FBI Malware. Please help

LeeFranke · July 28, 2013

Running Malwarebytes Pro did not seem to clean it.

I can boot normally into another account on the PC and to safe mode.

TIA!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.5.1

Run by Dad at 8:06:32 on 2013-07-28

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8167.4767 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\ShrewSoft\VPN Client\dtpd.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\ShrewSoft\VPN Client\iked.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\notepad.exe

C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uProxyServer = proxy1.fnc.fujitsu.com:8080

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [MusicManager] "C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [yCpCQSpcQDy4] C:\Users\Dad\AppData\Local\n7MIr9o.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mRun: [yCpCQSpcQDy4] C:\Users\Dad\AppData\Local\n7MIr9o.exe

StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: Interfaces\{17D37927-A4C4-408A-82FB-535176ECFA06} : NameServer = 168.127.133.14,168.127.133.13

TCP: Interfaces\{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0} : DHCPNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R1 NEOFLTR_650_16339;Juniper Networks TDI Filter Driver (NEOFLTR_650_16339);C:\Windows\System32\drivers\NEOFLTR_650_16339.SYS [2012-11-13 100472]

R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2010-9-2 21504]

R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]

R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]

R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-4-28 586880]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 dtpd;ShrewSoft DNS Proxy Daemon;C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -service [?]

R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2012-12-14 5604136]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-6-28 2470736]

R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-28 133800]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]

R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-6 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-6 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 139616]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-6 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-10-1 57280]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-28 317440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-4-28 20992]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-4-24 42184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-29 59392]

S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2010-9-2 17408]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-29 1255736]

S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]

.

=============== File Associations ===============

.

FileExt: .js: UEStudio.js="C:\Program Files (x86)\IDM Computer Solutions\UEStudio\uestudio.exe" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-07-28 12:44:01 -------- d-----w- C:\FRST

2013-07-28 03:10:38 182784 ----a-w- C:\Users\Dad\AppData\Local\n7MIr9o.exe

2013-07-27 14:03:55 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F9872FA-B538-4A8E-88AB-5F116B4AB863}\mpengine.dll

2013-07-26 01:27:59 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-18 16:43:00 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A01395C-E60E-45D8-8FA3-863497AB1923}\gapaengine.dll

2013-07-16 08:00:55 -------- d-----w- C:\Windows\System32\MRT

2013-07-10 08:33:34 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-07-10 08:33:34 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll

2013-07-10 08:33:34 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-07-10 08:33:34 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll

2013-07-10 08:33:33 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 08:33:33 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll

2013-07-10 08:33:33 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 08:33:17 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-10 08:33:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-10 08:33:16 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-10 08:33:16 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-10 08:26:48 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-10 08:25:54 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 08:25:54 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-10 08:25:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-10 08:25:54 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-10 08:25:54 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 08:16:43 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-10 08:16:43 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-05 17:43:58 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client

2013-07-02 14:19:18 33856 ---ha-w- C:\Windows\System32\hamachi.sys

2013-07-02 14:19:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2013-06-30 15:51:36 -------- d-----w- C:\Users\Dad\AppData\Local\webkit

2013-06-30 13:57:18 -------- d-----w- C:\Users\Dad\AppData\Roaming\GeoSetter

2013-06-30 13:57:12 -------- d-----w- C:\Program Files (x86)\GeoSetter

.

==================== Find3M ====================

.

2013-06-19 02:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-19 02:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-27 08:58:02 1447728 ----a-w- C:\Windows\System32\dmwu.exe

2013-05-27 08:57:04 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 8:06:58.18 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 4/28/2012 4:17:21 AM

System Uptime: 7/28/2013 4:00:36 AM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 1584/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 261.628 GiB free.

D: is CDROM (CDFS)

F: is CDROM ()

G: is FIXED (NTFS) - 233 GiB total, 15.041 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: ASUS Bluetooth

Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7

Manufacturer: Atheros Communications

Name: ASUS Bluetooth

PNP Device ID: USB\VID_0B05&PID_179C\6&DF2EE03&0&7

Service: BTHUSB

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Shrew Soft Virtual Adapter

Device ID: ROOT\VNET\0000

Manufacturer: Shrew Soft

Name: Shrew Soft Virtual Adapter

PNP Device ID: ROOT\VNET\0000

Service: vnet

.

==== System Restore Points ===================

.

RP240: 7/24/2013 9:13:22 AM - Windows Update

RP241: 7/27/2013 10:59:18 PM - Removed AI Suite II

.

==== Installed Programs ======================

.

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Creative Suite 2

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Stock Photos 1.0

Asmedia ASM104x USB 3.0 Host Controller Driver

Assassin's Creed Brotherhood

Assassin's Creed II

Battlefield 3™

Battlelog Web Plugins

Bluetooth Win7 Suite (64)

BOSS

calibre

Cisco Systems VPN Client 5.0.07.0440

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Electric Sheep 2.7b34c

EPU

ESN Sonar

FileZilla Client 3.6.0.2

Fraps (remove only)

GameSpy Arcade

GeoSetter 3.4.16

GIMP 2.8.2

GoodSync

Google Chrome

Google Earth

Google Update Helper

Guild Wars 2

HandBrake 0.9.8

Intel® Management Engine Components

Intel® Network Connections 15.6.25.0

Intel® Processor Graphics

Internet Explorer Toolbar 4.8 by SweetPacks

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Juniper Networks Cache Cleaner 6.5.0

Juniper Networks Host Checker

Juniper Networks Secure Application Manager

Juniper Networks, Inc. Setup Client

Juniper Networks, Inc. Setup Client 64-bit Activex Control

Juniper Terminal Services Client

Junk Mail filter update

Just Cause 2

LEGO Lord of the Rings

LibreOffice 4.0.0.3

LogMeIn Hamachi

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.75.0.1300

Mass Effect

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Halo

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Security Client

Microsoft Security Essentials

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

MSI Afterburner 2.1.0

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Music Manager

Nexus Mod Manager

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Opera 12.16

Origin

Pando Media Booster

Photo Common

Photo Gallery

Picasa 3

PL-2303 Vista Driver Installer

PunkBuster Services

Real Deal UpGrade

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shrew Soft VPN Client

Sid Meier's Civilization 4

Sid Meier's Civilization 4 - Beyond the Sword

Steam

Suite Specific

SweetPacks Updater Service

TeamSpeak 3 Client

The Elder Scrolls V: Skyrim

The Lord of the Rings Online™ v03.08.00.8025

The Settlers: Rise of an Empire Gold Edition

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wrapper

Ubisoft Game Launcher

UEStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Updater By SweetPacks 2.0.0.586

Virtual Villagers: A New Home

VLC media player 2.0.6

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.20 beta 2 (64-bit)

Zoo Tycoon 2 - Ultimate Collection

.

==== Event Viewer Messages From Past Week ========

.

7/28/2013 6:10:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

7/28/2013 12:22:41 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/28/2013 12:22:41 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

7/27/2013 9:09:28 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer QUINLANS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0}. The master browser is stopping or an election is being forced.

7/27/2013 11:25:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:25:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

7/27/2013 11:25:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

7/27/2013 11:21:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

7/27/2013 11:09:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/27/2013 11:09:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/27/2013 11:09:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/27/2013 11:09:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/27/2013 11:09:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/27/2013 11:09:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/27/2013 11:09:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO CSC DfsC discache MpFilter NEOFLTR_650_16339 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vflt Wanarpv6 WfpLwf

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:09:25 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:09:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/27/2013 11:05:25 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

7/27/2013 11:05:25 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

7/27/2013 11:05:22 PM, Error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).

7/27/2013 10:20:28 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

7/26/2013 5:40:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000008, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072613-18579-01.

7/26/2013 12:29:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.788.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

7/22/2013 9:03:48 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.469.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x80072ee2 Error description: The operation timed out

7/22/2013 10:45:42 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer GAMINGDESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D2CAD563-649F-4A86-B406-E4B6FB9ECBB0}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

MrCharlie · July 28, 2013

Please download Farbar Recovery Scan Tool and save it to a folder. (64bit version)

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

LeeFranke · July 28, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013

Ran by Dad (administrator) on 28-07-2013 07:44:10

Running from C:\Users\Dad\Downloads

Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe

() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe

() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

() C:\Program Files\ShrewSoft\VPN Client\iked.exe

(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe

() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

(Dropbox, Inc.) C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Microsoft Corporation) C:\Windows\system32\consent.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Google Inc.) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Google Inc.) C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)

HKCU\...\Run: [Google Update] - C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-28] (Google Inc.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1672616 2013-07-09] (Valve Corporation)

HKCU\...\Run: [MusicManager] - C:\Users\Dad\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7345664 2013-06-20] (Google Inc.)

HKCU\...\Run: [yCpCQSpcQDy4] - C:\Users\Dad\AppData\Local\n7MIr9o.exe [182784 2013-07-27] (NCSOFT Company)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

MountPoints2: {714ee8be-912a-11e1-9af1-806e6f6e6963} - D:\autorun.exe

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [x]

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-06-28] (LogMeIn Inc.)

HKLM-x32\...\Run: [yCpCQSpcQDy4] - C:\Users\Dad\AppData\Local\n7MIr9o.exe [182784 2013-07-27] (NCSOFT Company)

HKU\Maggie\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe -update activex [x]

HKU\Maggie\...\Policies\system: [LogonHoursAction] 2

HKU\Maggie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Quinlan\...\Run: [Google Update] - C:\Users\Quinlan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-02] (Google Inc.)

HKU\Quinlan\...\RunOnce: [uninstall C:\Users\Quinlan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe [345088 2010-11-20] (Microsoft Corporation)

HKU\Quinlan\...\Policies\system: [LogonHoursAction] 2

HKU\Quinlan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()

Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: proxy1.fnc.fujitsu.com:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={2DF1146F-CE3D-11E2-B9B9-C86000734BC2}

SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={2DF1146F-CE3D-11E2-B9B9-C86000734BC2}

SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={2DF1146F-CE3D-11E2-B9B9-C86000734BC2}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear

BHO: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

BHO-x32: Updater By SweetPacks - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rchsslvpn.fnc.fujitsu.com/dana-cached/sc/JuniperSetupClient.cab

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{17D37927-A4C4-408A-82FB-535176ECFA06}: [NameServer]168.127.133.14,168.127.133.13

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Dad\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Dad\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Dad\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File

CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Google Update) - C:\Users\Dad\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Adblock Plus) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.2_0

CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.0_0

CHR Extension: (Evernote Web Clipper) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0

CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

CHR Extension: (Personalized Web) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcnnpdmhobdfbponjpedobekiogmbco\1.7_0

CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx

CHR StartMenuInternet: Google Chrome - "C:\Users\Dad\AppData\Local\Google\Chrome\Application\chrome.exe"

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-03] (Adobe Systems)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-01] ()

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [56592 2010-10-08] ()

R2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5604136 2012-12-14] ()

R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [957712 2010-10-08] ()

R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [697616 2010-10-08] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-29] ()

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)

S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)

S3 MSICDSetup; \??\D:\CDriver64.sys [x]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-28 07:43 - 2013-07-28 07:43 - 01780547 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe

2013-07-27 22:21 - 2013-07-27 22:21 - 00000000 ____D C:\Users\Quinlan\AppData\Roaming\Malwarebytes

2013-07-27 22:13 - 2013-07-27 22:13 - 00000000 ____D C:\Users\Maggie\AppData\Roaming\Malwarebytes

2013-07-27 22:11 - 2013-07-27 22:11 - 00322988 _____ C:\Users\Dad\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-27 22:10 - 2013-07-27 22:10 - 00182784 _____ (NCSOFT Company) C:\Users\Dad\AppData\Local\n7MIr9o.exe

2013-07-27 22:10 - 2013-07-27 22:10 - 00000000 ____D C:\Windows\Sun

2013-07-26 18:29 - 2013-07-26 18:29 - 09184079 _____ C:\Users\Dad\Downloads\Apocalypse v400-16225-4-00.zip

2013-07-26 17:40 - 2013-07-26 17:40 - 00293288 _____ C:\Windows\Minidump\072613-18579-01.dmp

2013-07-25 21:23 - 2013-07-25 21:23 - 00000000 ____D C:\Users\Dad\Downloads\Divergent 1-2 Veronica Roth EPUB including Free Four_ Tobias tells the Story

2013-07-22 08:57 - 2013-07-22 08:57 - 00000034 _____ C:\Users\Dad\Desktop\Cow Quest.txt

2013-07-22 08:37 - 2013-07-22 08:37 - 00004325 _____ C:\Users\Dad\Downloads\Test.ics

2013-07-19 21:32 - 2013-07-19 21:32 - 00266051 _____ C:\Users\Dad\Downloads\skse_1_06_16_installer.exe

2013-07-19 21:32 - 2013-07-19 21:32 - 00002301 _____ C:\Users\UpdatusUser\Desktop\Skyrim (SKSE).lnk

2013-07-19 21:32 - 2013-07-19 21:32 - 00002301 _____ C:\Users\Quinlan\Desktop\Skyrim (SKSE).lnk

2013-07-19 21:32 - 2013-07-19 21:32 - 00002301 _____ C:\Users\Maggie\Desktop\Skyrim (SKSE).lnk

2013-07-19 21:32 - 2013-07-19 21:32 - 00002301 _____ C:\Users\Dad\Desktop\Skyrim (SKSE).lnk

2013-07-17 19:15 - 2013-07-17 19:15 - 00000013 _____ C:\Users\Dad\Desktop\case number.txt

2013-07-16 03:00 - 2013-07-16 03:00 - 00000000 ____D C:\Windows\system32\MRT

2013-07-13 20:33 - 2013-07-13 20:33 - 00000000 ____D C:\Users\Dad\Downloads\Trouble With The Curve (2012) [1080p]

2013-07-13 19:58 - 2013-07-13 20:26 - 00000000 ____D C:\Users\Dad\Downloads\Trouble.with.the.Curve.2012.DVDRip.XviD-SPARKS

2013-07-13 19:56 - 2013-07-13 19:57 - 00000000 ____D C:\Users\Dad\Downloads\Trouble.with.the.Curve.2012.BRRip.XviD.AbSurdiTy

2013-07-11 17:29 - 2013-07-11 17:30 - 04302343 ____R C:\Users\Dad\Downloads\The Book Thief.epub

2013-07-11 17:27 - 2013-07-11 17:27 - 00000000 ____D C:\Users\Dad\Downloads\The Giver Quartet by Lois Lowry

2013-07-11 03:04 - 2013-06-11 18:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-11 03:04 - 2013-06-11 18:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-11 03:04 - 2013-06-11 18:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-11 03:04 - 2013-06-11 18:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-11 03:04 - 2013-06-11 18:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-11 03:04 - 2013-06-11 18:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-11 03:04 - 2013-06-11 18:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-11 03:04 - 2013-06-11 18:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-11 03:04 - 2013-06-11 17:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-11 03:04 - 2013-06-11 17:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-11 03:04 - 2013-06-06 22:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-11 03:04 - 2013-06-06 21:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-10 03:33 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-10 03:33 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-10 03:33 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-10 03:33 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-10 03:26 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-10 03:16 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-10 03:16 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-09 19:53 - 2013-07-09 19:53 - 00001075 _____ C:\Users\Dad\Desktop\CubeLauncher.exe - Shortcut.lnk

2013-07-09 19:52 - 2013-07-09 19:53 - 00000000 ____D C:\Users\Dad\Downloads\Cube World + Crack Files by Hax99

2013-07-09 19:50 - 2013-07-09 19:50 - 33172507 ____R C:\Users\Dad\Downloads\Cube World + Crack Files by Hax99.rar

2013-07-07 20:57 - 2013-07-07 21:00 - 68951526 _____ C:\Users\Dad\Downloads\Kauai.zip

2013-07-06 16:28 - 2013-07-06 17:54 - 00000000 ____D C:\Users\Dad\Downloads\DW Part 1

2013-07-06 14:06 - 2013-07-13 14:00 - 00000000 ____D C:\Users\Quinlan\AppData\Roaming\TS3Client

2013-07-05 12:47 - 2013-07-05 12:47 - 00001221 _____ C:\Users\Quinlan\Desktop\TeamSpeak 3 Client.lnk

2013-07-05 12:47 - 2013-07-05 12:47 - 00000000 ____D C:\Users\Quinlan\AppData\Local\TeamSpeak 3 Client

2013-07-05 12:43 - 2013-07-05 12:44 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

2013-07-05 12:41 - 2013-07-05 12:43 - 32698840 _____ (TeamSpeak Systems GmbH) C:\Users\Quinlan\Downloads\TeamSpeak3-Client-win32-3.0.10.1.exe

2013-07-05 12:34 - 2013-07-05 12:34 - 04778122 _____ C:\Users\Quinlan\Downloads\teamspeak3-server_win32-3.0.7.2.zip

2013-07-05 07:15 - 2013-07-05 07:15 - 00484992 _____ C:\Users\Quinlan\Desktop\Minecraft (2).exe

2013-07-05 07:06 - 2013-07-05 07:06 - 07561113 _____ C:\Users\Quinlan\Downloads\MCME-Texture-Pack-Bundle.zip

2013-07-04 18:10 - 2013-07-04 18:10 - 00293288 _____ C:\Windows\Minidump\070413-21153-01.dmp

2013-07-04 12:30 - 2013-07-04 12:33 - 00000000 ____D C:\Users\Dad\Downloads\Community Season 4 complete

2013-07-04 11:05 - 2013-07-04 12:25 - 00000000 ____D C:\Users\Dad\Downloads\Dr Who - Revenge Of the CyberMen

2013-07-04 09:16 - 2013-07-04 09:16 - 00000000 ____D C:\Users\Dad\Downloads\Clockwork Angel - Cassandra Clare.mobi, KK

2013-07-04 09:08 - 2013-07-04 09:10 - 00000000 ____D C:\Users\Dad\Downloads\Dr Who

2013-07-04 09:07 - 2013-07-04 09:37 - 00000000 ____D C:\Users\Dad\Downloads\Dr.Who Seasons 1-5 including specials V3nDetta

2013-07-04 09:07 - 2013-07-04 09:22 - 00000000 ____D C:\Users\Dad\Downloads\Season 5

2013-07-04 09:07 - 2013-07-04 09:09 - 00000000 ____D C:\Users\Dad\Downloads\Season 6

2013-07-04 09:07 - 2013-07-04 09:07 - 00000000 ____D C:\Users\Dad\Downloads\Dr.Who.and.the.Daleks.1965.1080p.BluRay.x264-SONiDO [PublicHD]

2013-07-02 14:41 - 2013-07-02 14:41 - 01624112 _____ (Bandoo Media Inc) C:\Users\Quinlan\Downloads\iLividSetup-r116-n-bc.exe

2013-07-02 09:19 - 2013-07-02 09:19 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-07-02 09:19 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys

2013-07-01 18:00 - 2013-07-01 18:29 - 00000460 _____ C:\Users\Quinlan\Documents\MInecraft horse.txt

2013-07-01 17:59 - 2013-07-01 17:59 - 00000000 ____D C:\Users\Quinlan\Documents\Notes

2013-07-01 13:41 - 2013-07-01 13:41 - 00484992 _____ C:\Users\Quinlan\Downloads\Minecraft (1).exe

2013-07-01 12:47 - 2013-07-01 12:47 - 00484992 _____ C:\Users\Quinlan\Downloads\Minecraft.exe

2013-06-30 11:12 - 2013-06-30 11:12 - 00004677 _____ C:\Users\Dad\AppData\Local\recently-used.xbel

2013-06-30 10:51 - 2013-06-30 10:51 - 00000000 ____D C:\Users\Dad\AppData\Local\webkit

2013-06-30 09:00 - 2013-06-30 08:36 - 00022365 _____ C:\Users\Dad\Documents\Footprints_001.kmz

2013-06-30 08:57 - 2013-06-30 09:21 - 00000000 ____D C:\Users\Dad\AppData\Roaming\GeoSetter

2013-06-30 08:57 - 2013-06-30 08:57 - 00001023 _____ C:\Users\Public\Desktop\GeoSetter.lnk

2013-06-30 08:57 - 2013-06-30 08:57 - 00001023 _____ C:\ProgramData\Desktop\GeoSetter.lnk

2013-06-30 08:57 - 2013-06-30 08:57 - 00000000 ____D C:\Program Files (x86)\GeoSetter

2013-06-30 08:54 - 2013-06-30 08:55 - 19679001 _____ (Friedemann Schmidt ) C:\Users\Dad\Downloads\geosetter_setup.exe

106

==================== One Month Modified Files and Folders =======

2013-07-28 07:43 - 2013-07-28 07:43 - 01780547 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe

2013-07-28 07:41 - 2012-08-02 16:50 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653936086-1730268145-2970781621-1005UA.job

2013-07-28 07:29 - 2012-04-28 04:18 - 00000000 ____D C:\Users\Dad\AppData\Local\VirtualStore

2013-07-28 07:06 - 2012-04-28 04:57 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653936086-1730268145-2970781621-1000UA.job

2013-07-28 06:46 - 2013-06-15 15:31 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-07-28 06:10 - 2013-06-15 15:31 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-07-28 06:10 - 2013-06-06 09:15 - 00000000 ____D C:\Users\Dad\AppData\Local\LogMeIn Hamachi

2013-07-28 06:10 - 2012-06-13 18:19 - 00000000 ___RD C:\Users\Dad\Dropbox

2013-07-28 06:10 - 2012-06-13 18:18 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Dropbox

2013-07-28 06:10 - 2012-05-09 17:15 - 00000000 ____D C:\Program Files (x86)\Steam

2013-07-28 06:10 - 2012-04-28 04:16 - 01753675 _____ C:\Windows\WindowsUpdate.log

2013-07-28 06:09 - 2013-06-05 19:08 - 00000000 ____D C:\Users\Quinlan\AppData\Local\LogMeIn Hamachi

2013-07-28 00:26 - 2009-07-14 00:13 - 00863966 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-28 00:25 - 2009-07-13 23:45 - 00013040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-28 00:25 - 2009-07-13 23:45 - 00013040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-28 00:20 - 2012-05-10 20:36 - 00000000 ____D C:\ProgramData\NVIDIA

2013-07-28 00:20 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-28 00:20 - 2009-07-13 23:51 - 00045342 _____ C:\Windows\setupact.log

2013-07-28 00:15 - 2012-04-28 04:41 - 00065752 _____ C:\Windows\PFRO.log

2013-07-27 22:59 - 2012-12-05 22:32 - 00000000 ____D C:\Users\Quinlan\AppData\Local\PMB Files

2013-07-27 22:21 - 2013-07-27 22:21 - 00000000 ____D C:\Users\Quinlan\AppData\Roaming\Malwarebytes

2013-07-27 22:20 - 2013-06-08 16:57 - 00000000 ____D C:\Users\Maggie\AppData\Local\LogMeIn Hamachi

2013-07-27 22:13 - 2013-07-27 22:13 - 00000000 ____D C:\Users\Maggie\AppData\Roaming\Malwarebytes

2013-07-27 22:11 - 2013-07-27 22:11 - 00322988 _____ C:\Users\Dad\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53

2013-07-27 22:10 - 2013-07-27 22:10 - 00182784 _____ (NCSOFT Company) C:\Users\Dad\AppData\Local\n7MIr9o.exe

2013-07-27 22:10 - 2013-07-27 22:10 - 00000000 ____D C:\Windows\Sun

2013-07-27 21:05 - 2012-05-06 08:20 - 00002036 ____H C:\Users\Dad\Documents\Default.rdp

2013-07-27 20:41 - 2012-08-02 16:50 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653936086-1730268145-2970781621-1005Core.job

2013-07-27 18:06 - 2012-04-28 04:57 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1653936086-1730268145-2970781621-1000Core.job

2013-07-27 12:19 - 2012-05-15 17:19 - 00000000 ____D C:\Users\Dad\AppData\Local\Skyrim

2013-07-27 12:03 - 2012-05-20 18:28 - 00000000 ____D C:\Users\Quinlan\AppData\Local\Skyrim

2013-07-27 12:01 - 2012-08-07 12:46 - 00000000 ____D C:\Users\Quinlan\AppData\Roaming\.minecraft

2013-07-26 18:29 - 2013-07-26 18:29 - 09184079 _____ C:\Users\Dad\Downloads\Apocalypse v400-16225-4-00.zip

2013-07-26 18:29 - 2012-05-27 08:38 - 00000000 ____D C:\Users\Dad\Documents\Nexus Mod Manager

2013-07-26 17:40 - 2013-07-26 17:40 - 00293288 _____ C:\Windows\Minidump\072613-18579-01.dmp

2013-07-26 17:40 - 2012-11-17 01:16 - 691065515 _____ C:\Windows\MEMORY.DMP

2013-07-26 17:40 - 2012-11-17 01:16 - 00000000 ____D C:\Windows\Minidump

2013-07-26 11:33 - 2012-06-01 20:15 - 00000000 ____D C:\Users\Dad\AppData\Roaming\uTorrent

2013-07-25 21:23 - 2013-07-25 21:23 - 00000000 ____D C:\Users\Dad\Downloads\Divergent 1-2 Veronica Roth EPUB including Free Four_ Tobias tells the Story

2013-07-22 21:48 - 2012-10-14 19:09 - 00000294 _____ C:\Users\Dad\Documents\Mac Addresses.txt