Jump to content

Recommended Posts

Hello,

 

I've been having multiple problems with my computer security, which all started a month ago.  I noticed that it was running strangely: my McAfee firewall kept resetting to the lowest setting and there were multiple suspicious processes running in my task manager.

 

I was running the firewall with McAfee Anti-Virus in Monitored Access mode but changed it to Stealth so that I would have to decide which programs could access my computer.  About two weeks ago, I noticed that it was changing from Stealth mode to Smart Access mode (the lowest setting) automatically.  I kept changing it back to Stealth and not too long after, every time it would change back to Smart Access.  

 

I downloaded Spybot and ran it.  It found something called "Wajam," so I had it resolve the issue.  

 

A few days later, I contacted McAfee and paid the McAfee Tech Masters to remotely log into my computer to try to resolve these issues.  They didn't find anything.  The problems continued, so the next week I called McAfee Tech Support and again they remotely took control of my computer, and uninstalled and reinstalled the virus software.  But the problems persisted.

 

A few days ago, I found out about Malwarebytes, and downloaded and ran the trial version.  It found one issue - "PUP.Optional.Wajam.A" came up again, so I had the program take action on it.

 

Through this whole process, I had been keeping track of my processes running in Task Manager, and had seen that there were multiple processes running that did not have any information listed other than the "image name": csrss.exe, rundll32.exe, tpnumlkd.exe, virtscrl.exe. and winlogon.exe. I did a search on these processes and their potential to be malicious, and came across this forum.  

 

When I talked with McAfee Tech Masters, I pointed out the mysterious processes that were running in my Task Manager and the tech I was speaking with just said they weren't an issue.  

 

I finally deinstalled McAfee and downloaded the trial version of Avast Internet Security.  I started the Avast's firewall, setting it to private.  Immediately, I noticed that rundll32.exe was trying to connect to the internet.  I blocked access.

 

I would really appreciate any help to rid my computer of these issues.  I use my computer for work, and all of these issues have really hurt my productivity.  Thanks so much in advance!

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Thanks for your help.  Here are the log files:

 

__________________

 

FRST: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Brian (administrator) on BG on 19-03-2014 12:17:03
Running from C:\Users\Brian\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\windows\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Spotify Ltd) C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dropbox, Inc.) C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\windows\system32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358200 2011-01-28] (Acronis)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5111464 2011-01-28] (Acronis)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-18] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{90140000-0011-0000-0000-0000000FF1CE}] - C:\windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [spotify Web Helper] - C:\Users\Brian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-05] (Spotify Ltd)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-09] ()
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-07] (Samsung)
HKU\S-1-5-21-4266057503-3983920057-3671705298-1000\...\MountPoints2: {dc0782c6-103f-11e2-bb98-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Brian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {2F9D3D87-34AE-4F95-8B0B-9FE9D85694AD} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS505
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\0thrw3k5.default
FF SearchEngineOrder.1: Secure Search
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MVT - C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Brian\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Huntsy: Add Job - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\0thrw3k5.default\Extensions\huntsyproduction@huntsy.com.xpi [2013-04-23]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-14]
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-18] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-24] (Nitro PDF Software)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [28184 2014-03-18] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-03-18] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-03-18] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2014-03-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-18] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-03-18] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-03-18] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-03-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-18] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 MFE_RR; \??\C:\Users\Brian\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-19 12:17 - 2014-03-19 12:17 - 00024174 _____ () C:\Users\Brian\Desktop\FRST.txt
2014-03-19 12:11 - 2014-03-19 12:15 - 00026818 _____ () C:\Users\Brian\Desktop\Addition_old.txt
2014-03-19 12:10 - 2014-03-19 12:14 - 00051831 _____ () C:\Users\Brian\Desktop\FRST_old.txt
2014-03-19 12:10 - 2014-03-19 12:14 - 00000000 ____D () C:\FRST
2014-03-19 12:05 - 2014-03-19 12:06 - 04110135 _____ () C:\Users\Brian\Desktop\tdsskiller.zip
2014-03-19 12:05 - 2014-03-19 12:05 - 02157056 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2014-03-19 11:35 - 2014-03-19 11:35 - 00688992 _____ (Swearware) C:\Users\Brian\Downloads\dds.com
2014-03-18 20:18 - 2014-03-18 20:18 - 00002043 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-18 20:18 - 2014-03-18 20:18 - 00001983 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-03-18 20:18 - 2014-03-18 20:18 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\AVAST Software
2014-03-18 20:17 - 2014-03-18 20:18 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-18 20:17 - 2014-03-18 20:17 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00440672 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-03-18 20:17 - 2014-03-18 20:17 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-18 20:17 - 2014-03-18 20:17 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 20:16 - 2014-03-18 20:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 20:15 - 2014-03-18 18:55 - 123721280 _____ (AVAST Software) C:\Users\Brian\Desktop\avast_internet_security_setup(1).exe
2014-03-18 20:02 - 2014-03-18 20:02 - 03218352 _____ (McAfee, Inc.) C:\Users\Brian\Desktop\MCPR(1).exe
2014-03-16 10:05 - 2014-03-16 10:05 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Malwarebytes
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 10:04 - 2014-03-16 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 10:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-15 00:06 - 2014-03-15 01:08 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-03-14 20:30 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 20:30 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 20:30 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 20:30 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 20:30 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 20:30 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 20:30 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 20:30 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 20:30 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 20:30 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 20:30 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 20:30 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 20:30 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 20:30 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 20:30 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 20:30 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 20:30 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 20:30 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 20:30 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 20:30 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 20:30 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 20:30 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 20:30 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 20:30 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 20:30 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 20:30 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 20:30 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 20:30 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 20:30 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 20:30 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 20:30 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 20:30 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 20:30 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 20:30 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 20:30 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 20:30 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 20:30 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 20:30 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 20:30 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 20:30 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 20:30 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 20:30 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 20:30 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 20:30 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 20:29 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 20:29 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 20:29 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-14 20:29 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-10 07:34 - 2014-03-10 07:34 - 00008755 _____ () C:\Users\Brian\Desktop\03_10_14 - Lecturer Univ Maryland College Park.txt
2014-03-07 08:31 - 2014-03-07 08:31 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-07 08:31 - 2014-03-07 08:31 - 00000000 ____D () C:\Users\Brian\AppData\Local\Skype
2014-03-04 20:25 - 2014-03-04 20:29 - 00000000 ____D () C:\Program Files\stinger
2014-03-04 20:14 - 2014-03-04 20:14 - 03218352 _____ (McAfee, Inc.) C:\Users\Brian\Downloads\MCPR.exe
2014-03-04 20:08 - 2014-03-04 20:08 - 00000022 _____ () C:\Users\Brian\Downloads\mctriage.zip
2014-03-04 20:06 - 2014-03-04 20:06 - 00000000 ____D () C:\ProgramData\Citrix
2014-03-04 20:02 - 2014-03-04 20:02 - 00103832 _____ () C:\Users\Brian\GoToAssistDownloadHelper.exe
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ____D () C:\Users\Brian\AppData\Local\Citrix
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-04 18:54 - 2014-03-04 18:54 - 00000000 ____D () C:\Users\Brian\Desktop\Tor Browser
2014-03-04 18:03 - 2014-03-04 19:18 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\gnupg
2014-03-04 18:03 - 2014-03-04 18:03 - 00000000 ____D () C:\ProgramData\GNU
2014-03-04 18:03 - 2014-03-04 18:03 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Ulead Systems
2014-03-04 15:22 - 2014-03-04 16:02 - 00000000 ____D () C:\Users\Brian\Desktop\Burn Folder
2014-03-02 23:22 - 2014-03-02 23:22 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\McAfee
2014-03-02 23:21 - 2014-03-02 23:21 - 00541592 _____ (McAfee, Inc.) C:\Users\Brian\Downloads\MVTInstaller.exe
2014-03-02 22:56 - 2009-06-10 17:00 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140302-215644.backup
2014-03-02 22:31 - 2014-03-04 20:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-02 22:31 - 2014-03-04 20:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-02 16:05 - 2014-03-02 16:05 - 00007607 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2014-02-28 19:57 - 2014-02-28 19:57 - 00000000 ____D () C:\!KillBox
2014-02-28 19:33 - 2014-03-01 07:58 - 00000000 ____D () C:\Users\Brian\AppData\Local\LogMeIn Rescue Applet
2014-02-28 19:33 - 2014-02-28 19:33 - 01282400 _____ (LogMeIn, Inc.) C:\Users\Brian\Downloads\Support-LogMeInRescue.exe
2014-02-28 19:07 - 2014-02-28 19:07 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\TechCheck
2014-02-28 19:07 - 2000-05-22 02:00 - 00244416 _____ (Microsoft Corporation) C:\windows\SysWOW64\Msflxgrd.ocx
2014-02-28 19:07 - 2000-05-22 02:00 - 00203976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RICHTX32.OCX
2014-02-28 19:06 - 2014-02-28 19:06 - 03992792 _____ () C:\Users\Brian\Downloads\McAfee_TechCheck.exe
2014-02-27 04:03 - 2014-02-28 04:01 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-25 22:12 - 2014-03-04 20:44 - 00004948 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BG-Brian BG
2014-02-24 15:41 - 2013-12-20 02:35 - 00105472 _____ () C:\Users\Brian\Desktop\COMM 1000 - Public Speaking - Roster and Grading, Section 4.xls
2014-02-19 16:13 - 2014-02-19 16:13 - 09901416 _____ () C:\Users\Brian\Downloads\saSetup.exe
2014-02-17 15:43 - 2014-02-17 15:43 - 00000000 ___HD () C:\Users\Public\Documents\CrashDump
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ___HD () C:\Users\Public\Documents\NativeFus_Log
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Samsung
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\Samsung
2014-02-17 15:35 - 2014-02-17 15:35 - 00000000 ____D () C:\Users\Brian\Documents\samsung
2014-02-17 15:23 - 2014-02-07 17:33 - 04659712 _____ (Dmitry Streblechenko) C:\windows\SysWOW64\Redemption.dll
2014-02-17 15:23 - 2014-01-23 19:31 - 00821824 _____ (Devguru Co., Ltd.) C:\windows\SysWOW64\dgderapi.dll
2014-02-17 15:22 - 2014-02-17 15:27 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-17 15:21 - 2014-02-17 15:27 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-17 15:20 - 2014-02-17 15:20 - 00000000 ____D () C:\Users\Brian\AppData\Local\Downloaded Installations
2014-02-17 15:19 - 2014-02-17 15:20 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Brian\Downloads\KiesSetup.exe
 
==================== One Month Modified Files and Folders =======
 
2014-03-19 12:17 - 2014-03-19 12:17 - 00024174 _____ () C:\Users\Brian\Desktop\FRST.txt
2014-03-19 12:15 - 2014-03-19 12:11 - 00026818 _____ () C:\Users\Brian\Desktop\Addition_old.txt
2014-03-19 12:14 - 2014-03-19 12:10 - 00051831 _____ () C:\Users\Brian\Desktop\FRST_old.txt
2014-03-19 12:14 - 2014-03-19 12:10 - 00000000 ____D () C:\FRST
2014-03-19 12:06 - 2014-03-19 12:05 - 04110135 _____ () C:\Users\Brian\Desktop\tdsskiller.zip
2014-03-19 12:05 - 2014-03-19 12:05 - 02157056 _____ (Farbar) C:\Users\Brian\Desktop\FRST64.exe
2014-03-19 11:35 - 2014-03-19 11:35 - 00688992 _____ (Swearware) C:\Users\Brian\Downloads\dds.com
2014-03-19 11:34 - 2014-02-05 09:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 10:56 - 2012-10-07 01:33 - 02004671 _____ () C:\windows\WindowsUpdate.log
2014-03-19 09:05 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-19 09:05 - 2009-07-14 00:45 - 00031472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 09:05 - 2009-07-14 00:45 - 00031472 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 09:02 - 2012-10-14 00:27 - 00000000 ___RD () C:\Users\Brian\Desktop\Dropbox
2014-03-19 09:02 - 2012-10-14 00:25 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Dropbox
2014-03-19 09:01 - 2012-10-12 17:39 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Nitro PDF
2014-03-19 08:58 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-19 08:58 - 2009-07-14 00:51 - 00090971 _____ () C:\windows\setupact.log
2014-03-18 20:20 - 2010-11-20 23:47 - 00903040 _____ () C:\windows\PFRO.log
2014-03-18 20:18 - 2014-03-18 20:18 - 00002043 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-18 20:18 - 2014-03-18 20:18 - 00001983 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-03-18 20:18 - 2014-03-18 20:18 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\AVAST Software
2014-03-18 20:18 - 2014-03-18 20:17 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-18 20:17 - 2014-03-18 20:17 - 01038072 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00440672 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00421704 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00334136 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-03-18 20:17 - 2014-03-18 20:17 - 00207904 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00092544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00080184 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00078648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-03-18 20:17 - 2014-03-18 20:17 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-03-18 20:17 - 2014-03-18 20:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-18 20:16 - 2014-03-18 20:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-18 20:06 - 2010-11-20 22:50 - 00000000 ____D () C:\Users\Administrator
2014-03-18 20:02 - 2014-03-18 20:02 - 03218352 _____ (McAfee, Inc.) C:\Users\Brian\Desktop\MCPR(1).exe
2014-03-18 18:55 - 2014-03-18 20:15 - 123721280 _____ (AVAST Software) C:\Users\Brian\Desktop\avast_internet_security_setup(1).exe
2014-03-16 10:05 - 2014-03-16 10:05 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Malwarebytes
2014-03-16 10:05 - 2014-03-16 10:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-16 10:05 - 2014-03-16 10:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 09:30 - 2012-10-15 09:44 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 09:30 - 2012-10-15 09:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 09:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-15 09:00 - 2012-10-17 08:43 - 00000000 ____D () C:\ldiag
2014-03-15 01:08 - 2014-03-15 00:06 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-03-14 21:03 - 2009-07-14 00:45 - 02397176 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-14 21:02 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 21:02 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 20:59 - 2013-07-15 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-03-14 20:58 - 2012-10-14 12:40 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-10 07:34 - 2014-03-10 07:34 - 00008755 _____ () C:\Users\Brian\Desktop\03_10_14 - Lecturer Univ Maryland College Park.txt
2014-03-07 08:38 - 2013-07-11 17:41 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Skype
2014-03-07 08:31 - 2014-03-07 08:31 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-07 08:31 - 2014-03-07 08:31 - 00000000 ____D () C:\Users\Brian\AppData\Local\Skype
2014-03-07 08:31 - 2013-07-11 17:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 08:31 - 2013-07-11 17:40 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 20:44 - 2014-02-25 22:12 - 00004948 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BG-Brian BG
2014-03-04 20:32 - 2014-03-02 22:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-04 20:32 - 2014-03-02 22:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-04 20:29 - 2014-03-04 20:25 - 00000000 ____D () C:\Program Files\stinger
2014-03-04 20:14 - 2014-03-04 20:14 - 03218352 _____ (McAfee, Inc.) C:\Users\Brian\Downloads\MCPR.exe
2014-03-04 20:08 - 2014-03-04 20:08 - 00000022 _____ () C:\Users\Brian\Downloads\mctriage.zip
2014-03-04 20:06 - 2014-03-04 20:06 - 00000000 ____D () C:\ProgramData\Citrix
2014-03-04 20:02 - 2014-03-04 20:02 - 00103832 _____ () C:\Users\Brian\GoToAssistDownloadHelper.exe
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ____D () C:\Users\Brian\AppData\Local\Citrix
2014-03-04 20:02 - 2014-03-04 20:02 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-04 20:02 - 2012-10-12 05:29 - 00000000 ____D () C:\Users\Brian
2014-03-04 19:18 - 2014-03-04 18:03 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\gnupg
2014-03-04 18:54 - 2014-03-04 18:54 - 00000000 ____D () C:\Users\Brian\Desktop\Tor Browser
2014-03-04 18:03 - 2014-03-04 18:03 - 00000000 ____D () C:\ProgramData\GNU
2014-03-04 18:03 - 2014-03-04 18:03 - 00000000 ____D () C:\Program Files (x86)\GNU
2014-03-04 16:03 - 2014-03-04 16:03 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Ulead Systems
2014-03-04 16:02 - 2014-03-04 15:22 - 00000000 ____D () C:\Users\Brian\Desktop\Burn Folder
2014-03-02 23:22 - 2014-03-02 23:22 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\McAfee
2014-03-02 23:21 - 2014-03-02 23:21 - 00541592 _____ (McAfee, Inc.) C:\Users\Brian\Downloads\MVTInstaller.exe
2014-03-02 22:52 - 2013-03-11 12:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-02 16:05 - 2014-03-02 16:05 - 00007607 _____ () C:\Users\Brian\AppData\Local\Resmon.ResmonCfg
2014-03-01 07:58 - 2014-02-28 19:33 - 00000000 ____D () C:\Users\Brian\AppData\Local\LogMeIn Rescue Applet
2014-03-01 02:05 - 2014-03-14 20:30 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 01:17 - 2014-03-14 20:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 01:16 - 2014-03-14 20:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 00:58 - 2014-03-14 20:30 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 00:52 - 2014-03-14 20:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 00:51 - 2014-03-14 20:30 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 00:42 - 2014-03-14 20:30 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 00:40 - 2014-03-14 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 00:37 - 2014-03-14 20:30 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 00:33 - 2014-03-14 20:30 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 00:33 - 2014-03-14 20:30 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 00:32 - 2014-03-14 20:30 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 00:30 - 2014-03-14 20:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 00:23 - 2014-03-14 20:30 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 00:17 - 2014-03-14 20:30 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 00:11 - 2014-03-14 20:30 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 00:02 - 2014-03-14 20:30 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-28 23:54 - 2014-03-14 20:30 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-28 23:52 - 2014-03-14 20:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-28 23:51 - 2014-03-14 20:30 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-28 23:47 - 2014-03-14 20:30 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-28 23:43 - 2014-03-14 20:30 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-28 23:43 - 2014-03-14 20:30 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-28 23:42 - 2014-03-14 20:30 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-28 23:40 - 2014-03-14 20:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-28 23:38 - 2014-03-14 20:30 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-28 23:37 - 2014-03-14 20:30 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-28 23:35 - 2014-03-14 20:30 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-28 23:18 - 2014-03-14 20:30 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-28 23:16 - 2014-03-14 20:30 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-28 23:14 - 2014-03-14 20:30 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-28 23:10 - 2014-03-14 20:30 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-28 23:03 - 2014-03-14 20:30 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-28 23:00 - 2014-03-14 20:30 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-28 22:57 - 2014-03-14 20:30 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-28 22:38 - 2014-03-14 20:30 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-28 22:32 - 2014-03-14 20:30 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-28 22:27 - 2014-03-14 20:30 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-28 22:25 - 2014-03-14 20:30 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-28 22:25 - 2014-03-14 20:30 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-28 19:57 - 2014-02-28 19:57 - 00000000 ____D () C:\!KillBox
2014-02-28 19:33 - 2014-02-28 19:33 - 01282400 _____ (LogMeIn, Inc.) C:\Users\Brian\Downloads\Support-LogMeInRescue.exe
2014-02-28 19:07 - 2014-02-28 19:07 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\TechCheck
2014-02-28 19:06 - 2014-02-28 19:06 - 03992792 _____ () C:\Users\Brian\Downloads\McAfee_TechCheck.exe
2014-02-28 04:01 - 2014-02-27 04:03 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-02-20 08:33 - 2012-10-13 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 16:13 - 2014-02-19 16:13 - 09901416 _____ () C:\Users\Brian\Downloads\saSetup.exe
2014-02-17 15:43 - 2014-02-17 15:43 - 00000000 ___HD () C:\Users\Public\Documents\CrashDump
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ___HD () C:\Users\Public\Documents\NativeFus_Log
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Brian\AppData\Roaming\Samsung
2014-02-17 15:36 - 2014-02-17 15:36 - 00000000 ____D () C:\Users\Brian\AppData\Local\Samsung
2014-02-17 15:35 - 2014-02-17 15:35 - 00000000 ____D () C:\Users\Brian\Documents\samsung
2014-02-17 15:27 - 2014-02-17 15:22 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-02-17 15:27 - 2014-02-17 15:21 - 00000000 ____D () C:\ProgramData\Samsung
2014-02-17 15:22 - 2012-10-07 01:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 15:20 - 2014-02-17 15:20 - 00000000 ____D () C:\Users\Brian\AppData\Local\Downloaded Installations
2014-02-17 15:20 - 2014-02-17 15:19 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Brian\Downloads\KiesSetup.exe
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 14:12
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Brian at 2014-03-19 12:17:29

Running from C:\Users\Brian\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

5600 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis)

Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)

Adobe Acrobat 8 Professional (x32 Version: 8.1.0 - Adobe Systems) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Creative Suite 3 Design Premium (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Dreamweaver CS3 (x32 Version: 9 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Extension Manager CS3 (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Adobe InDesign CS3 Icon Handler (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe MotionPicture Color Files (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe SING CS3 (x32 Version: 0.1 - Adobe Systems Incorporated) Hidden

Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden

Adobe WAS CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden

AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)

Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brownstone Equation Editor 5 (HKLM-x32\...\BREE5) (Version: 5.2 - Design Science, Inc.)

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden

Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version:  - )

CanoScan LiDE 700F Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9601) (Version:  - )

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden

Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)

Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden

Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)

Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.)

Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden

Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden

Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.11 - Dolby Laboratories Inc)

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

EndNote X6 (HKLM-x32\...\{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}) (Version: 16.0.1.6599 - Thomson Reuters)

Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden

GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)

HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)

HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)

HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)

HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)

HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden

HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)

Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)

iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)

James Madison University (HKLM-x32\...\{3D703549-1E9B-40EA-8A6C-ACDE1EADEE89}) (Version: 3.0.0 - Antech Systems, Inc.)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )

Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )

Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)

Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited)

Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)

Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)

Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)

Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

Mozilla Thunderbird 24.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 en-US)) (Version: 24.3.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden

Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden

Nitro Pro 7 (HKLM\...\{8E0790DA-185E-4DC1-8A88-750B2A6218FD}) (Version: 7.4.1.4 - Nitro PDF Software)

OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Plus Pack for Acronis True Image Home 2010 (HKLM-x32\...\{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}) (Version: 13.0.7160 - Acronis)

Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )

RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)

RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6617 - Realtek Semiconductor Corp.)

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )

ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )

RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)

Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden

SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)

Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden

SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)

ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - )

ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - REALTEK Semiconductor Corp.)

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo)

ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo)

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden

UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

Wimba Diploma 6 (HKLM-x32\...\Wimba Diploma 6) (Version: 6.72.0143 - Wimba)

Wimba Diploma 6 (x32 Version: 6.72.0143 - Wimba) Hidden

Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)

Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)

Windows Driver Package - Intel System  (03/10/2011 9.2.0.1026) (HKLM\...\9BC1D406C7F459937934ABBF1D718304962F15C8) (Version: 03/10/2011 9.2.0.1026 - Intel)

Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)

Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)

Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)

Windows Driver Package - Synaptics (SynTP) Mouse  (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

 

==================== Restore Points  =========================

 

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2014-03-02 22:56 - 00450712 ____N C:\windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {16A642ED-3112-48A9-B00B-710911471033} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)

Task: {2C5FBF34-3F61-405A-BCFD-932C1EAAD553} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()

Task: {3F6AB3EC-7E91-4F10-9420-9C549F0A4DA4} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for BG.Brian => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)

Task: {41737A97-48C9-4030-9719-CED1F6808D79} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-01-28] (Microsoft Corporation)

Task: {4E6B4D59-F7D8-4387-899D-037102460BE2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {51B4253C-0761-4133-97A8-E13A9AC5A320} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {69F257CB-1CE8-4E8D-9FA3-DB1C91733BEF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)

Task: {6DA569D0-A970-45C3-8DBF-2DDDEB68D537} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-18] (AVAST Software)

Task: {7A58F953-3536-4B13-AB78-9D857729447F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()

Task: {834DCFC6-0E71-4C06-A0DF-FE6762AB7DAC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BG-Brian BG => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-28] (Microsoft Corporation)

Task: {8921BA15-FC99-4181-85E4-4280DAF00CCB} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)

Task: {BA6DC7D7-8497-4510-8235-764B29B76661} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-01-28] (Microsoft Corporation)

Task: {CBE9B8F1-0D61-47A1-AB33-638CD38FEB98} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {D2477649-C242-4357-AE0D-59F967B4735F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {E92618A1-2D68-4485-8791-868EED4E8559} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)

Task: {EECF9A0D-5680-43C7-90E0-45B4758D1CA9} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

Task: {F5C6F0E9-ADA3-40A4-9BF7-B2C16F489A93} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)

 

==================== Loaded Modules (whitelisted) =============

 

2014-01-28 11:29 - 2014-01-28 11:29 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-10-07 01:36 - 2012-03-19 02:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-01-28 11:23 - 2013-10-31 10:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll

2014-01-28 11:23 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll

2014-01-28 11:23 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll

2012-10-07 01:39 - 2012-05-15 17:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL

2014-03-18 20:27 - 2014-03-18 16:10 - 02188800 _____ () C:\Program Files\AVAST Software\Avast\defs\14031802\algo.dll

2014-03-19 11:13 - 2014-03-19 10:18 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14031901\algo.dll

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-10-07 01:45 - 2012-01-17 02:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll

2013-10-18 19:55 - 2013-10-18 19:55 - 25100288 _____ () C:\Users\Brian\AppData\Roaming\Dropbox\bin\libcef.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2012-10-07 01:49 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2011-01-28 19:23 - 2011-01-28 19:23 - 00279904 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll

2011-01-28 18:03 - 2011-01-28 18:03 - 00019808 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll

2011-01-28 18:04 - 2011-01-28 18:04 - 00028512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll

2014-03-18 20:17 - 2014-03-18 20:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-01-28 11:24 - 2014-01-28 11:29 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2012-10-07 01:34 - 2012-02-20 23:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-02-15 12:15 - 2014-02-15 12:15 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-03-18 20:17 - 2014-03-18 20:17 - 00753840 _____ () C:\Program Files\AVAST Software\Avast\sfzone\libglesv2.dll

2014-03-18 20:17 - 2014-03-18 20:17 - 00139448 _____ () C:\Program Files\AVAST Software\Avast\sfzone\libegl.dll

2014-03-18 20:17 - 2014-03-18 20:17 - 04052944 _____ () C:\Program Files\AVAST Software\Avast\sfzone\pdf.dll

2014-03-18 20:17 - 2014-03-18 20:17 - 00985072 _____ () C:\Program Files\AVAST Software\Avast\sfzone\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Windows:nlsPreferences

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet Pro 8600

Description: Officejet Pro 8600

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/19/2014 00:15:42 PM) (Source: Application Hang) (User: )

Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1048

 

Start Time: 01cf438db9dbf310

 

Termination Time: 3

 

Application Path: C:\Users\Brian\Downloads\FRST64.exe

 

Report Id:

 

Error: (03/19/2014 00:02:24 PM) (Source: Application Error) (User: )

Description: Faulting application name: consent.exe, version: 6.1.7601.18103, time stamp: 0x512d820f

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000007ff7d6803a4

Faulting process id: 0x24fc

Faulting application start time: 0xconsent.exe0

Faulting application path: consent.exe1

Faulting module path: consent.exe2

Report Id: consent.exe3

 

Error: (03/19/2014 11:32:41 AM) (Source: Application Error) (User: )

Description: Faulting application name: consent.exe, version: 6.1.7601.18103, time stamp: 0x512d820f

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000007ff7d6803a4

Faulting process id: 0x1170

Faulting application start time: 0xconsent.exe0

Faulting application path: consent.exe1

Faulting module path: consent.exe2

Report Id: consent.exe3

 

Error: (03/19/2014 09:05:22 AM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

 

Error: (03/19/2014 08:59:13 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:21:52 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:17:57 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\windows\system32\DrvInst.exe "4" "0" "C:\Users\Brian\AppData\Local\Temp\{474e1bc5-3f56-2014-f0be-ba31e9b0de46}\aswNdisFlt.inf" "9" "5280e9107" "0000000000000608" "WinSta0\Default" "0000000000000680" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf\x64"; Description = Device Driver Package Install: Avast Network Service; Error = 0x80070422).

 

Error: (03/18/2014 08:17:13 PM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Users\Brian\AppData\Local\Temp\_av_iup.tm~a00604\instup.exe /sfx /sfxstorage:"C:\Users\Brian\AppData\Local\Temp\_av_iup.tm~a00604" /edition:3 /prod:ais ; Description = avast! antivirus system restore point; Error = 0x80070422).

 

Error: (03/18/2014 08:14:57 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:10:50 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (03/19/2014 08:59:22 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/19/2014 08:58:07 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

 

Error: (03/18/2014 08:21:53 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/18/2014 08:20:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

 

Error: (03/18/2014 08:15:16 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/18/2014 08:14:57 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (03/18/2014 08:14:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

 

Error: (03/18/2014 08:11:12 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (03/18/2014 08:10:55 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (03/18/2014 08:10:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

 

Module Path: C:\windows\system32\Rtlihvs.dll

Error Code: 126

 

 

Microsoft Office Sessions:

=========================

Error: (03/19/2014 00:15:42 PM) (Source: Application Hang)(User: )

Description: FRST64.exe3.3.10.2104801cf438db9dbf3103C:\Users\Brian\Downloads\FRST64.exe

 

Error: (03/19/2014 00:02:24 PM) (Source: Application Error)(User: )

Description: consent.exe6.1.7601.18103512d820funknown0.0.0.000000000c0000005000007ff7d6803a424fc01cf438c9d89589bC:\windows\system32\consent.exeunknowndbf3798b-af7f-11e3-97d2-0021ccced911

 

Error: (03/19/2014 11:32:41 AM) (Source: Application Error)(User: )

Description: consent.exe6.1.7601.18103512d820funknown0.0.0.000000000c0000005000007ff7d6803a4117001cf438875e465c8C:\windows\system32\consent.exeunknownb4ef35e2-af7b-11e3-97d2-0021ccced911

 

Error: (03/19/2014 09:05:22 AM) (Source: System Restore)(User: )

Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

 

Error: (03/19/2014 08:59:13 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:21:52 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:17:57 PM) (Source: System Restore)(User: )

Description: C:\windows\system32\DrvInst.exe "4" "0" "C:\Users\Brian\AppData\Local\Temp\{474e1bc5-3f56-2014-f0be-ba31e9b0de46}\aswNdisFlt.inf" "9" "5280e9107" "0000000000000608" "WinSta0\Default" "0000000000000680" "208" "C:\Program Files\AVAST Software\Avast\setup\Inf\x64"Device Driver Package Install: Avast Network Service0x80070422

 

Error: (03/18/2014 08:17:13 PM) (Source: System Restore)(User: )

Description: C:\Users\Brian\AppData\Local\Temp\_av_iup.tm~a00604\instup.exe /sfx /sfxstorage:"C:\Users\Brian\AppData\Local\Temp\_av_iup.tm~a00604" /edition:3 /prod:ais avast! antivirus system restore point0x80070422

 

Error: (03/18/2014 08:14:57 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (03/18/2014 08:10:50 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-03-18 09:44:30.012

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-18 09:39:54.031

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-18 09:39:00.776

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-18 09:38:16.027

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-18 09:37:24.998

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-03-18 09:36:53.537

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-15 16:31:16.968

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-15 16:31:16.825

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-15 16:31:15.816

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-15 15:58:57.368

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 67%

Total physical RAM: 3937.41 MB

Available physical RAM: 1278.88 MB

Total Pagefile: 7873.01 MB

Available Pagefile: 4350.29 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (Windows7_OS) (Fixed) (Total:451.87 GB) (Free:293.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.73 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 017F2DB4)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

No malware to see.

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).
 
 
 
Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.



A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites

Hello,
 
Here are the results from the two scans:
 
________________________________
 
sfc /scannow:
 
Windows Resource Protection did not find any integrity violations
 
________________________________
 
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/21/2014 10:43:53 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      BG
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows7_OS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  405248 file records processed.                                         File verification completed.
  919 large file records processed.                                     0 bad file records processed.                                       0 EA records processed.                                             44 reparse records processed.                                      CHKDSK is verifying indexes (stage 2 of 5)...
  498116 index entries processed.                                        Index verification completed.
  0 unindexed files scanned.                                          0 unindexed files recovered.                                      CHKDSK is verifying security descriptors (stage 3 of 5)...
  405248 file SDs/SIDs processed.                                        Cleaning up 637 unused index entries from index $SII of file 0x9.
Cleaning up 637 unused index entries from index $SDH of file 0x9.
Cleaning up 637 unused security descriptors.
Security descriptor verification completed.
  46435 data files processed.                                           CHKDSK is verifying Usn Journal...
  34188728 USN bytes processed.                                            Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  405232 files processed.                                                File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  77514757 free clusters processed.                                        Free space verification is complete.
Windows has checked the file system and found no problems.
 
 473816060 KB total disk space.
 163065972 KB in 283375 files.
    170224 KB in 46436 indexes.
         0 KB in bad sectors.
    520836 KB in use by the system.
     65536 KB occupied by the log file.
 310059028 KB available on disk.
 
      4096 bytes in each allocation unit.
 118454015 total allocation units on disk.
  77514757 allocation units available on disk.
 
Internal Info:
00 2f 06 00 5d 08 05 00 f4 10 09 00 00 00 00 00  ./..]...........
33 3b 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  3;..,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-03-21T14:43:53.000000000Z" />
    <EventRecordID>64462</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>BG</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
Volume label is Windows7_OS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
 
CHKDSK is verifying files (stage 1 of 5)...
  405248 file records processed.                                         File verification completed.
  919 large file records processed.                                     0 bad file records processed.                                       0 EA records processed.                                             44 reparse records processed.                                      CHKDSK is verifying indexes (stage 2 of 5)...
  498116 index entries processed.                                        Index verification completed.
  0 unindexed files scanned.                                          0 unindexed files recovered.                                      CHKDSK is verifying security descriptors (stage 3 of 5)...
  405248 file SDs/SIDs processed.                                        Cleaning up 637 unused index entries from index $SII of file 0x9.
Cleaning up 637 unused index entries from index $SDH of file 0x9.
Cleaning up 637 unused security descriptors.
Security descriptor verification completed.
  46435 data files processed.                                           CHKDSK is verifying Usn Journal...
  34188728 USN bytes processed.                                            Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  405232 files processed.                                                File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  77514757 free clusters processed.                                        Free space verification is complete.
Windows has checked the file system and found no problems.
 
 473816060 KB total disk space.
 163065972 KB in 283375 files.
    170224 KB in 46436 indexes.
         0 KB in bad sectors.
    520836 KB in use by the system.
     65536 KB occupied by the log file.
 310059028 KB available on disk.
 
      4096 bytes in each allocation unit.
 118454015 total allocation units on disk.
  77514757 allocation units available on disk.
 
Internal Info:
00 2f 06 00 5d 08 05 00 f4 10 09 00 00 00 00 00  ./..]...........
33 3b 00 00 2c 00 00 00 00 00 00 00 00 00 00 00  3;..,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.