extensions for Windows Library for JavaScript (x32 Version: 1.0.8514.0)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0)
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0)
WCF RIA Services V1.0 SP2 (x32 Version: 4.1.61829.0)
Windows App Certification Kit Native Components (Version: 8.59.25584)
Windows App Certification Kit x64 (x32 Version: 8.59.25584)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Runtime Intellisense Content - en-us (x32 Version: 8.59.25584)
Windows Software Development Kit (x32 Version: 8.59.25584)
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584)
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.59.25584)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
XSplit (x32 Version: 1.2.1303.0101)
 
==================== Restore Points  =========================
 
28-06-2013 16:28:53 Removed .NET Reflector Desktop
01-07-2013 17:41:52 Installed Mumble 1.2.4
08-07-2013 22:58:03 Windows Update
10-07-2013 23:09:44 Removed Telerik RadControls for Windows 8 XAML Q1 2013 SP1
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04A6B3AC-B70D-4CAE-8826-DDE196D7ED59} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {28188D3A-831C-486A-81B4-8E6FC0B84587} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {416A8E29-A537-481A-834C-A58730C16BD6} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} => C:\Users\Devon\AppData\Local\Temp\cisCAEF.exe No File
Task: {437009CD-1017-45C8-A74A-3DD9C56D3B03} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-509363783-3859362196-2852128182-1001
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-25] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {70610C0C-5C4D-4892-8F04-2EEB727F3C01} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {752277D7-1059-4067-9F69-2724F37465B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001Core => C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {7A6845BE-D19A-4294-B8B5-BB4934D8387D} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {7BB24643-4C8E-443A-8DA0-6A83E6420A79} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2012-07-26] (Microsoft Corporation)
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {86A18171-F590-4C38-927F-0F19778BB52B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9E55FBD1-A3B1-43D4-B6DE-5BA9F85F8B0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AA638665-22A1-4F2E-8193-9400214A3EB0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC61BAC6-E912-45ED-AEB3-AE4D1A97212E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B673ABBD-411C-4734-BCBA-44E4A64B95D4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C1FFD27C-2578-4CD6-B25F-506318E4397A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D15706B4-48EB-4C9D-AB05-318BFD672A30} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {D47CA177-CEFB-44E1-8719-35A21A2276E7} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe No File
Task: {DB10E3C3-F575-4FA3-91EB-5B6E6E1BC206} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28] (Google Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DDC4B6D2-9654-4A00-B132-BBC695890848} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001UA => C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-10] (Google Inc.)
Task: {DE917665-4451-46C2-A062-A6848586C53B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E0E3FFED-CE92-4F95-98B6-F5036B0AD4EA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001Core.job => C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001UA.job => C:\Users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2013 06:25:08 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Camtasia Studio 7; Error = 0x80070005).
 
Error: (07/11/2013 06:25:03 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\msiexec.exe /V; Description = Removed Camtasia Studio 7; Error = 0x80070005).
 
Error: (07/11/2013 02:43:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc000041d
Fault offset: 0x00012767
Faulting process id: 0x10e0
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (07/11/2013 02:43:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Faulting module name: LitModeSwitch.exe, version: 4.0.0.915, time stamp: 0x4f769c33
Exception code: 0xc0000005
Fault offset: 0x00012767
Faulting process id: 0x10e0
Faulting application start time: 0xLitModeSwitch.exe0
Faulting application path: LitModeSwitch.exe1
Faulting module path: LitModeSwitch.exe2
Report Id: LitModeSwitch.exe3
Faulting package full name: LitModeSwitch.exe4
Faulting package-relative application ID: LitModeSwitch.exe5
 
Error: (07/10/2013 10:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DEVON-PC)
Description: App Microsoft.BingNews_8wekyb3d8bbwe!AppexNews did not launch within its allotted time.
 
Error: (07/02/2013 10:09:53 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16433 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1690
 
Start Time: 01ce741cb77588ad
 
Termination Time: 0
 
Application Path: C:\windows\explorer.exe
 
Report Id: 963fcc95-e385-11e2-bec1-eca86b6e9a15
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/02/2013 03:22:19 AM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=28.0.1500.52;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\e6c10ccb-1afb-4992-8881-5b36cd446070.dmp
 
Error: (07/01/2013 04:26:16 PM) (Source: Application Hang) (User: )
Description: The program WinRAR.exe version 4.20.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3e8
 
Start Time: 01ce7698f3260209
 
Termination Time: 2
 
Application Path: C:\Program Files (x86)\WinRAR\WinRAR.exe
 
Report Id: 7758b959-e28c-11e2-bec1-eca86b6e9a15
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (07/01/2013 10:53:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: ReplayMusic.exe, version: 5.5.5.0, time stamp: 0x51856cd3
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x000559a0
Faulting process id: 0x190c
Faulting application start time: 0xReplayMusic.exe0
Faulting application path: ReplayMusic.exe1
Faulting module path: ReplayMusic.exe2
Report Id: ReplayMusic.exe3
Faulting package full name: ReplayMusic.exe4
Faulting package-relative application ID: ReplayMusic.exe5
 
Error: (07/01/2013 10:51:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: ReplayMusic.exe, version: 5.5.5.0, time stamp: 0x51856cd3
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc000041d
Fault offset: 0x000559a0
Faulting process id: 0x1cbc
Faulting application start time: 0xReplayMusic.exe0
Faulting application path: ReplayMusic.exe1
Faulting module path: ReplayMusic.exe2
Report Id: ReplayMusic.exe3
Faulting package full name: ReplayMusic.exe4
Faulting package-relative application ID: ReplayMusic.exe5
 
 
System errors:
=============
Error: (07/11/2013 06:59:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/11/2013 06:59:08 PM) (Source: Application Popup) (User: )
Description: archlp.sys
 
Error: (07/11/2013 06:59:06 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/11/2013 06:39:11 PM) (Source: Service Control Manager) (User: )
Description: The LitModeCtrl service has reported an invalid current state 32.
 
Error: (07/11/2013 06:33:29 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error: 
%%0
 
Error: (07/11/2013 06:33:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (07/11/2013 06:32:29 PM) (Source: Application Popup) (User: )
Description: archlp.sys
 
Error: (07/11/2013 06:32:26 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/11/2013 06:31:15 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (07/11/2013 06:26:25 PM) (Source: DCOM) (User: DEVON-PC)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
 
Microsoft Office Sessions:
=========================
Error: (07/11/2013 06:25:08 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Camtasia Studio 70x80070005
 
Error: (07/11/2013 06:25:03 PM) (Source: System Restore)(User: )
Description: C:\windows\system32\msiexec.exe /VRemoved Camtasia Studio 70x80070005
 
Error: (07/11/2013 02:43:37 AM) (Source: Application Error)(User: )
Description: LitModeSwitch.exe4.0.0.9154f769c33LitModeSwitch.exe4.0.0.9154f769c33c000041d0001276710e001ce7de062628975C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exeC:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe363b1d67-e9f5-11e2-bec2-eca86b6e9a15
 
Error: (07/11/2013 02:43:36 AM) (Source: Application Error)(User: )
Description: LitModeSwitch.exe4.0.0.9154f769c33LitModeSwitch.exe4.0.0.9154f769c33c00000050001276710e001ce7de062628975C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exeC:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe35c15256-e9f5-11e2-bec2-eca86b6e9a15
 
Error: (07/10/2013 10:37:35 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DEVON-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
 
Error: (07/02/2013 10:09:53 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16433169001ce741cb77588ad0C:\windows\explorer.exe963fcc95-e385-11e2-bec1-eca86b6e9a15
 
Error: (07/02/2013 03:22:19 AM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=28.0.1500.52;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\e6c10ccb-1afb-4992-8881-5b36cd446070.dmp
 
Error: (07/01/2013 04:26:16 PM) (Source: Application Hang)(User: )
Description: WinRAR.exe4.20.0.03e801ce7698f32602092C:\Program Files (x86)\WinRAR\WinRAR.exe7758b959-e28c-11e2-bec1-eca86b6e9a15
 
Error: (07/01/2013 10:53:03 AM) (Source: Application Error)(User: )
Description: ReplayMusic.exe5.5.5.051856cd3ntdll.dll6.2.9200.16578515fac6ec0000005000559a0190c01ce766aaa58fef3C:\Program Files (x86)\Replay Music 5\ReplayMusic.exeC:\windows\SYSTEM32\ntdll.dllee1f4e53-e25d-11e2-bec1-eca86b6e9a15
 
Error: (07/01/2013 10:51:18 AM) (Source: Application Error)(User: )
Description: ReplayMusic.exe5.5.5.051856cd3ntdll.dll6.2.9200.16578515fac6ec000041d000559a01cbc01ce766a65f33693C:\Program Files (x86)\Replay Music 5\ReplayMusic.exeC:\windows\SYSTEM32\ntdll.dllaf3fbe14-e25d-11e2-bec1-eca86b6e9a15
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-10 22:38:33.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 21:03:29.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 20:47:30.547
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 20:00:10.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 19:52:25.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 19:09:33.018
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 18:34:28.053
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 18:10:09.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 17:46:48.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-07-10 17:40:57.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 23%
Total physical RAM: 8081.61 MB
Available physical RAM: 6196.65 MB
Total Pagefile: 9297.61 MB
Available Pagefile: 7265.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:786.92 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 7A444090)
 
Partition: GPT Partition Type
==================== End Of Log ============================
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
     
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
     
  • Close any open browsers and any other programs you might have running
     
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
     
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
     
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
     
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*


    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

ComboFix

 

 

ComboFix 13-07-11.03 - Devon 07/11/2013  19:22:15.1.4 - x64

Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.8082.6535 [GMT -4:00]
Running from: c:\users\Devon\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Devon\AppData\Roaming\iCap
c:\users\Devon\AppData\Roaming\iCap\iCap.xml
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-11 to 2013-07-11  )))))))))))))))))))))))))))))))
.
.
2013-07-11 23:27 . 2013-07-11 23:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-11 23:02 . 2013-07-11 23:02 -------- d-----w- C:\FRST
2013-07-11 22:33 . 2013-07-11 22:33 32000 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-07-11 22:26 . 2013-07-11 22:26 -------- d-----w- c:\users\ADMINI~1
2013-07-11 21:49 . 2013-07-11 21:49 -------- d-----w- c:\program files\HitmanPro
2013-07-11 21:48 . 2013-07-11 22:12 -------- d-----w- c:\programdata\HitmanPro
2013-07-11 20:56 . 2013-07-11 20:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-11 20:56 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-10 21:27 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-07-02 19:33 . 2013-07-11 18:06 -------- d-----w- c:\users\Devon\AppData\Roaming\.minecraft
2013-07-01 19:35 . 2013-07-01 19:35 -------- d-----w- c:\program files (x86)\mum
2013-07-01 17:43 . 2013-07-02 21:56 -------- d-----w- c:\users\Devon\AppData\Roaming\Mumble
2013-07-01 14:55 . 2013-05-30 17:56 31080 ----a-w- c:\windows\system32\drivers\VirtualAudio.sys
2013-07-01 01:52 . 2013-07-01 01:52 -------- d-----w- c:\program files (x86)\Gyazo
2013-06-25 12:58 . 2013-06-25 12:58 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2013-06-24 17:17 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-06-23 05:15 . 2013-06-23 05:15 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-06-22 18:20 . 2013-06-22 18:20 -------- d-----w- c:\users\Devon\AppData\Local\ConsoleApplication2
2013-06-21 03:49 . 2013-06-21 03:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 19:47 . 2013-06-27 22:04 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 19:47 . 2013-06-27 22:04 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-15 09:16 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-06-15 09:16 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-06-15 09:16 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-06-15 09:16 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-06-15 09:16 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-06-15 09:16 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-06-15 09:16 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-06-15 00:12 . 2013-06-15 00:13 -------- d-----w- c:\users\Devon\AppData\Local\McMyAdmin
2013-06-14 19:38 . 2013-05-04 06:59 141824 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-14 19:38 . 2013-05-04 06:58 173568 ----a-w- c:\windows\system32\storewuauth.dll
2013-06-14 19:38 . 2013-05-04 04:56 411136 ----a-w- c:\windows\SysWow64\mfmp4srcsnk.dll
2013-06-14 19:38 . 2013-05-04 06:59 98304 ----a-w- c:\windows\system32\wudriver.dll
2013-06-14 19:38 . 2013-05-04 04:58 83968 ----a-w- c:\windows\SysWow64\wudriver.dll
2013-06-14 19:38 . 2013-05-04 04:58 125952 ----a-w- c:\windows\SysWow64\wuwebv.dll
2013-06-14 19:38 . 2013-05-04 04:56 309760 ----a-w- c:\windows\SysWow64\BCP47Langs.dll
2013-06-14 19:38 . 2013-05-04 06:59 39424 ----a-w- c:\windows\system32\wuapp.exe
2013-06-14 19:38 . 2013-05-04 06:57 17408 ----a-w- c:\windows\system32\muifontsetup.dll
2013-06-14 19:38 . 2013-05-04 04:58 34304 ----a-w- c:\windows\SysWow64\wuapp.exe
2013-06-14 19:38 . 2013-05-04 04:57 18432 ----a-w- c:\windows\SysWow64\npmproxy.dll
2013-06-14 19:38 . 2013-05-04 04:57 14336 ----a-w- c:\windows\SysWow64\muifontsetup.dll
2013-06-13 14:09 . 2013-06-13 14:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-13 14:09 . 2013-06-13 14:09 -------- d-----w- c:\program files\iTunes
2013-06-13 14:09 . 2013-06-13 14:09 -------- d-----w- c:\program files (x86)\iTunes
2013-06-13 14:09 . 2013-06-13 14:09 -------- d-----w- c:\program files\iPod
2013-06-13 14:06 . 2013-06-13 14:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-13 14:06 . 2013-06-13 14:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-13 14:06 . 2013-06-13 14:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-13 14:06 . 2013-06-13 14:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-13 14:06 . 2013-06-13 14:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-13 14:05 . 2013-06-13 14:05 -------- d-----w- c:\program files\Bonjour
2013-06-13 14:05 . 2013-06-13 14:05 -------- d-----w- c:\program files (x86)\Bonjour
2013-06-12 23:56 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CC88A3E-0E11-41D5-8607-DC4ADE054B1D}\mpengine.dll
2013-06-12 19:13 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 18:53 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 18:53 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 18:53 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 18:53 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 18:53 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 18:53 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 18:53 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 17:19 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 15:27 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 15:27 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 13:44 . 2013-04-28 22:30 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 13:44 . 2013-04-28 22:28 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-06-12 13:44 . 2013-04-28 22:28 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 13:44 . 2013-05-15 22:37 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-06-12 13:44 . 2013-05-15 22:35 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-06-12 13:44 . 2013-05-14 13:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 13:44 . 2013-05-14 09:23 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 21:35 . 2012-12-26 08:07 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 21:22 . 2013-04-01 11:32 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 21:22 . 2013-01-05 14:24 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 21:22 . 2013-01-05 14:24 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 17:19 . 2013-02-09 16:15 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-06-21 03:49 . 2012-12-25 12:45 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-21 03:49 . 2012-12-25 12:45 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-31 21:10 . 2012-12-27 12:28 281768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-20 21:35 . 2013-05-20 21:35 2562080 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-05-10 13:25 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-04-01 11:32 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-01 11:32 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-01-05 14:24 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-01-05 14:24 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-01-05 14:24 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-01-05 14:23 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-01-05 14:24 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 15:29 . 2013-06-01 11:59 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-23 02:30 . 2013-04-23 02:30 77824 ----a-w- c:\windows\xuninst.exe
2013-04-16 02:34 . 2013-05-15 23:04 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 05:56 . 2013-05-15 23:03 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-07-10 1672616]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify"="c:\users\Devon\AppData\Roaming\Spotify\Spotify.exe" [2013-07-01 4643328]
"Spotify Web Helper"="c:\users\Devon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-01 1104384]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-06-08 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-16 28672]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-07 214312]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"ModeSwitch"="c:\program files\Lenovo\Power Control Switch\LitModeSwitch.exe" [2012-03-31 751104]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Devon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
iCap.lnk - c:\program files (x86)\iCap\iCap.exe [2012-12-25 7612928]
Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CE19PPV05YD;CONNECTION=USB;MONITOR=1; [2012-7-25 51712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 archlp;archlp;SysWOW64\drivers\archlp.sys;SysWOW64\drivers\archlp.sys [x]
R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 hcwhdpvr;Hauppauge HD PVR Capture Service;c:\windows\system32\DRIVERS\hcwhdpvr.sys;c:\windows\SYSNATIVE\DRIVERS\hcwhdpvr.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TSVAD_PCM;Wirecast Virtual Microphone Driver;c:\windows\system32\drivers\tsvadpcm.sys;c:\windows\SYSNATIVE\drivers\tsvadpcm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);c:\windows\system32\drivers\vasdDev.sys;c:\windows\SYSNATIVE\drivers\vasdDev.sys [x]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\VirtualAudio.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Control Switch\LenovoCOMSvc.exe;c:\program files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Control Switch\LitModeCtrl.exe;c:\program files\Lenovo\Power Control Switch\LitModeCtrl.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-03 23:15 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-25 18:27]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 13:05]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-28 13:05]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001Core.job
- c:\users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-05 16:10]
.
2013-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-509363783-3859362196-2852128182-1001UA.job
- c:\users\Devon\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-05 16:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-28 12497552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5BB9ADE9-82F7-4171-B892-D6B8A5B64703}: NameServer = 75.75.75.75,75.75.76.76
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,37,6d,
   54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-07-11  19:29:16
ComboFix-quarantined-files.txt  2013-07-11 23:29
.
Pre-Run: 844,764,499,968 bytes free
Post-Run: 855,337,259,008 bytes free
.
- - End Of File - - 893EAA9F8EB3A9B291AEA28E950C6A4E
5FB38429D5D77768867C76DCBDB35194
 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Not seeing a great deal wrong with your system, run the following:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

copy and paste the report here

Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

ESET SCAN

 

 

C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF3JJ136\bi_downloader[1].exe Win32/Somoto.A application

C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3G55YEZ\BiTool[1].dll Win32/Somoto.B application
C:\Users\Devon\Desktop\Server backup\Modding Stuff\Programs\Games\MW2\Project XG 0.8\Project XG v0.8 Tester Version.exe a variant of MSIL/Packed.Confuser.B application
 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Download OTM from either of the following links and save to your Desktop:

 

http://oldtimer.geekstogo.com/OTM.exe.

http://www.itxassociates.com/OT-Tools/OTM.com

http://www.itxassociates.com/OT-Tools/OTM.exe 

 

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

 

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
     
    :Filesipconfig /flushdns /cC:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF3JJ136\bi_downloader[1].exeC:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3G55YEZ\BiTool[1].dllC:\Users\Devon\Desktop\Server backup\Modding Stuff\Programs\Games\MW2\Project XG 0.8\Project XG v0.8 Tester Version.exe:Commands[EmptyTemp]
     
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

 

If the machine reboots, the Results log can be found here:

 

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

 

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me know how your system is responding, also if any remaining issues or concerns..

 

Kevin.....

Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

OTM

 

 

All processes killed

========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Devon\Desktop\cmd.bat deleted successfully.
C:\Users\Devon\Desktop\cmd.txt deleted successfully.
C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF3JJ136\bi_downloader[1].exe moved successfully.
DllUnregisterServer procedure not found in C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3G55YEZ\BiTool[1].dll
C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3G55YEZ\BiTool[1].dll moved successfully.
C:\Users\Devon\Desktop\Server backup\Modding Stuff\Programs\Games\MW2\Project XG 0.8\Project XG v0.8 Tester Version.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: ADMINI~1
->Temp folder emptied: 0 bytes
 
User: ale
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Devon
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 236426957 bytes
->Java cache emptied: 71838365 bytes
->Google Chrome cache emptied: 366227774 bytes
->Flash cache emptied: 81382 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 422728 bytes
RecycleBin emptied: 350535 bytes
 
Total Files Cleaned = 644.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07122013_035729
 
Files moved on Reboot...
C:\Users\Devon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
Registry entries deleted on Reboot...
 

 

 

Checkup

 

 

Results of screen317's Security Check version 0.99.68  

   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Visual Studio Extensions for Windows Library for JavaScript 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Google Chrome 28.0.1500.52  
 Google Chrome 28.0.1500.71  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

System is running fine, but has been running fine. I just had a feeling that i might have had a R.A.T but you said it didn't look like there was, correct? If not, then I'm glad to know I wasn't infected with anything to serious and thank you very much for your help!

Link to post
Share on other sites
itzfanboi

itzfanboi

Posted
  • Author
Posted

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2013.07.11.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16635
Devon :: DEVON-PC [administrator]
 
7/12/2013 4:16:21 AM
mbam-log-2013-07-12 (04-16-21).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236233
Time elapsed: 2 minute(s), 49 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I do not see any issues with your system, continue:

 

Remove Combofix now that we're done with it


Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
CF_Uninstall-1.jpg
 
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:


    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:_OtMoveIt folder, if present
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.

 

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Delete the following from the Desktop:

 

FRST

Security Checks

 

Also navigate to and delete C:\FRST

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop can be deleted.

 

Let me know if those steps complete OK, also if any remaining issues or concerns.

 

Kevin....

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.