Jump to content

Do I have a virus?


Tanzoo

Recommended Posts

Recently my facebook got locked and my email was locked because somebody had my password, yet I have not typed my password in anything or bin on any suspicous sites as I am very carefull where I go. I have done several full virus scans with your program and all turned up clean, but I am still concerned. Thanks.

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

n result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013

Ran by Dave (administrator) on DAVE-PC on 10-11-2013 11:45:57

Running from C:\Users\Dave\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

() C:\OEM\USBDECTION\USBS3S4Detection.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

(Curse) C:\Users\Dave\AppData\Local\Apps\2.0\CQG93M9H.DTL\KXZMD9X3.TDN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TMExtreme.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\CaptureModule.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)

HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Run: [Driving Test Complete OLR] - C:\Program Files (x86)\Avanquest Software Publishing Ltd\OLR\Driving Test Complete\BVRPOlru.exe [54016 2011-05-09] (Avanquest Software)

MountPoints2: {12d47d4c-651e-11e2-9d0b-806e6f6e6963} - E:\Reg\Republishing.exe

HKLM-x32\...\Run: [suiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)

HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-19] (CyberLink Corp.)

HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

HKLM-x32\...\Run: [WinCast] - E:\CDSetup\setup.exe -leng

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe

HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [254336 2013-07-02] ()

Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


SearchScopes: HKCU - D517BB4DED01478A929294CAAC21351E URL = http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=GB&userid=c86ae041-f638-4fb8-870f-d8d13865e337&searchtype=ds&p={searchTerms}&fr=linkury-tb


SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Unity Player) - C:\Users\Dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (Game Face Plugin) - C:\Users\Dave\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File

CHR Extension: (WOT Safe Search) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddcihbboebboehpkkdfdkhbodacmmfkk\2_0

CHR Extension: (SiteAdvisor) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_0

CHR Extension: (AdBlock) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0

CHR Extension: (Google Wallet) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

 

==================== Services (Whitelisted) =================

 

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [121616 2013-10-02] (McAfee, Inc.)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-08] ()

R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]

S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-15] (AVG Technologies)

R3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [192072 2012-03-26] (Hauppauge, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-10 11:45 - 2013-11-10 11:45 - 01957098 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe

2013-11-10 11:45 - 2013-11-10 11:45 - 01957098 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe

2013-11-10 11:45 - 2013-11-10 11:45 - 00000000 ____D C:\FRST

2013-11-09 22:28 - 2013-11-09 22:28 - 00000000 ____D C:\Users\Dave\AppData\Local\{FD6D3AE5-7409-4D61-B3C3-D5A64332673A}

2013-11-08 23:08 - 2013-11-08 23:08 - 00000035 _____ C:\Users\Dave\Desktop\email pass.txt

2013-11-08 16:38 - 2013-11-08 16:38 - 00000000 ____D C:\Users\Dave\AppData\Local\{9CFAC1BD-E6B8-4FE7-B523-6B1AAAB0741B}

2013-11-07 18:45 - 2013-11-07 18:45 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-11-07 11:03 - 2013-11-07 11:04 - 00000000 ____D C:\Users\Dave\AppData\Local\{42628DCF-B8FB-43EF-8BF9-2DB97B50407A}

2013-11-06 14:40 - 2013-11-06 14:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{E6C3384C-5308-4F39-AE9D-7AF9D5DA4960}

2013-11-04 19:09 - 2013-11-04 19:09 - 00000000 ____D C:\Users\Dave\AppData\Local\{5AAAF505-3C38-42A6-8880-29361494809C}

2013-11-03 22:40 - 2013-11-03 22:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{79DE549F-397E-4175-805C-EF737412A20B}

2013-11-02 13:10 - 2013-11-02 13:10 - 00000000 ____D C:\Users\Dave\AppData\Local\{2289EAAA-667C-47D8-875C-DEB79616D200}

2013-10-31 11:55 - 2013-10-31 11:55 - 00000000 ____D C:\Users\Dave\AppData\Local\{AA46491B-6251-4ECD-8BAB-5CFD6FE16073}

2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\Users\Dave\AppData\Local\{795B971F-02C8-47B2-B6D0-EEF5046B9B76}

2013-10-27 13:24 - 2013-10-27 13:24 - 00000000 ____D C:\Users\Dave\AppData\Local\{0217F074-7CA0-422E-A356-09770CCED274}

2013-10-26 10:20 - 2013-10-26 10:20 - 00000000 ____D C:\Users\Dave\AppData\Local\{83CED552-7FD3-4E86-BF53-7F1AB3821C46}

2013-10-25 17:06 - 2013-10-25 17:06 - 00000000 ____D C:\Users\Dave\AppData\Local\{A84857D2-296E-412E-BC97-7326301C1E32}

2013-10-24 12:07 - 2013-10-24 12:07 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 12:06 - 2013-10-24 12:06 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-10-24 12:06 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-10-24 12:06 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-10-24 12:06 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-10-24 12:06 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-10-24 12:04 - 2013-10-24 12:04 - 00915368 _____ (Oracle Corporation) C:\Users\Dave\Downloads\chromeinstall-7u45.exe

2013-10-23 20:16 - 2013-11-04 19:10 - 00000000 ____D C:\Users\Dave\Desktop\GTA V

2013-10-23 19:42 - 2013-10-23 19:42 - 00141284 _____ C:\Users\Dave\Downloads\pricedown.zip

2013-10-23 12:01 - 2013-10-23 12:02 - 00000000 ____D C:\Users\Dave\AppData\Local\{429DE769-DF8C-4009-8451-8177B767B5A4}

2013-10-20 16:06 - 2013-11-09 00:29 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Audacity

2013-10-20 16:06 - 2013-10-20 16:06 - 00001015 _____ C:\Users\Public\Desktop\Audacity.lnk

2013-10-20 16:06 - 2013-10-20 16:06 - 00000000 ____D C:\Program Files (x86)\Audacity

2013-10-20 16:05 - 2013-10-20 16:06 - 22308174 _____ (Audacity Team                                               ) C:\Users\Dave\Downloads\audacity-win-2.0.4.exe

2013-10-20 12:05 - 2013-10-20 12:06 - 00000000 ____D C:\Users\Dave\Documents\DexterLePug

2013-10-20 12:02 - 2013-10-20 12:02 - 00000000 ____D C:\Users\Dave\AppData\Local\{8F238F96-267C-4421-930E-DE144AE65DA3}

2013-10-19 10:43 - 2013-10-19 10:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{82041868-393E-4418-80DE-7561C82341C5}

2013-10-18 12:39 - 2013-10-18 12:39 - 00000000 ____D C:\Users\Dave\AppData\Local\{BEB4E5E2-61D1-4AD6-A856-9D1CB560B5BE}

2013-10-17 10:40 - 2013-10-17 10:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{5E7BD952-6AFC-4F83-BBD7-C2EC303E9B0F}

2013-10-16 14:38 - 2013-10-16 14:38 - 00000000 ____D C:\Users\Dave\AppData\Local\{887C9125-F7E8-4318-AC5A-CBAB349707C0}

2013-10-15 17:28 - 2013-10-15 17:28 - 00000000 ____D C:\Users\Dave\AppData\Local\{B905F7D5-9E60-4C16-8F4F-C7E08E554560}

2013-10-14 19:02 - 2013-10-14 19:02 - 00000000 ____D C:\Users\Dave\AppData\Local\{FE247E05-964C-473B-AB57-EA575D9828AE}

2013-10-13 13:59 - 2013-10-13 13:59 - 00000000 ____D C:\Users\Dave\AppData\Local\{B1F77565-9600-4374-865E-48548ADE1FBD}

2013-10-12 12:06 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-10-12 12:06 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-10-12 12:06 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-10-12 12:06 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-12 12:06 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-12 12:06 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-12 12:06 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-12 12:06 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-12 12:06 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-12 12:06 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-10-12 12:06 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-10-12 12:06 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-10-12 10:44 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-12 10:44 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2013-10-12 10:44 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2013-10-12 10:44 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2013-10-12 10:44 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2013-10-12 10:44 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-12 10:44 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2013-10-12 10:44 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2013-10-12 10:44 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2013-10-12 10:44 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-12 10:44 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2013-10-12 10:44 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2013-10-12 10:43 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-10-12 10:43 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-10-12 10:43 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-10-12 10:43 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-10-12 10:43 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-10-12 10:43 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-10-12 10:43 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-10-12 10:43 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-10-12 10:43 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-10-12 10:43 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-10-12 10:43 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-10-12 10:43 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-10-12 10:43 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-10-12 10:43 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-10-12 10:43 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-10-12 10:43 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-12 10:43 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-12 10:43 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-12 10:43 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2013-10-12 10:43 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2013-10-12 10:43 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-10-12 10:43 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-10-12 10:43 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-10-12 10:43 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-10-12 10:43 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-10-12 10:43 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2013-10-12 10:43 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2013-10-12 10:43 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-12 10:42 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-10-12 10:36 - 2013-10-12 10:36 - 00000000 ____D C:\Users\Dave\AppData\Local\{2B35BFE4-8475-4CCB-A290-2DB3BFA4918B}

2013-10-11 10:53 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-10-11 10:53 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-10-11 10:53 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-10-11 10:53 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-10-11 10:53 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-11 10:37 - 2013-10-11 10:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Google

2013-10-11 10:36 - 2013-10-11 10:36 - 00110504 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\OEM

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel Corporation

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\EgisTec IPS

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe

2013-10-11 10:35 - 2013-10-11 10:36 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-11 10:35 - 2013-10-11 10:36 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-10-11 10:35 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe

2013-10-11 10:35 - 2013-10-11 10:35 - 00001417 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-11 10:35 - 2013-10-11 10:35 - 00000020 ___SH C:\Users\Guest\ntuser.ini

2013-10-11 10:35 - 2013-10-11 10:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Eastman Kodak Company

2013-10-11 10:35 - 2013-10-11 10:35 - 00000000 ____D C:\Users\Guest

2013-10-11 10:35 - 2013-07-16 11:06 - 00000000 ____D C:\Users\Guest\AppData\Roaming\CyberLink

2013-10-11 10:35 - 2013-07-16 11:06 - 00000000 ____D C:\Users\Guest\AppData\Local\PowerCinema

2013-10-11 10:35 - 2013-05-17 23:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help

2013-10-11 10:35 - 2013-03-08 16:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TuneUp Software

2013-10-11 10:35 - 2009-07-14 04:54 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-10-11 10:35 - 2009-07-14 04:49 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-10-11 10:16 - 2013-10-11 10:16 - 00000000 ____D C:\Users\Dave\AppData\Local\{FE293F43-CA96-4D68-83E5-161D55C4C6A5}

 

==================== One Month Modified Files and Folders =======

 

2013-11-10 11:45 - 2013-11-10 11:45 - 01957098 _____ (Farbar) C:\Users\Dave\Downloads\FRST64.exe

2013-11-10 11:45 - 2013-11-10 11:45 - 01957098 _____ (Farbar) C:\Users\Dave\Desktop\FRST64.exe

2013-11-10 11:45 - 2013-11-10 11:45 - 00000000 ____D C:\FRST

2013-11-10 11:44 - 2013-02-05 17:48 - 00000000 ____D C:\Users\Dave\Documents\Random

2013-11-10 11:40 - 2013-02-03 13:07 - 00000000 ____D C:\Users\Dave\AppData\Local\Deployment

2013-11-10 11:40 - 2013-01-22 22:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-10 11:40 - 2013-01-22 22:50 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-10 11:39 - 2013-01-22 23:43 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Skype

2013-11-10 11:30 - 2013-04-20 12:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-10 11:30 - 2013-01-22 22:47 - 00000384 _____ C:\Windows\Tasks\Acer Registration - Data Sending task.job

2013-11-10 11:27 - 2013-01-24 15:45 - 00000000 ____D C:\Program Files (x86)\World of Warcraft

2013-11-10 10:53 - 2013-03-24 21:50 - 00000000 ____D C:\Users\Dave\AppData\Local\Adobe

2013-11-10 10:47 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-10 10:47 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-10 10:44 - 2013-01-23 05:35 - 01971522 _____ C:\Windows\WindowsUpdate.log

2013-11-10 10:43 - 2009-07-14 05:13 - 00783876 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-10 10:40 - 2013-01-22 23:09 - 00000000 ____D C:\ProgramData\clear.fi

2013-11-10 10:39 - 2013-01-24 00:17 - 00000000 ____D C:\Users\Dave\Tracing

2013-11-10 10:39 - 2013-01-23 20:47 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-10 10:37 - 2013-05-22 14:15 - 00000000 ____D C:\ProgramData\Kodak

2013-11-10 10:37 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-10 10:37 - 2009-07-14 04:51 - 00100034 _____ C:\Windows\setupact.log

2013-11-10 00:40 - 2013-02-02 22:14 - 00791824 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-11-09 22:28 - 2013-11-09 22:28 - 00000000 ____D C:\Users\Dave\AppData\Local\{FD6D3AE5-7409-4D61-B3C3-D5A64332673A}

2013-11-09 00:29 - 2013-10-20 16:06 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Audacity

2013-11-08 23:48 - 2013-09-27 18:35 - 00000000 ____D C:\Users\Dave\Desktop\Fifa 14

2013-11-08 23:08 - 2013-11-08 23:08 - 00000035 _____ C:\Users\Dave\Desktop\email pass.txt

2013-11-08 16:38 - 2013-11-08 16:38 - 00000000 ____D C:\Users\Dave\AppData\Local\{9CFAC1BD-E6B8-4FE7-B523-6B1AAAB0741B}

2013-11-07 18:45 - 2013-11-07 18:45 - 00000000 ____D C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-11-07 12:50 - 2013-03-05 00:27 - 00000000 ____D C:\Program Files (x86)\SwiftKit

2013-11-07 11:04 - 2013-11-07 11:03 - 00000000 ____D C:\Users\Dave\AppData\Local\{42628DCF-B8FB-43EF-8BF9-2DB97B50407A}

2013-11-07 00:00 - 2013-01-31 21:04 - 00000024 _____ C:\Users\Dave\random.dat

2013-11-06 21:55 - 2013-08-19 21:00 - 00000000 ____D C:\Users\Dave\Desktop\SK Screenshots

2013-11-06 17:27 - 2013-02-22 16:02 - 00000043 _____ C:\Users\Dave\jagex_cl_oldschool_LIVE.dat

2013-11-06 14:40 - 2013-11-06 14:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{E6C3384C-5308-4F39-AE9D-7AF9D5DA4960}

2013-11-04 19:10 - 2013-10-23 20:16 - 00000000 ____D C:\Users\Dave\Desktop\GTA V

2013-11-04 19:09 - 2013-11-04 19:09 - 00000000 ____D C:\Users\Dave\AppData\Local\{5AAAF505-3C38-42A6-8880-29361494809C}

2013-11-03 22:40 - 2013-11-03 22:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{79DE549F-397E-4175-805C-EF737412A20B}

2013-11-02 13:10 - 2013-11-02 13:10 - 00000000 ____D C:\Users\Dave\AppData\Local\{2289EAAA-667C-47D8-875C-DEB79616D200}

2013-10-31 12:05 - 2013-01-31 21:04 - 00000043 _____ C:\Users\Dave\jagex_cl_runescape_LIVE.dat

2013-10-31 11:55 - 2013-10-31 11:55 - 00000000 ____D C:\Users\Dave\AppData\Local\{AA46491B-6251-4ECD-8BAB-5CFD6FE16073}

2013-10-30 17:14 - 2013-10-30 17:14 - 00000000 ____D C:\Users\Dave\AppData\Local\{795B971F-02C8-47B2-B6D0-EEF5046B9B76}

2013-10-27 13:24 - 2013-10-27 13:24 - 00000000 ____D C:\Users\Dave\AppData\Local\{0217F074-7CA0-422E-A356-09770CCED274}

2013-10-26 10:20 - 2013-10-26 10:20 - 00000000 ____D C:\Users\Dave\AppData\Local\{83CED552-7FD3-4E86-BF53-7F1AB3821C46}

2013-10-25 17:06 - 2013-10-25 17:06 - 00000000 ____D C:\Users\Dave\AppData\Local\{A84857D2-296E-412E-BC97-7326301C1E32}

2013-10-25 14:38 - 2013-08-30 23:04 - 00000000 ____D C:\Users\Dave\AppData\Local\PMB Files

2013-10-25 14:38 - 2013-08-30 23:04 - 00000000 ____D C:\ProgramData\PMB Files

2013-10-24 12:07 - 2013-10-24 12:07 - 00000000 ____D C:\ProgramData\Oracle

2013-10-24 12:06 - 2013-10-24 12:06 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-10-24 12:06 - 2013-08-16 20:33 - 00000000 ____D C:\Program Files (x86)\Java

2013-10-24 12:04 - 2013-10-24 12:04 - 00915368 _____ (Oracle Corporation) C:\Users\Dave\Downloads\chromeinstall-7u45.exe

2013-10-24 11:53 - 2009-07-14 04:45 - 05033864 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-23 19:52 - 2013-03-24 22:11 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2013-10-23 19:44 - 2013-01-22 22:45 - 00110904 _____ C:\Users\Dave\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-23 19:42 - 2013-10-23 19:42 - 00141284 _____ C:\Users\Dave\Downloads\pricedown.zip

2013-10-23 12:02 - 2013-10-23 12:01 - 00000000 ____D C:\Users\Dave\AppData\Local\{429DE769-DF8C-4009-8451-8177B767B5A4}

2013-10-20 23:35 - 2013-10-10 09:08 - 00000000 ____D C:\Program Files (x86)\LDC Driving Test Complete

2013-10-20 16:06 - 2013-10-20 16:06 - 00001015 _____ C:\Users\Public\Desktop\Audacity.lnk

2013-10-20 16:06 - 2013-10-20 16:06 - 00000000 ____D C:\Program Files (x86)\Audacity

2013-10-20 16:06 - 2013-10-20 16:05 - 22308174 _____ (Audacity Team                                               ) C:\Users\Dave\Downloads\audacity-win-2.0.4.exe

2013-10-20 12:06 - 2013-10-20 12:05 - 00000000 ____D C:\Users\Dave\Documents\DexterLePug

2013-10-20 12:02 - 2013-10-20 12:02 - 00000000 ____D C:\Users\Dave\AppData\Local\{8F238F96-267C-4421-930E-DE144AE65DA3}

2013-10-19 15:30 - 2013-05-10 14:02 - 00000000 ____D C:\Users\Dave\AppData\Roaming\OBS

2013-10-19 15:07 - 2013-01-23 00:01 - 00000000 ____D C:\Fraps

2013-10-19 10:43 - 2013-10-19 10:43 - 00000000 ____D C:\Users\Dave\AppData\Local\{82041868-393E-4418-80DE-7561C82341C5}

2013-10-18 12:39 - 2013-10-18 12:39 - 00000000 ____D C:\Users\Dave\AppData\Local\{BEB4E5E2-61D1-4AD6-A856-9D1CB560B5BE}

2013-10-17 19:05 - 2013-04-09 20:50 - 00000000 ____D C:\Users\Dave\AppData\Local\CrashDumps

2013-10-17 10:40 - 2013-10-17 10:40 - 00000000 ____D C:\Users\Dave\AppData\Local\{5E7BD952-6AFC-4F83-BBD7-C2EC303E9B0F}

2013-10-16 23:35 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

2013-10-16 19:42 - 2013-01-22 22:50 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-16 14:38 - 2013-10-16 14:38 - 00000000 ____D C:\Users\Dave\AppData\Local\{887C9125-F7E8-4318-AC5A-CBAB349707C0}

2013-10-15 17:28 - 2013-10-15 17:28 - 00000000 ____D C:\Users\Dave\AppData\Local\{B905F7D5-9E60-4C16-8F4F-C7E08E554560}

2013-10-14 19:03 - 2013-01-22 23:43 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-10-14 19:02 - 2013-10-14 19:02 - 00000000 ____D C:\Users\Dave\AppData\Local\{FE247E05-964C-473B-AB57-EA575D9828AE}

2013-10-13 14:00 - 2011-03-16 12:51 - 00000000 ____D C:\ProgramData\Skype

2013-10-13 13:59 - 2013-10-13 13:59 - 00000000 ____D C:\Users\Dave\AppData\Local\{B1F77565-9600-4374-865E-48548ADE1FBD}

2013-10-12 12:07 - 2013-05-17 13:29 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-10-12 10:36 - 2013-10-12 10:36 - 00000000 ____D C:\Users\Dave\AppData\Local\{2B35BFE4-8475-4CCB-A290-2DB3BFA4918B}

2013-10-12 10:32 - 2013-10-02 19:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-10-12 10:32 - 2013-10-02 19:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-10-11 10:37 - 2013-10-11 10:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Google

2013-10-11 10:36 - 2013-10-11 10:36 - 00110504 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\OEM

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel Corporation

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Apple Computer

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\EgisTec IPS

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI

2013-10-11 10:36 - 2013-10-11 10:36 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe

2013-10-11 10:36 - 2013-10-11 10:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-10-11 10:36 - 2013-10-11 10:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-10-11 10:36 - 2013-10-11 10:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe

2013-10-11 10:35 - 2013-10-11 10:35 - 00001417 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-10-11 10:35 - 2013-10-11 10:35 - 00000020 ___SH C:\Users\Guest\ntuser.ini

2013-10-11 10:35 - 2013-10-11 10:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Eastman Kodak Company

2013-10-11 10:35 - 2013-10-11 10:35 - 00000000 ____D C:\Users\Guest

2013-10-11 10:35 - 2013-01-22 22:50 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-10-11 10:35 - 2013-01-22 22:50 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-10-11 10:19 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Public\Libraries

2013-10-11 10:16 - 2013-10-11 10:16 - 00000000 ____D C:\Users\Dave\AppData\Local\{FE293F43-CA96-4D68-83E5-161D55C4C6A5}

 

Files to move or delete:

====================

C:\Users\Dave\jagex_cl_loginapplet_LIVE.dat

C:\Users\Dave\jagex_cl_oldschool_LIVE.dat

C:\Users\Dave\jagex_cl_runescape_LIVE.dat

C:\Users\Dave\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Dave\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll

C:\Users\Dave\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

C:\Users\Dave\AppData\Local\Temp\swt-win32-3349.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-10-31 14:05

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013

Ran by Dave at 2013-11-10 11:46:22

Running from C:\Users\Dave\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

Acer eRecovery Management (x32 Version: 5.00.3002)

Acer GameZone Console (x32 Version: 6.1.0.40497)

Acer Registration (x32 Version: 1.03.3003)

Acer ScreenSaver (x32 Version: 1.1.0225.2011)

Acer Updater (x32 Version: 1.02.3005)

Acrobat.com (x32 Version: 1.6.65)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)

Adobe Photoshop CS6 (x32 Version: 13.0)

aioscnnr (x32 Version: 7.6.13.10)

AMD APP SDK Runtime (Version: 2.4.595.10)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

ArcSoft TotalMedia Extreme (x32 Version: 2.0.45.12)

ASUS VGA Driver (x32 Version: 3.0.0.1)

ATI AVIVO64 Codecs (Version: 11.6.0.10405)

ATI Catalyst Install Manager (Version: 3.0.820.0)

Audacity 2.0.4 (x32 Version: 2.0.4)

Bejeweled 2 Deluxe (x32)

Belles Beauty Boutique (x32)

Bing Bar (x32 Version: 7.0.610.0)

Bonjour (Version: 3.0.0.10)

C4USelfUpdater (x32 Version: 1.00.0000)

Call of Duty 4: Modern Warfare (x32)

Camtasia Studio 8 (x32 Version: 8.1.1.1313)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center (x32 Version: 2011.0405.2218.38205)

Catalyst Control Center InstallProxy (x32 Version: 2011.0405.2218.38205)

Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)

Catalyst Control Center Localization All (x32 Version: 2011.0405.2218.38205)

Catalyst Control Center Profiles Desktop (x32 Version: 2011.0405.2218.38205)

CCC Help English (x32 Version: 2011.0405.2217.38205)

ccc-utility64 (Version: 2011.0405.2218.38205)

center (x32 Version: 7.7.2.0)

Chicken Invaders 3 (x32)

CINEMA 4D Demo 14.025 (Version: 14.025)

clear.fi (x32 Version: 1.0.1422.15)

clear.fi (x32 Version: 9.0.7418)

clear.fi Client (x32 Version: 1.00.3007)

Curse Client (HKCU Version: 5.1.1.792)

D3DX10 (x32 Version: 15.4.2368.0902)

Dream Day First Home (x32)

EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU Version: 1.8.0.0)

eBay Worldwide (x32 Version: 2.1.0901)

essentials (x32 Version: 7.7.2.0)

Farm Frenzy 3 Ice Age (x32)

Flip Words (x32)

Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)

Fraps (remove only) (x32)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)

Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)

Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)

Galerie foto Windows Live (x32 Version: 15.4.3502.0922)

Google Chrome (x32 Version: 30.0.1599.101)

Google Update Helper (x32 Version: 1.3.21.165)

Gyazo 1.0.1 (x32)

Hauppauge HDPVR Scheduler (x32)

Hauppauge WinTV IR Blaster (x32 Version: 7.4.29102)

Hauppauge WinTV Scheduler (x32)

Hotkey Utility (x32 Version: 2.05.3014)

HydraVision (x32 Version: 4.2.188.0)

Identity Card (x32 Version: 1.00.3006)

Intel® Management Engine Components (x32 Version: 7.0.0.1144)

Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)

iTunes (Version: 11.1.0.126)

Java 7 Update 25 (64-bit) (Version: 7.0.250)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9.8)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

Killing Floor (x32)

Kodak AIO Printer (Version: 7.7.2.0)

KODAK AiO Software (x32 Version: 7.7.6.0)

LDC Driving Test Complete (x32 Version: 6.0)

League of Legends (x32 Version: 3.0.1)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

McAfee SiteAdvisor (x32 Version: 3.6.549)

MediaEspresso (x32 Version: 1.0.1423_35858)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2007 Service Pack 3 (SP3) (x32)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT Redists (Version: 1.0)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)

My Game Long Name

MyWinLocker (Version: 4.0.14.11)

MyWinLocker 4 (x32 Version: 4.0.14.11)

MyWinLocker Suite (x32 Version: 4.0.14.11)

Nero Control Center 10 (x32 Version: 10.2.11100.1.1)

Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)

Nero Core Components 10 (x32 Version: 2.0.18100.8.8)

Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)

Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)

Nero Express 10 (x32 Version: 10.2.12000.21.100)

Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)

Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)

Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)

Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)

Nero Update (x32 Version: 1.0.0018)

newsXpresso (x32 Version: 1.0.0.40)

Norton Online Backup (x32 Version: 2.1.17869)

ocr (x32 Version: 6.2.3.50)

Open Broadcaster Software (x32)

Pando Media Booster (x32 Version: 2.6.0.7)

PDF Settings CS6 (x32 Version: 11.0)

Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)

Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)

Pošta Windows Live (x32 Version: 15.4.3502.0922)

PreReq (x32 Version: 6.2.4.0)

PrintProjects (x32 Version: 1.0.0.9282)

QuickTime (x32 Version: 7.74.80.86)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)

Realtek Ethernet Controller Driver (x32 Version: 7.36.1224.2010)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257)

Shared C Run-time for x64 (Version: 10.0.0)

Shredder (Version: 2.0.8.7)

Shredder (x32 Version: 2.0.8.7)

Skype Click to Call (x32 Version: 6.13.13771)

Skype™ 6.9 (x32 Version: 6.9.106)

Sprill and Ritchie (x32)

Steam (x32 Version: 1.0.0.0)

SwiftKit (HKCU)

Unity Web Player (HKCU Version: )

Update for 2007 Microsoft Office System (KB967642) (x32)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)

Update for Microsoft Office Access 2007 Help (KB963663) (x32)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32)

Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)

Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)

Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)

Update for Microsoft Office Script Editor Help (KB963671) (x32)

Update for Microsoft Office Word 2007 Help (KB963665) (x32)

Vegas Pro 12.0 (64-bit) (Version: 12.0.394)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)

War Thunder (x32)

Welcome Center (x32 Version: 1.02.3102)

Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)

Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)

Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)

Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)

Windows Live Fotótár (x32 Version: 15.4.3502.0922)

Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)

Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Windows Live 影像中心 (x32 Version: 15.4.3502.0922)

Windows Live 程式集 (x32 Version: 15.4.3502.0922)

Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)

Windows Liven sähköposti (x32 Version: 15.4.3502.0922)

Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

World of Goo (x32)

World of Warcraft (x32)

World of Warcraft Public Test (x32 Version: 5.0.3.15890)

XSplit (x32 Version: 1.2.1303.0101)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)

Почта Windows Live (x32 Version: 15.4.3502.0922)

Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)

Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)

بريد Windows Live (x32 Version: 15.4.3502.0922)

معرض صور Windows Live (x32 Version: 15.4.3502.0922)

 

==================== Restore Points  =========================

 

01-11-2013 01:00:22 Windows Update

02-11-2013 13:13:09 Windows Update

02-11-2013 13:46:55 Windows Update

04-11-2013 00:30:36 Windows Update

05-11-2013 00:10:54 Windows Update

06-11-2013 00:10:02 Windows Update

07-11-2013 00:01:03 Windows Update

08-11-2013 00:30:31 Windows Update

09-11-2013 00:45:34 Windows Update

10-11-2013 00:39:55 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {231017A6-78B7-4B89-8962-150B9232F75A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {47B59550-9908-4CB7-A36F-F3BA52F61206} - System32\Tasks\AdobeAAMUpdater-1.0-Dave-PC-Dave => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-04] (Adobe Systems Incorporated)

Task: {5229AC27-1EBE-49F7-B62C-8BABE32AA883} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)

Task: {5F66AD4D-A2DC-4C52-8E51-8CB764E90BAF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {751CACED-99CD-48A8-91AB-D4BF530A7AC3} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)

Task: {9298ECDA-DE20-46EE-8DE2-35A46B397637} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)

Task: {989DA12E-1B2B-4001-AEC3-D2840FDF74E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-22] (Google Inc.)

Task: {AEB2B8ED-D187-4AB3-BB63-F5E429D6B8E3} - System32\Tasks\{17E641FC-0D2E-4BBF-ABA6-60F03AC661E0} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM

Task: {B14F9D9D-09C2-4743-A552-91F96E04CD76} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)

Task: {C570E832-151C-49F6-8619-FB016B75E765} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-28] (Acer Incorporated)

Task: {CC854E78-DE51-4BD0-B96A-BF7FF6725164} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => C:\Program Files (x86)\Acer\Registration\GREG.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2009-01-21 23:45 - 2009-01-21 23:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll

2013-10-07 19:46 - 2013-10-07 19:45 - 00014848 ____N () C:\Users\Dave\AppData\Local\Apps\2.0\CQG93M9H.DTL\KXZMD9X3.TDN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.WowDb.dll

2013-10-07 19:46 - 2013-10-07 19:45 - 00035840 ____N () C:\Users\Dave\AppData\Local\Apps\2.0\CQG93M9H.DTL\KXZMD9X3.TDN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.Advertising.dll

2013-10-07 19:46 - 2013-10-07 19:45 - 00099840 ____N () C:\Users\Dave\AppData\Local\Apps\2.0\CQG93M9H.DTL\KXZMD9X3.TDN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\Curse.CurseClient.CMOD2.dll

2011-03-14 14:20 - 2011-03-14 14:20 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-03-14 14:20 - 2011-03-14 14:20 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll

2011-04-05 22:16 - 2011-04-05 22:16 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-04-30 07:55 - 2012-04-30 07:55 - 08358400 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll

2012-04-30 07:55 - 2012-04-30 07:55 - 00151040 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll

2012-04-30 07:55 - 2012-04-30 07:55 - 01152512 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll

2012-04-30 07:55 - 2012-04-30 07:55 - 00333824 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll

2012-04-30 07:55 - 2012-04-30 07:55 - 00026112 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll

2013-03-12 17:10 - 2013-10-24 17:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2013-01-23 23:37 - 2013-10-30 19:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2013-01-23 23:37 - 2013-10-23 20:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-01-23 23:37 - 2013-06-14 23:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2013-01-23 23:37 - 2013-06-14 23:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2013-01-23 23:37 - 2013-06-14 23:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2011-01-19 01:08 - 2011-01-19 01:08 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

2011-02-22 18:01 - 2011-02-22 18:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

2013-08-15 09:51 - 2013-08-15 09:51 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll

2013-01-23 06:03 - 2010-11-06 07:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-01-22 23:58 - 2006-11-08 14:58 - 00449280 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\fpxlib.dll

2013-01-22 23:58 - 2006-11-08 14:58 - 00449280 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\MVCodec\fpxlib.dll

2013-01-22 23:59 - 2007-06-06 17:54 - 00027392 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\MagicDLL\MagPanelCallBackCtrl.dll

2013-01-22 23:59 - 2010-08-19 14:12 - 00058880 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\EM2800dll.dll

2013-01-23 00:00 - 2008-05-27 08:55 - 00917504 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia Extreme\TotalMedia Studio MV\MVCodec\dtsdecoderdll.dll

2013-10-16 19:42 - 2013-10-09 00:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll

2013-10-16 19:42 - 2013-10-09 00:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll

2013-10-16 19:42 - 2013-10-09 00:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll

2013-10-16 19:42 - 2013-10-09 00:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll

2013-10-16 19:42 - 2013-10-09 00:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/10/2013 10:39:11 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/10/2013 00:40:39 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/09/2013 10:28:17 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2013 00:46:12 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/08/2013 04:38:41 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/08/2013 00:31:11 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/07/2013 11:02:39 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/07/2013 00:01:42 AM) (Source: MsiInstaller) (User: NT AUTHORITY)

Description: Product: Microsoft Office Click-to-Run 2010 - Update 'Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/06/2013 02:45:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/06/2013 02:43:40 PM) (Source: Bonjour Service) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 46.140.254.169.in-addr.arpa. PTR Dave-PC.local.

 

 

System errors:

=============

Error: (11/10/2013 10:37:48 AM) (Source: Service Control Manager) (User: )

Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 

%%2

 

Error: (11/10/2013 10:37:23 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)

Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

 

Error: (11/10/2013 00:40:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition.

 

Error: (11/10/2013 00:39:43 AM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (11/09/2013 10:26:52 PM) (Source: Service Control Manager) (User: )

Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 

%%2

 

Error: (11/09/2013 10:26:26 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)

Description: 0x8000002a36\SystemRoot\System32\Config\SOFTWARE

 

Error: (11/09/2013 00:46:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2598285) 32-Bit Edition.

 

Error: (11/09/2013 00:45:17 AM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (11/09/2013 00:45:04 AM) (Source: DCOM) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (11/08/2013 04:37:21 PM) (Source: Service Control Manager) (User: )

Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Percentage of memory in use: 47%

Total physical RAM: 6126.47 MB

Available physical RAM: 3192.58 MB

Total Pagefile: 12251.13 MB

Available Pagefile: 8598.31 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:688.95 GB) (Free:315.73 GB) NTFS

Drive d: (DATA) (Fixed) (Total:689.21 GB) (Free:684.04 GB) NTFS

Drive e: (welsh coast) (CDROM) (Total:3.13 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 15704C10)

Partition 1: (Not Active) - (Size=19 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=689 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Ok we continue;

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Finally,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs..

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013

Ran by Dave at 2013-11-10 12:08:02 Run:1

Running from C:\Users\Dave\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [254336 2013-07-02] ()

C:\PROGRA~2\SearchProtect

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...F936D3C42B25&q={SearchTerms}

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...F936D3C42B25&q={SearchTerms}

C:\Users\Dave\jagex_cl_loginapplet_LIVE.dat

C:\Users\Dave\jagex_cl_oldschool_LIVE.dat

C:\Users\Dave\jagex_cl_runescape_LIVE.dat

C:\Users\Dave\random.dat

C:\Users\Dave\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll

C:\Users\Dave\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

C:\Users\Dave\AppData\Local\Temp\swt-win32-3349.dll

End

 

 

 

*****************

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.

"C:\PROGRA~2\SearchProtect" => File/Directory not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.

HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.

C:\Users\Dave\jagex_cl_loginapplet_LIVE.dat => Moved successfully.

C:\Users\Dave\jagex_cl_oldschool_LIVE.dat => Moved successfully.

C:\Users\Dave\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Dave\random.dat => Moved successfully.

C:\Users\Dave\AppData\Local\Temp\jansi-64-git-Bukkit-jenkins-CraftBukkit-173.dll => Moved successfully.

C:\Users\Dave\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.

C:\Users\Dave\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

# AdwCleaner v3.011 - Report created 10/11/2013 at 12:12:15

# Updated 03/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Dave - DAVE-PC

# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Users\Dave\AppData\Local\Searchprotect

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\Software\SearchProtect

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16720

 

 

-\\ Google Chrome v30.0.1599.101

 

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7219 octets] - [20/08/2013 17:08:52]

AdwCleaner[R1].txt - [1943 octets] - [10/11/2013 12:09:34]

AdwCleaner[s0].txt - [6251 octets] - [20/08/2013 17:09:26]

AdwCleaner[s1].txt - [1870 octets] - [10/11/2013 12:12:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1930 octets] ##########
Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.07.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Dave :: DAVE-PC [administrator]

 

10/11/2013 12:19:02

mbam-log-2013-11-10 (12-19-02).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 241662

Time elapsed: 5 minute(s), 31 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

So you have no Anti-virus program, that is not good and will need fixing asap.... Malwarebytes does not have an antivirus component..

 

Go here: http://www.microsoft.com/en-gb/download/details.aspx?id=5201 download and install Microsoft Security Essentials. Check for updates and run Quick scan, let me know if anything is found...

Link to post
Share on other sites

We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..

OK, we continue:

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete.....

 

Next,

 

Read the following link to fully understand PC security and best practices....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if there are any remaining issues or concerns...

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.