Jump to content

Webhp Google Redirect


Recommended Posts

Dear wonderful expert helpers,

 

I've suspect I have a rootkit infection that is redirecting links to google.com to google.com/webhp instead. This occurs in all 4 browsers (IE, Chrome, Firefox, Opera). I also think it is creating pop-ups.

 

I tried scanning with MalwareBytes Free and Microsoft Security Essentials (with latest definitions on both)—no hits. I also ran CCleaner, adwcleaner and aswMBR but no hits again (CCleaner cleaned some standard junk like Temp Internet Files). I have the aswMBR log but I closed adwcleaner before I realized it does not automatically make a log.

 

I suspect this came from MP3 Skype Recorder (you'll see the program in my logs below), despite being careful to make sure it wasn't installing some 3rd party garbage.

 

The requested FRST64 logs are below. I added the aswMBR log just in case it is useful. I put headers FRST.txt, Addition.txt, and aswMBR.txt to help you Ctrl+F to each quickly.

 

Thank you for your help.

 

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014

Ran by Ro (administrator) on WAYNETECH on 29-04-2014 19:23:54

Running from C:\Users\Ro\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Flux Software LLC) C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe

(Spotify Ltd) C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\system32\taskmgr.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\system32\wbengine.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6900024 2012-07-23] (Logitech Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)

HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [F.lux] => C:\Users\Ro\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)

HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\Run: [spotify Web Helper] => C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-06-13] (Spotify Ltd)

HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {5f305cce-0ee6-11e2-96fe-90e6ba104d07} - E:\setup.exe

HKU\S-1-5-21-69526344-1342381157-3629351510-1001\...\MountPoints2: {7e36c833-761c-11e3-ba49-90e6ba104d07} - F:\LG_PC_Programs.exe

Startup: C:\Users\Rack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Ro\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

Startup: C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop_List_View_Win7_x64.exe ()

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.evidera.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDF48039BEE3CCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46

 

FireFox:

========

FF ProfilePath: C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

FF Extension: LastPass - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\support@lastpass.com [2014-03-21]

FF Extension: Facebook Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\facebook@disconnect.me.xpi [2014-04-13]

FF Extension: Google Disconnect - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\google@disconnect.me.xpi [2014-04-13]

FF Extension: Remove Cookies for Site - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-23]

FF Extension: Download Status Bar - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-13]

FF Extension: Adblock Plus - C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-24]

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File

CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll No File

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-28]

CHR Extension: (Google Drive) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-28]

CHR Extension: (YouTube) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-28]

CHR Extension: (Adblock Plus) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-28]

CHR Extension: (Google Search) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-28]

CHR Extension: (Facebook Disconnect) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-06-28]

CHR Extension: (AdBlock) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-28]

CHR Extension: (JavaScript Popup Blocker) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-06-28]

CHR Extension: (Google Wallet) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Gmail) - C:\Users\Ro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-28]

 

==================== Services (Whitelisted) =================

 

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66328 2012-02-07] (Logitech Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-10-05] ()

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-04-29 19:23 - 2014-04-29 19:24 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt

2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST

2014-04-29 19:22 - 2014-04-29 19:23 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe

2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt

2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat

2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe

2014-04-29 18:40 - 2014-04-29 18:57 - 00000000 ____D () C:\AdwCleaner

2014-04-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe

2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk

2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk

2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html

2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software

2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software

2014-04-24 19:39 - 2014-04-25 20:00 - 00000000 ____D () C:\Program Files (x86)\Opera

2014-04-22 12:05 - 2014-04-22 12:06 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx

2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm

2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm

2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe

2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm

2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk

2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk

2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk

2014-04-13 15:35 - 2013-08-20 22:23 - 00001159 _____ () C:\Users\Guest\Desktop\Mozilla Firefox.lnk

2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation

2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA

2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder

2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder

2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi

2014-04-04 14:31 - 2014-04-04 14:35 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx

2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx

2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn

2014-04-03 10:55 - 2014-04-03 11:04 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx

2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv

2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls

2014-04-02 20:33 - 2014-04-03 18:59 - 00000000 ____D () C:\Program Files (x86)\ASUS

2014-04-02 20:33 - 2009-05-14 09:26 - 00015416 _____ () C:\Windows\system32\Drivers\ASACPI.sys

2014-04-02 20:33 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys

2014-04-02 20:33 - 2006-01-10 16:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll

2014-04-02 20:33 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll

2014-04-02 20:33 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL

2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip

2014-04-02 20:27 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-02 20:27 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx

2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm

2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics

2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm

2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics

 

==================== One Month Modified Files and Folders =======

 

2014-04-29 19:24 - 2014-04-29 19:23 - 00012943 _____ () C:\Users\Ro\Downloads\FRST.txt

2014-04-29 19:23 - 2014-04-29 19:23 - 00000000 ____D () C:\FRST

2014-04-29 19:23 - 2014-04-29 19:22 - 02061824 _____ (Farbar) C:\Users\Ro\Downloads\FRST64.exe

2014-04-29 19:21 - 2012-09-18 21:59 - 01056408 _____ () C:\Windows\WindowsUpdate.log

2014-04-29 19:19 - 2012-09-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-04-29 19:19 - 2012-09-19 01:53 - 00000000 ____D () C:\Windows\Panther

2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-29 19:05 - 2009-07-14 00:45 - 00015344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-29 19:02 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-29 19:01 - 2012-10-15 23:26 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-29 18:58 - 2013-09-15 14:24 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-04-29 18:58 - 2012-10-15 23:26 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-29 18:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-29 18:57 - 2014-04-29 18:40 - 00000000 ____D () C:\AdwCleaner

2014-04-29 18:56 - 2014-04-29 18:56 - 00002079 _____ () C:\Users\Ro\Documents\aswMBR.txt

2014-04-29 18:56 - 2014-04-29 18:56 - 00000512 _____ () C:\Users\Ro\Documents\MBR.dat

2014-04-29 18:44 - 2014-04-29 18:44 - 04745728 _____ (AVAST Software) C:\Users\Ro\Downloads\aswmbr.exe

2014-04-29 18:39 - 2014-04-29 18:39 - 01310621 _____ () C:\Users\Ro\Downloads\adwcleaner.exe

2014-04-28 12:20 - 2014-04-28 12:20 - 00002295 _____ () C:\Users\Ro\Desktop\FFXIV.lnk

2014-04-28 12:12 - 2012-09-20 21:12 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\vlc

2014-04-26 15:12 - 2012-11-26 12:51 - 00000000 ____D () C:\Users\Ro\AppData\Local\Black_Tree_Gaming

2014-04-26 15:12 - 2012-09-19 18:00 - 00000000 ____D () C:\Games

2014-04-26 15:11 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-04-26 09:35 - 2012-11-26 11:55 - 00000000 ____D () C:\Users\Ro\AppData\Local\Skyrim

2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk

2014-04-25 20:00 - 2014-04-25 20:00 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Opera Software

2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Users\Ro\AppData\Local\Opera Software

2014-04-25 20:00 - 2014-04-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Opera

2014-04-25 19:38 - 2014-02-10 15:43 - 00000000 ____D () C:\Users\Ro\AppData\Local\Paint.NET

2014-04-25 19:27 - 2013-01-20 19:54 - 00000000 ____D () C:\Users\Ro\Desktop\ZOMGPLZ

2014-04-25 07:42 - 2009-07-14 01:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-04-24 20:17 - 2012-09-18 21:59 - 00001413 _____ () C:\Users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-04-24 20:02 - 2014-04-24 20:02 - 00040304 _____ () C:\Users\Ro\Desktop\bookmarks.html

2014-04-24 19:38 - 2012-11-21 14:41 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\Skype

2014-04-24 19:33 - 2014-01-12 19:58 - 00000000 ____D () C:\Users\Ro\AppData\Local\Unity

2014-04-24 19:33 - 2012-10-28 15:52 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins

2014-04-24 08:39 - 2013-10-13 23:06 - 00119296 _____ () C:\Windows\SysWOW64\zlib.dll

2014-04-23 08:47 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro

2014-04-22 12:06 - 2014-04-22 12:05 - 00066569 _____ () C:\Users\Ro\Downloads\ADVANCE Trial design.pptx

2014-04-21 17:35 - 2014-04-21 17:35 - 00788841 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-8-1_ios.xlsm

2014-04-21 17:30 - 2014-04-21 17:30 - 00739548 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-0 - JG_ios.xlsm

2014-04-20 15:13 - 2014-04-20 15:13 - 34718824 _____ (Opera Software ASA) C:\Users\Ro\Downloads\Opera_20.0.1387.91_Setup.exe

2014-04-20 12:31 - 2014-04-20 12:31 - 00731168 _____ () C:\Users\Ro\Downloads\A-13966 Epanova BIM 20Feb2014 v0-7-2_JG.xlsm

2014-04-18 11:15 - 2012-11-04 17:20 - 00000000 ____D () C:\Users\Ro\Documents\My Games

2014-04-18 08:45 - 2012-11-03 00:36 - 00000000 ____D () C:\Users\Ro\Documents\ZOMGPLZ

2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Users\Ro\AppData\Local\Ubisoft Game Launcher

2014-04-18 08:43 - 2014-01-13 21:28 - 00000000 ____D () C:\Program Files (x86)\Ubisoft

2014-04-14 19:51 - 2014-04-14 19:51 - 00001416 _____ () C:\Users\Ro\Desktop\common - Shortcut.lnk

2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Rack\Desktop\Skyrim (SKSE).lnk

2014-04-14 19:40 - 2014-04-14 19:40 - 00002297 _____ () C:\Users\Guest\Desktop\Skyrim (SKSE).lnk

2014-04-13 15:35 - 2012-10-15 23:23 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore

2014-04-13 10:26 - 2014-04-13 10:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation

2014-04-13 10:25 - 2014-04-13 10:25 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA

2014-04-11 19:00 - 2012-10-26 10:21 - 00000000 ____D () C:\Users\Rack\AppData\Roaming\Dropbox

2014-04-11 10:56 - 2012-10-26 10:22 - 00000000 ___RD () C:\Users\Rack\Dropbox

2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Roaming\MP3SkypeRecorder

2014-04-10 13:04 - 2014-04-10 13:04 - 00000000 ____D () C:\Users\Ro\AppData\Local\MP3_Skype_Recorder

2014-04-10 09:09 - 2014-04-10 09:09 - 05423104 _____ () C:\Users\Ro\Downloads\MP3SkypeRecorderSetup.msi

2014-04-10 08:20 - 2012-09-19 17:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2014-04-08 18:59 - 2014-03-13 22:50 - 00000000 ____D () C:\Users\Ro\AppData\Local\Battle.net

2014-04-08 18:44 - 2014-03-13 22:52 - 00000000 ____D () C:\Program Files (x86)\Diablo III

2014-04-06 22:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-04 14:35 - 2014-04-04 14:31 - 00020261 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014_RodrigoDosSantos.xlsx

2014-04-04 13:49 - 2014-04-04 13:49 - 00021247 _____ () C:\Users\Ro\Downloads\ISPOR Attendance - Goals Expectations Criteria_2Apr2014.xlsx

2014-04-04 13:25 - 2014-04-04 13:25 - 00103789 _____ () C:\Users\Ro\Desktop\Bucky-Badger-university-of-wisconsin-120012_594_388.pdn

2014-04-04 08:18 - 2014-03-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-04-03 18:59 - 2014-04-02 20:33 - 00000000 ____D () C:\Program Files (x86)\ASUS

2014-04-03 18:59 - 2012-09-18 21:59 - 00000000 ____D () C:\Users\Ro\AppData\Local\VirtualStore

2014-04-03 15:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-04-03 11:04 - 2014-04-03 10:55 - 00020152 _____ () C:\Users\Rack\Documents\IC Foundation prospects 2014.xlsx

2014-04-03 10:21 - 2014-04-03 10:21 - 00000859 _____ () C:\Users\Rack\Downloads\fdo_grantmaker_results.csv

2014-04-03 09:28 - 2014-04-03 09:28 - 00017920 _____ () C:\Users\Rack\Downloads\RAGBRAI 2014.xls

2014-04-02 20:33 - 2013-07-15 18:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-02 20:32 - 2014-04-02 20:32 - 05922831 _____ () C:\Users\Ro\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip

2014-04-02 20:28 - 2012-09-19 17:45 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-04-02 20:27 - 2012-09-19 17:45 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-04-02 20:27 - 2012-09-19 17:45 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-02 20:27 - 2012-09-19 17:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-04-02 12:04 - 2014-04-02 12:04 - 00017128 _____ () C:\Users\Rack\Downloads\2013_GP_Grant_Application_template.xlsx

2014-04-01 10:13 - 2014-04-01 10:13 - 00004624 _____ () C:\Users\Rack\Downloads\GunsGermsandSteel-56457.odm

2014-04-01 10:09 - 2014-04-01 10:09 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour (1).ics

2014-04-01 10:09 - 2014-04-01 10:09 - 00001783 _____ () C:\Users\Rack\Downloads\MobyDickOrTheWhale9781620117002.acsm

2014-04-01 10:04 - 2014-04-01 10:04 - 00003007 _____ () C:\Users\Rack\Downloads\Quantopian Live Trading Introduction and Tour.ics

 

Some content of TEMP:

====================

C:\Users\Ro\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-29 09:12

 

==================== End Of Log ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014


Ran by Ro at 2014-04-29 19:24:11

Running from C:\Users\Ro\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)

Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)

Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)

f.lux (HKCU\...\Flux) (Version:  - )

FINAL FANTASY XIV: A Realm Reborn (HKLM-x32\...\Steam App 39210) (Version:  - SQUARE ENIX)

Folder Size 2.8.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.8.0.0 - MindGems, Inc.)

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

LaCie Network Assistant 1.5.16.73 (HKLM\...\{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1) (Version: 1.5.16.73 - LaCie)

Logitech Gaming Software (Version: 8.35.18 - Logitech Inc.) Hidden

Logitech Gaming Software 8.35 (HKLM\...\Logitech Gaming Software) (Version: 8.35.18 - Logitech Inc.)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)

Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)

NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)

NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden

NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)

Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)

Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)

Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics)

SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

Spotify (HKCU\...\Spotify) (Version: 0.9.0.128.g3134f863 - Spotify AB)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

You Need A Budget 4 (YNAB) (HKLM-x32\...\Steam App 227320) (Version:  - )

 

==================== Restore Points  =========================

 

29-04-2014 22:24:27 Removed MP3 Skype recorder

 

==================== Hosts content: ==========================

 

2009-07-13 22:34 - 2013-07-07 12:22 - 00575906 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1  localhost

127.0.0.1  fr.a2dfp.net

127.0.0.1  m.fr.a2dfp.net

127.0.0.1  ad.a8.net

127.0.0.1  asy.a8ww.net

127.0.0.1  abcstats.com

127.0.0.1  a.abv.bg

127.0.0.1  adserver.abv.bg

127.0.0.1  adv.abv.bg

127.0.0.1  bimg.abv.bg

127.0.0.1  ca.abv.bg

127.0.0.1  www2.a-counter.kiev.ua

127.0.0.1  track.acclaimnetwork.com

127.0.0.1  accuserveadsystem.com

127.0.0.1  www.accuserveadsystem.com

127.0.0.1  achmedia.com

127.0.0.1  csh.actiondesk.com

127.0.0.1  www.activemeter.com #[Tracking.Cookie]

127.0.0.1  ads.activepower.net

127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]

127.0.0.1  cms.ad2click.nl

127.0.0.1  ad2games.com

127.0.0.1  ads.ad2games.com

127.0.0.1  content.ad20.net

127.0.0.1  core.ad20.net

127.0.0.1  banner.ad.nu

127.0.0.1  cl21.v4.adaction.se

127.0.0.1  adadvisor.net

127.0.0.1  tag1.adaptiveads.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {1AA70187-E072-43FE-96D7-ECCA44D4E629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)

Task: {74A43562-AA48-4BA0-BC29-37D9E1B0BC2F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-15] (Google Inc.)

Task: {E3A46183-6069-4025-9C84-33035E3B7DCA} - System32\Tasks\{3A3CA8E3-12CF-4236-A870-C7E512BB18F9} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/en/abandoninstall?source=lightinstaller&page=tsBing

Task: {F0C6C727-04A8-4F4E-9759-D6E30473E95F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-69526344-1342381157-3629351510-1001Core1cd96b12d111dff.job => C:\Users\Ro\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-15 14:24 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-10-28 15:52 - 2011-09-08 17:48 - 01183096 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

2014-03-29 11:12 - 2014-03-29 11:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-03-21 19:04 - 2014-03-21 19:04 - 01020928 _____ () C:\Users\Ro\AppData\Roaming\Mozilla\Firefox\Profiles\la8voriz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Ro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung SSD Magician.lnk => C:\Windows\pss\Samsung SSD Magician.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ro\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7597

 

Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7597

 

Error: (04/28/2014 10:23:05 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6598

 

Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6598

 

Error: (04/28/2014 10:23:04 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 5600

 

Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 5600

 

Error: (04/28/2014 10:23:03 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (04/28/2014 10:23:02 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4602

 

 

System errors:

=============

Error: (04/28/2014 00:33:28 PM) (Source: atapi) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort5.

 

Error: (04/27/2014 08:18:56 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

 

Error: (04/26/2014 06:43:27 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

 

Error: (04/26/2014 09:21:09 AM) (Source: volsnap) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

 

Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: )

Description: The Steam Client Service service failed to start due to the following error: 

%%1053

 

Error: (04/24/2014 08:27:32 PM) (Source: Service Control Manager) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

 

Error: (04/24/2014 08:39:39 AM) (Source: Service Control Manager) (User: )

Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2014 11:39:40 PM) (Source: Service Control Manager) (User: )

Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2014 06:35:18 PM) (Source: Service Control Manager) (User: )

Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (04/23/2014 08:44:35 AM) (Source: Service Control Manager) (User: )

Description: The PinnacleUpdate Service service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

Error: (04/22/2014 11:40:08 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3344 seconds with 1320 seconds of active time.  This session ended with a crash.

 

Error: (02/06/2014 10:57:40 AM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 425 seconds with 240 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 22%

Total physical RAM: 8191.05 MB

Available physical RAM: 6384.79 MB

Total Pagefile: 16380.29 MB

Available Pagefile: 14451.53 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:119.14 GB) (Free:27.07 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 56F7885B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

aswMBR.txt


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2014-04-29 18:45:18

-----------------------------

18:45:18.680    OS Version: Windows x64 6.1.7601 Service Pack 1

18:45:18.680    Number of processors: 2 586 0x170A

18:45:18.681    ComputerName: WAYNETECH  UserName: Ro

18:45:18.835    Initialize success

18:46:23.046    AVAST engine defs: 14042901

18:46:49.720    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-6

18:46:49.724    Disk 0 Vendor: SAMSUNG_SSD_830_Series CXM03B1Q Size: 122104MB BusType: 3

18:46:49.728    Disk 0 MBR read successfully

18:46:49.730    Disk 0 MBR scan

18:46:49.737    Disk 0 Windows 7 default MBR code

18:46:49.740    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

18:46:49.773    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848

18:46:49.821    Disk 0 scanning C:\Windows\system32\drivers

18:46:55.046    Service scanning

18:47:08.961    Modules scanning

18:47:08.961    Disk 0 trace - called modules:

18:47:08.961    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800704a2c0]<<spjf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 

18:47:08.977    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007679060]

18:47:08.977    3 CLASSPNP.SYS[fffff88001a3e43f] -> nt!IofCallDriver -> [0xfffffa80071b8520]

18:47:08.977    5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-6[0xfffffa80071c7060]

18:47:08.992    \Driver\atapi[0xfffffa8007198610] -> IRP_MJ_CREATE -> 0xfffffa800704a2c0

18:47:09.211    AVAST engine scan C:\Windows

18:47:09.788    AVAST engine scan C:\Windows\system32

18:49:02.296    AVAST engine scan C:\Windows\system32\drivers

18:49:07.912    AVAST engine scan C:\Users\Ro

18:51:18.157    AVAST engine scan C:\ProgramData

18:52:57.756    Scan finished successfully

18:56:04.219    Disk 0 MBR has been saved successfully to "C:\Users\Ro\Documents\MBR.dat"

18:56:04.252    The log file has been saved successfully to "C:\Users\Ro\Documents\aswMBR.txt"



 

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.