Jump to content

ScorpionSaver keeps reinstalling. Any help?

max001

By max001
in Resolved Malware Removal Logs

 Share

Recommended Posts

max001

max001

Posted
Posted

Good everning. 

 

For some days, I have been unable to get rid of Scorpionsaver, which seems to keep reinstalling, even though I am able to uninstall that program. 

 

I have run successively:

 

1 - AdwClean

2 - Malwarebyt

3 - System Look

 

Here is the output of SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 18:43 on 04/12/2013 by max
Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"
C:\Windows\System32\AdpeakProxy64.dll    --a---- 439296 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6
C:\Windows\SysWOW64\AdpeakProxy.dll    --a---- 338944 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 85FB18C4B0665C24E6BAA502837011A5

Searching for "Adpeak.*"
No files found.

Searching for "*Scorpion*"
C:\temp\scorpionsaver.exe    --a---- 549520 bytes    [15:47 03/12/2013]    [22:47 03/12/2013] 210184CBA5317C1EEEDCE09649E221AF
C:\temp\ScorpionSaver.msi    --a---- 3182592 bytes    [02:49 23/11/2013]    [19:54 04/12/2013] C0D3EACC48A41057DE0838C09B97A3A7

Searching for "Scopion.*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver    d------    [23:33 04/12/2013]
C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4z21mazy.default\extensions\ScorpionSaver@jetpack    d------    [19:55 04/12/2013]
C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4z21mazy.default\extensions\ScorpionSaver@jetpack\resources\ScorpionSaver    d------    [19:55 04/12/2013]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ScorpionSaver]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495]
"ProductName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495\SourceList]
"PackageName"="ScorpionSaver.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\Program Files (x86)\ScorpionSaver\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\ff_bootstrap.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\SendJson.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\background.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\CustomActionInstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7]
"3A9F56B942D9A2546BFE41756DE52495"="c:\Program Files (x86)\ScorpionSaver\IECore.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"DisplayName"="ScorpionSaver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"DisplayName"="ScorpionSaver"
[HKEY_USERS\S-1-5-21-57794135-1934675741-632937485-1001\Software\Adpeak, Inc.\ScorpionSaver]
[HKEY_USERS\S-1-5-21-57794135-1934675741-632937485-1001\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-57794135-1934675741-632937485-1001\Software\AppDataLow\Software\ScorpionSaver]

Searching for "*adpeak*"
No data found.

Searching for "adpeak"
[HKEY_CURRENT_USER\Software\Adpeak, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937]
"3A9F56B942D9A2546BFE41756DE52495"="01:\Software\Adpeak, Inc.\ScorpionSaver\Chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"HelpLink"="http://www.adpeak.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495\InstallProperties]
"Publisher"="Adpeak, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"HelpLink"="http://www.adpeak.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}]
"Publisher"="Adpeak, Inc."
[HKEY_USERS\S-1-5-21-57794135-1934675741-632937485-1001\Software\Adpeak, Inc.]

-= EOF =-

 

Thanks for your help!

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Follow this procedure please:

Welcome to the forum, first.....try to uninstall it from your add/remove programs.

Then........

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Next..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Last......

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • MrC

Link to post
Share on other sites
max001

max001

Posted
  • Author
Posted

Hello Mr. Charlie,

 

Thanks for your help.  Herein is the information you need:

 

Hello Charlie,

Thanks.  Here are the steps I have done.

(i) uninstall it from my add/remove program (control panel).  I do not longer see Scorpionsaver in the list (but I am sure it still there as it will keep reinstalling)

(ii) run AdwCleaner.exr, and here is the log file:

# AdwCleaner v3.014 - Report created 04/12/2013 at 19:29:38
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : max - MAX-PC
# Running from : C:\Users\max\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4z21mazy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [14758 octets] - [22/11/2013 21:32:36]
AdwCleaner[R1].txt - [8531 octets] - [22/11/2013 22:30:46]
AdwCleaner[R2].txt - [1660 octets] - [23/11/2013 22:24:05]
AdwCleaner[R3].txt - [1726 octets] - [24/11/2013 17:12:45]
AdwCleaner[R4].txt - [1189 octets] - [24/11/2013 17:22:28]
AdwCleaner[R5].txt - [1309 octets] - [25/11/2013 18:27:27]
AdwCleaner[R6].txt - [1429 octets] - [25/11/2013 19:45:36]
AdwCleaner[R7].txt - [2312 octets] - [04/12/2013 18:30:16]
AdwCleaner[R8].txt - [1670 octets] - [04/12/2013 19:28:12]
AdwCleaner[s0].txt - [14434 octets] - [22/11/2013 21:34:38]
AdwCleaner[s1].txt - [23020 octets] - [22/11/2013 21:37:56]
AdwCleaner[s2].txt - [1803 octets] - [24/11/2013 17:14:05]
AdwCleaner[s3].txt - [1251 octets] - [24/11/2013 17:23:03]
AdwCleaner[s4].txt - [1371 octets] - [25/11/2013 18:28:20]
AdwCleaner[s5].txt - [1491 octets] - [25/11/2013 19:46:11]
AdwCleaner[s6].txt - [2399 octets] - [04/12/2013 18:33:41]
AdwCleaner[s7].txt - [1591 octets] - [04/12/2013 19:29:38]

########## EOF - C:\AdwCleaner\AdwCleaner[s7].txt - [1651 octets] ##########


(iii) run Malwarebytes, and here is the report:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
max :: MAX-PC [administrator]

12/4/2013 7:34:01 PM
mbam-log-2013-12-04 (19-34-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208567
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

(iv) Run Farbar Recovery Scan Tool, and here is the log FRST.txt and Addition.txt files:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by max (administrator) on MAX-PC on 04-12-2013 19:39:19
Running from C:\Users\max\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\jmesoft\Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-03] (Valve Corporation)
HKCU\...\Run: [Power2GoExpress] - C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2643832 2012-03-19] (CyberLink Corp.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
MountPoints2: {81ee8a19-8bae-11e2-94c4-4437e66bc509} - H:\TL-Bootstrap.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [LenovoFSC] - C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [jmekey] - C:\Windows\jmesoft\hotkey.exe [118784 2011-03-21] (Lenovo)
HKLM-x32\...\Run: [jmesoft] - C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [updatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [307200 2009-06-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [instantBurn] - C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [179976 2013-09-25] (cyberlink)
HKLM-x32\...\Run: [updatePPShortCut] - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-23] (AVAST Software)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\f654b7d1-95cc-46f2-b2d5-ee850be508d2.exe [180184 2013-11-23] (AVAST Software)
AppInit_DLLs:   [ ] ()

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyC0B0CyDtDzyzztDzy0AtN0D0Tzu0SyCzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1918390129&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCyC0B0CyDtDzyzztDzy0AtN0D0Tzu0SyCzytBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1918390129&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4z21mazy.default

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4z21mazy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-23] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-25] (CyberLink)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [229392 2012-09-13] (Nitro PDF Software)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-06] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-23] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-23] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-23] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-23] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-23] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-23] ()
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 19:39 - 2013-12-04 19:39 - 00013574 _____ C:\Users\max\Desktop\FRST.txt
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\FRST
2013-12-04 19:36 - 2013-12-04 19:36 - 01959766 _____ (Farbar) C:\Users\max\Desktop\FRST64.exe
2013-12-04 19:28 - 2013-12-04 19:31 - 00000000 ____D C:\Users\max\Desktop\charlie
2013-12-04 18:43 - 2013-12-04 18:47 - 00015882 _____ C:\Users\max\Desktop\SystemLook.txt
2013-12-04 18:43 - 2013-12-04 18:43 - 00165376 _____ C:\Users\max\Desktop\SystemLook_x64.exe
2013-12-04 18:29 - 2013-12-04 18:29 - 01110034 _____ C:\Users\max\Desktop\AdwCleaner.exe
2013-12-04 18:22 - 2013-12-04 18:22 - 00024324 _____ C:\windows\PFRO.log
2013-12-04 11:54 - 2013-12-04 19:30 - 00000224 _____ C:\windows\setupact.log
2013-12-04 11:54 - 2013-12-04 11:54 - 00000000 _____ C:\windows\setuperr.log
2013-12-04 11:35 - 2013-12-04 11:35 - 00000631 _____ C:\Users\max\Desktop\JRT.txt
2013-12-04 11:22 - 2013-12-04 11:22 - 00002201 _____ C:\Users\max\Desktop\RKreport[0]_D_12042013_112208.txt
2013-12-04 11:22 - 2013-12-04 11:22 - 00002145 _____ C:\Users\max\Desktop\RKreport[0]_S_12042013_112201.txt
2013-12-03 21:14 - 2013-12-03 21:14 - 00003367 _____ C:\Users\max\Desktop\RKreport[0]_D_12032013_211405.txt
2013-12-03 21:13 - 2013-12-03 21:13 - 00003214 _____ C:\Users\max\Desktop\RKreport[0]_S_12032013_211313.txt
2013-12-03 20:49 - 2013-12-03 20:49 - 00000000 ____D C:\Users\max\AppData\Roaming\LavasoftStatistics
2013-12-03 20:37 - 2013-12-03 20:37 - 00000000 ____D C:\Users\max\AppData\Roaming\SecureSearch
2013-12-03 20:37 - 2013-12-03 20:37 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-12-03 20:36 - 2013-12-03 20:52 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-03 20:34 - 2013-12-03 20:34 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-03 17:06 - 2013-12-03 17:12 - 138562430 _____ (CCDC) C:\Users\max\Desktop\mercurystandalone-3.3-windows-installer.exe
2013-12-03 16:51 - 2013-12-04 11:31 - 00000000 ____D C:\Users\max\Desktop\Lee_paper_revised
2013-12-03 14:59 - 2013-12-03 14:59 - 00000000 ____D C:\structures
2013-12-03 14:40 - 2013-12-04 18:26 - 00000000 ____D C:\wingx
2013-12-03 14:25 - 2013-12-04 00:34 - 00000000 ____D C:\Users\max\Documents\registry_back_up
2013-12-03 14:25 - 2013-12-03 14:25 - 00000000 ____D C:\Users\max\Desktop\Shelxtl
2013-12-02 23:16 - 2013-12-02 23:16 - 03774396 _____ C:\Users\max\Desktop\reproductdetailsinquiryfromamazoncustomermaximesieg.zip
2013-11-27 16:21 - 2013-12-03 13:52 - 00000000 ____D C:\Users\max\AppData\Local\CrashDumps
2013-11-25 19:34 - 2013-12-04 11:22 - 00000000 ____D C:\Users\max\Desktop\RK_Quarantine
2013-11-25 19:33 - 2013-11-25 19:33 - 04172288 _____ C:\Users\max\Desktop\RogueKillerX64.exe
2013-11-25 18:47 - 2013-11-25 18:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Desktop\revosetup.exe
2013-11-25 18:47 - 2013-11-25 18:47 - 00001260 _____ C:\Users\max\Desktop\Revo Uninstaller.lnk
2013-11-24 18:21 - 2013-11-24 18:21 - 00000000 ____D C:\Users\max\Documents\Jobs_search
2013-11-24 17:27 - 2013-11-24 17:27 - 00000000 ____D C:\windows\ERUNT
2013-11-24 17:26 - 2013-11-24 17:26 - 01034531 _____ (Thisisu) C:\Users\max\Desktop\JRT.exe
2013-11-23 22:11 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-23 22:10 - 2013-11-23 22:10 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-23 22:10 - 2013-11-23 22:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-23 22:10 - 2013-11-23 22:10 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-23 22:10 - 2013-11-23 22:10 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-23 22:10 - 2013-11-23 22:10 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-23 22:10 - 2013-11-23 22:10 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-23 22:10 - 2013-11-23 22:10 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-23 22:10 - 2013-11-23 22:10 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-23 22:10 - 2013-11-23 22:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-23 22:10 - 2013-11-23 22:10 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-23 22:10 - 2013-11-23 22:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-23 22:06 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-23 22:06 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-23 22:06 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-23 22:06 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-23 22:06 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-23 22:06 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-23 22:06 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-11-23 22:06 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-11-23 22:06 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-11-23 22:06 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-11-23 22:06 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-11-23 22:06 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-11-23 22:06 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-11-23 22:06 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-11-23 22:06 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-11-23 22:06 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-11-23 22:06 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-11-23 22:06 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-11-23 22:06 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-11-23 22:06 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-11-23 22:06 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-11-23 22:06 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-11-23 22:06 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-11-23 22:06 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-11-23 22:06 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\windows\system32\scavengeui.dll
2013-11-23 22:06 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2013-11-23 22:06 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2013-11-23 22:06 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2013-11-23 22:06 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2013-11-23 22:06 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2013-11-23 21:51 - 2013-10-16 10:18 - 00439296 _____ (Adpeak, Inc.) C:\windows\system32\AdpeakProxy64.dll
2013-11-23 21:51 - 2013-10-16 10:18 - 00338944 _____ (Adpeak, Inc.) C:\windows\SysWOW64\AdpeakProxy.dll
2013-11-23 07:24 - 2013-11-23 07:24 - 00000000 ____D C:\Users\max\AppData\Roaming\AVAST Software
2013-11-22 23:17 - 2013-11-22 23:17 - 00000000 ____D C:\Users\max\AppData\Local\Packages
2013-11-22 23:14 - 2013-11-22 23:14 - 00000000 ____D C:\ProgramData\install_clap
2013-11-22 22:54 - 2013-11-24 11:15 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-22 22:54 - 2013-11-22 22:59 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-22 22:54 - 2013-11-22 22:54 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-22 22:50 - 2013-11-22 22:54 - 10264904 _____ (SurfRight B.V.) C:\Users\max\Desktop\HitmanPro_x64.exe
2013-11-22 22:37 - 2013-11-22 22:37 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\Users\max\AppData\Roaming\Malwarebytes
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-22 22:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-11-22 22:36 - 2013-11-22 22:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\max\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-22 21:50 - 2013-11-25 18:47 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-22 21:35 - 2013-11-22 21:35 - 00000049 _____ C:\Users\max\Desktop\test.txt
2013-11-22 21:32 - 2013-12-04 19:29 - 00000000 ____D C:\AdwCleaner
2013-11-22 21:17 - 2013-11-22 21:17 - 00002768 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-11-22 21:17 - 2013-11-22 21:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-22 21:17 - 2013-11-22 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-21 18:38 - 2013-11-21 18:38 - 00000218 _____ C:\Users\max\.recently-used.xbel
2013-11-21 18:36 - 2013-11-21 18:36 - 00000000 ____D C:\Users\max\AppData\Local\RawTherapee4.0.11
2013-11-19 07:47 - 2013-11-19 07:48 - 101784640 _____ C:\Users\max\Desktop\S-NEFCDC-012000WF-ALLIN-ALL___.exe
2013-11-15 16:14 - 2013-11-22 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 07:18 - 2013-11-14 07:18 - 00040562 _____ C:\Users\max\Desktop\maxime_siegler_photography.pptx
2013-11-13 07:43 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-13 07:43 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-13 07:43 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-13 07:43 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-13 07:43 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 07:43 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-13 07:43 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-13 07:43 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-13 07:43 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-13 07:43 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-13 07:43 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-13 07:43 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-13 07:43 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-13 07:43 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-13 07:43 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-13 07:43 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-13 07:43 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-13 07:43 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-13 07:43 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-13 07:43 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-13 07:43 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-13 07:43 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-13 07:43 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-13 07:43 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-10 22:18 - 2013-11-10 22:18 - 00000000 ____D C:\Users\max\Documents\benefits_max_rachel
2013-11-10 19:19 - 2013-11-10 19:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files\iTunes
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files\iPod
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified Files and Folders =======

2013-12-04 19:39 - 2013-12-04 19:39 - 00013574 _____ C:\Users\max\Desktop\FRST.txt
2013-12-04 19:39 - 2013-12-04 19:39 - 00000000 ____D C:\FRST
2013-12-04 19:38 - 2009-07-13 23:45 - 00017952 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 19:38 - 2009-07-13 23:45 - 00017952 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 19:37 - 2009-07-14 00:13 - 00726316 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-04 19:36 - 2013-12-04 19:36 - 01959766 _____ (Farbar) C:\Users\max\Desktop\FRST64.exe
2013-12-04 19:34 - 2012-11-11 18:56 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-04 19:34 - 2011-10-10 11:57 - 01910379 _____ C:\windows\WindowsUpdate.log
2013-12-04 19:31 - 2013-12-04 19:28 - 00000000 ____D C:\Users\max\Desktop\charlie
2013-12-04 19:31 - 2012-10-26 19:03 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 19:30 - 2013-12-04 11:54 - 00000224 _____ C:\windows\setupact.log
2013-12-04 19:30 - 2013-01-14 21:29 - 00000000 _____ C:\windows\system32\Drivers\lvuvc.hs
2013-12-04 19:30 - 2012-07-11 18:56 - 00000888 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 19:30 - 2012-07-11 18:48 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-12-04 19:30 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-04 19:29 - 2013-11-22 21:32 - 00000000 ____D C:\AdwCleaner
2013-12-04 18:58 - 2012-07-11 18:56 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 18:47 - 2013-12-04 18:43 - 00015882 _____ C:\Users\max\Desktop\SystemLook.txt
2013-12-04 18:43 - 2013-12-04 18:43 - 00165376 _____ C:\Users\max\Desktop\SystemLook_x64.exe
2013-12-04 18:29 - 2013-12-04 18:29 - 01110034 _____ C:\Users\max\Desktop\AdwCleaner.exe
2013-12-04 18:26 - 2013-12-03 14:40 - 00000000 ____D C:\wingx
2013-12-04 18:22 - 2013-12-04 18:22 - 00024324 _____ C:\windows\PFRO.log
2013-12-04 17:54 - 2012-02-18 18:13 - 00000000 ____D C:\Users\max\AppData\Roaming\Skype
2013-12-04 17:53 - 2012-07-11 18:56 - 00003888 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-04 17:53 - 2012-07-11 18:56 - 00003636 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-04 11:54 - 2013-12-04 11:54 - 00000000 _____ C:\windows\setuperr.log
2013-12-04 11:35 - 2013-12-04 11:35 - 00000631 _____ C:\Users\max\Desktop\JRT.txt
2013-12-04 11:35 - 2012-09-05 21:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-04 11:31 - 2013-12-03 16:51 - 00000000 ____D C:\Users\max\Desktop\Lee_paper_revised
2013-12-04 11:23 - 2012-02-18 16:36 - 00000000 ____D C:\Users\max
2013-12-04 11:22 - 2013-12-04 11:22 - 00002201 _____ C:\Users\max\Desktop\RKreport[0]_D_12042013_112208.txt
2013-12-04 11:22 - 2013-12-04 11:22 - 00002145 _____ C:\Users\max\Desktop\RKreport[0]_S_12042013_112201.txt
2013-12-04 11:22 - 2013-11-25 19:34 - 00000000 ____D C:\Users\max\Desktop\RK_Quarantine
2013-12-04 00:34 - 2013-12-03 14:25 - 00000000 ____D C:\Users\max\Documents\registry_back_up
2013-12-03 22:06 - 2013-07-27 12:10 - 00008654 _____ C:\Users\max\Desktop\reimbursement.xlsx
2013-12-03 21:38 - 2013-03-06 10:51 - 00000056 _____ C:\Users\max\.enciferargs
2013-12-03 21:14 - 2013-12-03 21:14 - 00003367 _____ C:\Users\max\Desktop\RKreport[0]_D_12032013_211405.txt
2013-12-03 21:13 - 2013-12-03 21:13 - 00003214 _____ C:\Users\max\Desktop\RKreport[0]_S_12032013_211313.txt
2013-12-03 20:52 - 2013-12-03 20:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2013-12-03 20:49 - 2013-12-03 20:49 - 00000000 ____D C:\Users\max\AppData\Roaming\LavasoftStatistics
2013-12-03 20:37 - 2013-12-03 20:37 - 00000000 ____D C:\Users\max\AppData\Roaming\SecureSearch
2013-12-03 20:37 - 2013-12-03 20:37 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2013-12-03 20:34 - 2013-12-03 20:34 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-03 17:12 - 2013-12-03 17:06 - 138562430 _____ (CCDC) C:\Users\max\Desktop\mercurystandalone-3.3-windows-installer.exe
2013-12-03 14:59 - 2013-12-03 14:59 - 00000000 ____D C:\structures
2013-12-03 14:25 - 2013-12-03 14:25 - 00000000 ____D C:\Users\max\Desktop\Shelxtl
2013-12-03 14:18 - 2012-07-11 19:25 - 00000000 ____D C:\Users\max\AppData\Local\Google
2013-12-03 13:52 - 2013-11-27 16:21 - 00000000 ____D C:\Users\max\AppData\Local\CrashDumps
2013-12-03 13:10 - 2012-06-26 17:26 - 00000000 ____D C:\Users\max\Documents\Rachel
2013-12-02 23:16 - 2013-12-02 23:16 - 03774396 _____ C:\Users\max\Desktop\reproductdetailsinquiryfromamazoncustomermaximesieg.zip
2013-11-30 17:09 - 2013-08-25 16:46 - 00001456 _____ C:\Users\max\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-29 20:29 - 2012-11-24 20:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-29 20:29 - 2012-02-18 18:12 - 00000000 ____D C:\ProgramData\Skype
2013-11-28 15:46 - 2012-02-21 21:42 - 03854336 _____ C:\Users\max\Desktop\backup.QDF-backup
2013-11-27 20:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-27 18:03 - 2012-02-24 16:42 - 00000000 ____D C:\Users\max\AppData\Roaming\foobar2000
2013-11-25 19:33 - 2013-11-25 19:33 - 04172288 _____ C:\Users\max\Desktop\RogueKillerX64.exe
2013-11-25 18:59 - 2009-07-25 21:01 - 00000000 ____D C:\windows\Panther
2013-11-25 18:47 - 2013-11-25 18:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\max\Desktop\revosetup.exe
2013-11-25 18:47 - 2013-11-25 18:47 - 00001260 _____ C:\Users\max\Desktop\Revo Uninstaller.lnk
2013-11-25 18:47 - 2013-11-22 21:50 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-11-24 22:18 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2013-11-24 18:21 - 2013-11-24 18:21 - 00000000 ____D C:\Users\max\Documents\Jobs_search
2013-11-24 17:56 - 2012-02-18 17:04 - 00000000 ____D C:\ProgramData\CyberLink
2013-11-24 17:29 - 2011-10-10 12:30 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 17:29 - 2011-10-10 12:30 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-24 17:27 - 2013-11-24 17:27 - 00000000 ____D C:\windows\ERUNT
2013-11-24 17:26 - 2013-11-24 17:26 - 01034531 _____ (Thisisu) C:\Users\max\Desktop\JRT.exe
2013-11-24 15:07 - 2012-07-02 21:30 - 00000000 ____D C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin
2013-11-24 13:18 - 2012-10-12 23:59 - 00000000 ____D C:\Program Files (x86)\GRETECH
2013-11-24 11:15 - 2013-11-22 22:54 - 00001889 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-11-23 22:22 - 2012-02-18 16:36 - 00001409 _____ C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-23 22:15 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-11-23 22:10 - 2013-11-23 22:10 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-23 22:10 - 2013-11-23 22:10 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-23 22:10 - 2013-11-23 22:10 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-23 22:10 - 2013-11-23 22:10 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-23 22:10 - 2013-11-23 22:10 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-23 22:10 - 2013-11-23 22:10 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-23 22:10 - 2013-11-23 22:10 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-23 22:10 - 2013-11-23 22:10 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-23 22:10 - 2013-11-23 22:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-23 22:10 - 2013-11-23 22:10 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-23 22:10 - 2013-11-23 22:10 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-23 22:10 - 2013-11-23 22:10 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-23 22:10 - 2013-11-23 22:10 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-23 07:24 - 2013-11-23 07:24 - 00000000 ____D C:\Users\max\AppData\Roaming\AVAST Software
2013-11-23 07:21 - 2013-10-05 11:18 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-23 07:21 - 2013-03-24 07:05 - 00205320 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-11-23 07:21 - 2013-03-24 07:05 - 00065776 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-11-23 07:21 - 2012-03-16 14:52 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-11-23 07:21 - 2012-02-18 18:09 - 01032416 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-11-23 07:21 - 2012-02-18 18:09 - 00409832 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-11-23 07:21 - 2012-02-18 18:09 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-11-23 07:21 - 2012-02-18 18:09 - 00084328 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2013-11-23 07:21 - 2012-02-18 18:09 - 00065264 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys
2013-11-23 07:21 - 2012-02-18 18:09 - 00038984 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys
2013-11-23 07:21 - 2012-02-18 18:08 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2013-11-23 07:19 - 2012-02-18 18:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-23 07:18 - 2012-02-18 18:09 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-11-22 23:17 - 2013-11-22 23:17 - 00000000 ____D C:\Users\max\AppData\Local\Packages
2013-11-22 23:17 - 2011-10-10 11:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-22 23:14 - 2013-11-22 23:14 - 00000000 ____D C:\ProgramData\install_clap
2013-11-22 23:14 - 2007-11-20 08:26 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2013-11-22 23:14 - 2007-11-20 08:26 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2013-11-22 23:12 - 2013-11-15 16:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 22:59 - 2013-11-22 22:54 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-22 22:54 - 2013-11-22 22:54 - 00000000 ____D C:\Program Files\HitmanPro
2013-11-22 22:54 - 2013-11-22 22:50 - 10264904 _____ (SurfRight B.V.) C:\Users\max\Desktop\HitmanPro_x64.exe
2013-11-22 22:37 - 2013-11-22 22:37 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\Users\max\AppData\Roaming\Malwarebytes
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-22 22:37 - 2013-11-22 22:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-22 22:36 - 2013-11-22 22:36 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\max\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-22 21:35 - 2013-11-22 21:35 - 00000049 _____ C:\Users\max\Desktop\test.txt
2013-11-22 21:24 - 2013-01-14 21:12 - 00000000 ____D C:\windows\Minidump
2013-11-22 21:17 - 2013-11-22 21:17 - 00002768 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2013-11-22 21:17 - 2013-11-22 21:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-11-22 21:17 - 2013-11-22 21:17 - 00000000 ____D C:\Program Files\CCleaner
2013-11-22 21:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\Resources
2013-11-21 18:38 - 2013-11-21 18:38 - 00000218 _____ C:\Users\max\.recently-used.xbel
2013-11-21 18:36 - 2013-11-21 18:36 - 00000000 ____D C:\Users\max\AppData\Local\RawTherapee4.0.11
2013-11-19 07:48 - 2013-11-19 07:47 - 101784640 _____ C:\Users\max\Desktop\S-NEFCDC-012000WF-ALLIN-ALL___.exe
2013-11-16 07:27 - 2012-02-18 18:40 - 00000000 ____D C:\Users\max\AppData\Local\Adobe
2013-11-16 07:22 - 2012-10-26 19:03 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 07:22 - 2012-10-26 19:03 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-11-16 07:22 - 2012-02-18 20:00 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 07:17 - 2012-04-26 06:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-14 07:18 - 2013-11-14 07:18 - 00040562 _____ C:\Users\max\Desktop\maxime_siegler_photography.pptx
2013-11-13 09:18 - 2013-07-28 16:23 - 00000000 ____D C:\windows\system32\MRT
2013-11-13 09:18 - 2012-02-18 18:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 09:16 - 2012-02-19 08:05 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-11 05:50 - 2012-02-18 17:19 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-10 22:18 - 2013-11-10 22:18 - 00000000 ____D C:\Users\max\Documents\benefits_max_rachel
2013-11-10 19:19 - 2013-11-10 19:19 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files\iTunes
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files\iPod
2013-11-10 19:18 - 2013-11-10 19:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-10 18:57 - 2012-10-15 19:04 - 00000000 ____D C:\Users\max\AppData\Roaming\PrimoPDF

Some content of TEMP:
====================
C:\Users\max\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 10:22

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2013
Ran by max at 2013-12-04 19:39:51
Running from C:\Users\max\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Extra Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Recommended Settings (x32 Version: 1.0)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Lens Profile Downloader (x32 Version: 1.0)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe Media Player (x32 Version: 1.8)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Photoshop CS3 (x32 Version: 10.0)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AMD Accelerated Video Transcoding (Version: 12.5.100.20704)
AMD APP SDK Runtime (Version: 10.0.937.2)
AMD Catalyst Install Manager (Version: 8.0.877.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.70704.0230)
AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Registration (x32 Version: 2.01.0000)
Autopano Giga (Version: 2.0.6)
avast! Free Antivirus (x32 Version: 9.0.2008)
Best Buy pc app (Version: 3.1.1.0)
Best Buy pc app (x32 Version: 3.1.1.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0704.122.388)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0704.122.388)
Catalyst Control Center InstallProxy (x32 Version: 2012.0704.122.388)
Catalyst Control Center Localization All (x32 Version: 2012.0704.122.388)
CCC Help Chinese Standard (x32 Version: 2012.0704.0121.388)
CCC Help Chinese Traditional (x32 Version: 2012.0704.0121.388)
CCC Help Czech (x32 Version: 2012.0704.0121.388)
CCC Help Danish (x32 Version: 2012.0704.0121.388)
CCC Help Dutch (x32 Version: 2012.0704.0121.388)
CCC Help English (x32 Version: 2012.0704.0121.388)
CCC Help Finnish (x32 Version: 2012.0704.0121.388)
CCC Help French (x32 Version: 2012.0704.0121.388)
CCC Help German (x32 Version: 2012.0704.0121.388)
CCC Help Greek (x32 Version: 2012.0704.0121.388)
CCC Help Hungarian (x32 Version: 2012.0704.0121.388)
CCC Help Italian (x32 Version: 2012.0704.0121.388)
CCC Help Japanese (x32 Version: 2012.0704.0121.388)
CCC Help Korean (x32 Version: 2012.0704.0121.388)
CCC Help Norwegian (x32 Version: 2012.0704.0121.388)
CCC Help Polish (x32 Version: 2012.0704.0121.388)
CCC Help Portuguese (x32 Version: 2012.0704.0121.388)
CCC Help Russian (x32 Version: 2012.0704.0121.388)
CCC Help Spanish (x32 Version: 2012.0704.0121.388)
CCC Help Swedish (x32 Version: 2012.0704.0121.388)
CCC Help Thai (x32 Version: 2012.0704.0121.388)
CCC Help Turkish (x32 Version: 2012.0704.0121.388)
ccc-utility64 (Version: 2012.0704.122.388)
CCleaner (Version: 4.02)
Color Efex Pro 3.0 Complete (x32 Version: 3.0)
CrysAlisPro Setup (version 1.171.36.20) (x32)
CyberLink InstantBurn (x32 Version: 5.0.8602)
CyberLink Media Suite (x32 Version: 8.0.3518)
CyberLink MediaShow (x32 Version: 5.1.2023a)
CyberLink Power2Go (x32 Version: 7.0.0.2719)
CyberLink PowerBackup (x32 Version: 2.5.8720)
CyberLink PowerDirector (x32 Version: 8.0.4905d)
CyberLink PowerDVD 10 (x32 Version: 10.0.5508.52)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.3915a)
D3DX10 (x32 Version: 15.4.2368.0902)
enCIFer (x32 Version: 1.4)
Exif Tag Remover 4.3 (x32)
FanSpeedControl (x32 Version: 1.00.00.13)
foobar2000 v1.2.2 (x32 Version: 1.2.2)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
HitmanPro 3.7 (Version: 3.7.8.208)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.1.3.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lenovo Driver and Application Installation (x32 Version: 5.1.0.1311)
Lenovo Rescue System (Version: 3.0.1409)
Lenovo Rescue System (x32 Version: 3.0.1409)
Lenovo Tinian Fn PS/2 Keyboard Driver (x32 Version: V1.0.11.0321)
LVT (x32 Version: 4.1.2.0919)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mercury (x32 Version: 3.0)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nik Collection (x32 Version: 1.1.0.7)
Nitro Reader 2 (Version: 2.5.0.45)
PDF Settings (x32 Version: 1.0)
PDF Settings CS5 (x32 Version: 10.0)
Platon Taskbar 1.17 (x32 Version: 1.17)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
Quicken 2010 (x32 Version: 19.1.2.22)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0006)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5911)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Rugby Challenge (x32)
Silver Efex Pro (x32 Version: 1.001)
Skype™ 6.11 (x32 Version: 6.11.102)
Spybot - Search & Destroy (x32 Version: 1.6.2)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Security (x32 Version: 1.0.3.3)
WD SmartWare (Version: 1.6.4.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
X64 Debuggers And Tools (Version: 8.59.25584)
ZC DVD Audio Ripper 3.0.1.523 (x32)

==================== Restore Points  =========================

29-11-2013 13:00:46 Windows Update
03-12-2013 12:18:31 Windows Update
03-12-2013 18:52:53 Removed ScorpionSaver
04-12-2013 01:34:59 AA11
04-12-2013 01:52:28 AA11
04-12-2013 01:58:41 Removed ScorpionSaver
04-12-2013 05:32:04 Removed ScorpionSaver
04-12-2013 16:15:02 Removed ScorpionSaver
05-12-2013 00:26:02 Removed ScorpionSaver

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06BA5FB6-6CF6-4A0A-BABF-7758E1C72B04} - \DealPlyLiveUpdateTaskMachineUA No Task File
Task: {0B9AB28F-1B64-47BB-B35F-46182017C421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {122F148D-FC7F-4566-8652-BC31CF2675A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-23] (AVAST Software)
Task: {4C2D084E-2E88-425D-881D-CC8699F61266} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {616DD3F6-7B34-4E42-9568-A8CBC6691D60} - \BonanzaDealsUpdate No Task File
Task: {7CE805BF-64C9-4249-85D8-24629DA115F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-11] (Google Inc.)
Task: {975822BD-0844-43BF-8092-6B1807B010FC} - \BackgroundContainer Startup Task No Task File
Task: {9823F78B-CCE2-41F5-BF66-79C9E998D4A8} - System32\Tasks\AdobeAAMUpdater-1.0-max-PC-max => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {BD5767F7-5300-447A-BAE9-31E654B3C978} - \BonanzaDealsLiveUpdateTaskMachineCore No Task File
Task: {D243F9B8-749C-4005-99A7-7E04A9201F98} - \Dealply No Task File
Task: {F177C2ED-BC5E-4739-AA4A-97589934FA3C} - \DealPlyLiveUpdateTaskMachineCore No Task File
Task: {F4750A8E-4E79-4B5E-8469-8F8A0FDE6B43} - \BonanzaDealsLiveUpdateTaskMachineUA No Task File
Task: {FC33E546-6373-4385-A55C-FB7CE77B8881} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-12-04 19:31 - 2013-12-04 18:22 - 02151424 _____ () C:\Program Files\AVAST Software\Avast\defs\13120402\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-11 18:15 - 2010-10-11 18:15 - 01840424 _____ () C:\Program Files (x86)\CyberLink\Power2Go\Language\ENU\P2GRC.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00144680 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll
2011-10-10 11:58 - 2007-12-31 12:27 - 00007168 _____ () C:\Windows\jmesoft\VistaVolume.dll
2013-01-09 19:50 - 2012-03-28 18:30 - 33744760 _____ () C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\res.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-10-10 11:58 - 2009-07-16 11:20 - 00032768 _____ () C:\Windows\jmesoft\Keyhook.dll
2013-11-23 07:21 - 2013-11-23 07:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-15 16:14 - 2013-11-15 16:14 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 07:26:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1d731
Exception code: 0xc0000005
Fault offset: 0x0008660e
Faulting process id: 0x1320
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3

Error: (12/04/2013 02:55:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: MsiExec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: SHELL32.dll, version: 6.1.7601.18222, time stamp: 0x51f1d731
Exception code: 0xc0000005
Fault offset: 0x0008660e
Faulting process id: 0x1064
Faulting application start time: 0xMsiExec.exe0
Faulting application path: MsiExec.exe1
Faulting module path: MsiExec.exe2
Report Id: MsiExec.exe3


System errors:
=============
Error: (12/04/2013 07:32:19 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (12/04/2013 07:32:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (12/04/2013 07:31:41 PM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error:
%%1053

Error: (12/04/2013 07:31:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

Error: (12/04/2013 06:35:43 PM) (Source: Service Control Manager) (User: )
Description: The WD Backup service depends on the WD Rules service which failed to start because of the following error:
%%1053

Error: (12/04/2013 06:35:40 PM) (Source: Service Control Manager) (User: )
Description: The WD Rules service failed to start due to the following error:
%%1053

Error: (12/04/2013 06:35:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD Rules service to connect.


Microsoft Office Sessions:
=========================
Error: (10/11/2012 07:48:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/11/2012 07:48:20 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 859 seconds with 300 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 8191.18 MB
Available physical RAM: 6096.39 MB
Total Pagefile: 16380.53 MB
Available Pagefile: 14016.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:197.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Backup) (Fixed) (Total:931.51 GB) (Free:66.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F2650EFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AAF82C81)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Link to post
Share on other sites
max001

max001

Posted
  • Author
Posted

MrC.

 

I ran FRST.exe

 

Here is the log file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by max at 2013-12-04 20:39:05 Run:1
Running from C:\Users\max\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\windows\system32\AdpeakProxy64.dll
C:\windows\SysWOW64\AdpeakProxy.dll

*****************

C:\windows\system32\AdpeakProxy64.dll => Moved successfully.
C:\windows\SysWOW64\AdpeakProxy.dll => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
max001

max001

Posted
  • Author
Posted

I ran SystemLook (64 bits):

 

Here is the input:

 

:filefind
*adpeak*
Adpeak.*
*Scorpion*
Scopion.*
:folderfind
*Scorpion*
*adpeak*
:regfind
*Scorpion*
Scorpion
*adpeak*
adpeak

 

and here is the log file:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:45 on 04/12/2013 by max
Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"
C:\FRST\Quarantine\AdpeakProxy.dll    --a---- 338944 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 85FB18C4B0665C24E6BAA502837011A5
C:\FRST\Quarantine\AdpeakProxy64.dll    --a---- 439296 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6

Searching for "Adpeak.*"
No files found.

Searching for "*Scorpion*"
C:\temp\scorpionsaver.exe    --a---- 549520 bytes    [15:47 03/12/2013]    [22:47 03/12/2013] 210184CBA5317C1EEEDCE09649E221AF
C:\temp\ScorpionSaver.msi    --a---- 3182592 bytes    [02:49 23/11/2013]    [19:54 04/12/2013] C0D3EACC48A41057DE0838C09B97A3A7

Searching for "Scopion.*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver    d------    [23:33 04/12/2013]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Scorpion Saver]
[HKEY_USERS\S-1-5-21-57794135-1934675741-632937485-1001\Software\AppDataLow\Software\Scorpion Saver]

Searching for "*adpeak*"
No data found.

Searching for "adpeak"
No data found.

-= EOF =-

What do you think?

Link to post
Share on other sites
max001

max001

Posted
  • Author
Posted

Thanks MrC

 

I ran another SystemLook, and here is the output file:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:17 on 04/12/2013 by max
Administrator - Elevation successful

========== filefind ==========

Searching for "*adpeak*"
C:\FRST\Quarantine\AdpeakProxy.dll    --a---- 338944 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 85FB18C4B0665C24E6BAA502837011A5
C:\FRST\Quarantine\AdpeakProxy64.dll    --a---- 439296 bytes    [02:51 24/11/2013]    [15:18 16/10/2013] 78857BF5996E9BC8E82C1B671CBF85E6

Searching for "Adpeak.*"
No files found.

Searching for "*Scorpion*"
No files found.

Searching for "Scopion.*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver    d------    [23:33 04/12/2013]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "Scorpion"
No data found.

Searching for "*adpeak*"
No data found.

Searching for "adpeak"
No data found.

-= EOF =-

 

It now looks clean. 

 

What would be the next step to make sure that Scorpionsaver is now gone?  

 

Cheers,

 

Max

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.