Spyware.Passwords Infection

[Camigwen]

Hello,

 

I recently had an online account of mine compromised, and it was suggested to me that my email account was somehow compromised, and that was how the hacker gained access to my account. I ran an AVG scan and came up with nothing, then downloaded and ran avast!, which found nothing, then I ran rescue disk scan using avast! and the gui said there were 0 infections, but the notepad document said there were 178 infected files. I updated and ran Malwarebytes and found a spyware.passwords infection.

 

I would just like help ensuring that my computer is clean now, since I've had a rough time detecting the problem.

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Allison (administrator) on NYX on 15-07-2014 17:30:34
Running from C:\Users\Allison\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(http://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link) C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(SteelSeries) C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
(Ideazon, Inc.) C:\Program Files\Ideazon\ZEngine\Zboard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Akamai Technologies, Inc.) C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Akamai Technologies, Inc.) C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe
(Curse) C:\Users\Allison\AppData\Local\Apps\2.0\2BC2BQY4.V5Y\2X2J58ZR.HZQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(SteelSeries) C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [PCMMediaSharing] => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [196128 2008-05-06] (NVIDIA Corporation)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-130] => C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe [1675264 2008-03-19] (D-Link)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] => C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe [1992704 2011-01-31] (SteelSeries)
HKLM\...\Run: [Zboard] => C:\Program Files\Ideazon\ZEngine\Zboard.exe [57344 2009-06-04] (Ideazon, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTE0ODU1NzI3LUJBKzEtS1YzKzctWEwrMS1UNC1GUDkyKzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtVklQMTArMS1GMTBNMTBEKzItTElDKzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1432
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [MsnMsgr] => C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [uTorrent] => "C:\Program Files\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-08] ()
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\Allison\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=10b5591be82879bfa29d444da598cad1-286ad7a20897be4acc00553c7f649e89c855a587 /CMPID=1113a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default
FF Homepage: hxxp://www.google.ca
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "184.22.255.8"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "184.22.255.8"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "184.22.255.8"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "184.22.255.8"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Allison\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Allison\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Multi Links - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\multilinks@plugin [2012-01-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-13]
FF Extension: WOT - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-14]

========================== Services (Whitelisted) =================

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-12-14] (Lavasoft)
R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-11-30] (Macrovision Europe Ltd.) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [4227704 2011-11-08] (INCA Internet Co., Ltd.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham1.sys [42624 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham2.sys [18432 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-14] ()
R3 athr; C:\Windows\System32\DRIVERS\Dathr.sys [2228736 2012-03-19] (Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [599040 2008-01-31] (Ralink Technology Corp.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-16] (NewTech Infosystems, Inc.) [File not signed]
R3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [17408 2010-12-17] (Sagatek Co. Ltd.)
S3 WIMMount; C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\x86\DISM\wimmount.sys [34248 2012-07-25] (Microsoft Corporation)
S3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [17920 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 17:30 - 2014-07-15 17:31 - 00022742 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-15 17:29 - 2014-07-15 17:30 - 00000000 ____D () C:\FRST
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-14 21:13 - 2014-07-14 21:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2014-07-14 21:16 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 18:46 - 2014-07-14 19:21 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:20 - 2014-07-14 18:19 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:16 - 2014-07-14 18:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-09 17:33 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:33 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:33 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:33 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:33 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:33 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:33 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:33 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 17:33 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:33 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:33 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 17:33 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 17:33 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:33 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 17:33 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:33 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:33 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:03 - 2014-07-01 16:03 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-06-20 17:41 - 2014-06-20 17:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-15 17:31 - 2014-07-15 17:30 - 00022742 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-15 17:30 - 2014-07-15 17:29 - 00000000 ____D () C:\FRST
2014-07-15 17:29 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 17:29 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 17:11 - 2012-03-31 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-15 16:49 - 2013-09-11 21:42 - 00000000 ____D () C:\Users\Allison\AppData\Local\Avg2014
2014-07-15 16:49 - 2010-12-13 13:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-15 16:48 - 2013-09-11 21:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 16:33 - 2011-12-06 14:27 - 00000000 ____D () C:\Users\Allison\AppData\Local\Deployment
2014-07-15 06:02 - 2010-04-08 19:17 - 00000000 ____D () C:\Users\Allison\AppData\Local\PMB Files
2014-07-15 05:37 - 2008-08-27 16:20 - 01728985 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 05:35 - 2006-11-02 06:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 05:32 - 2009-06-05 17:28 - 00000000 ____D () C:\Users\Allison\Tracing
2014-07-15 05:29 - 2008-01-20 22:47 - 00871482 _____ () C:\Windows\PFRO.log
2014-07-15 05:29 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 05:28 - 2009-05-13 19:02 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-15 05:28 - 2006-11-02 09:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 05:28 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-07-14 21:17 - 2010-06-22 22:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-14 21:16 - 2014-07-14 21:08 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:14 - 2014-07-14 21:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2010-06-22 22:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 21:05 - 2010-09-05 22:03 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\WTablet
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 19:21 - 2014-07-14 18:46 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:19 - 2014-07-14 18:20 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:17 - 2014-07-14 18:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 03:26 - 2006-11-02 08:47 - 01774752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:22 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:06 - 2013-07-18 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2008-03-16 15:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:02 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 22:13 - 2012-03-31 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 22:13 - 2011-05-13 14:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-01 16:03 - 2014-07-01 16:03 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-06-30 00:23 - 2012-05-01 04:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-20 17:42 - 2014-06-20 17:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Allison\jagex_cl_runescape_LIVE.dat


Some content of TEMP:
====================
C:\Users\Allison\AppData\Local\temp\AutoRun.exe
C:\Users\Allison\AppData\Local\temp\AutoRunGUI.dll
C:\Users\Allison\AppData\Local\temp\bdfilters.dll
C:\Users\Allison\AppData\Local\temp\EAD1C65.exe
C:\Users\Allison\AppData\Local\temp\EAD20A9.exe
C:\Users\Allison\AppData\Local\temp\EAD3033.exe
C:\Users\Allison\AppData\Local\temp\EAD482F.exe
C:\Users\Allison\AppData\Local\temp\EAD641F.exe
C:\Users\Allison\AppData\Local\temp\EAD7232.exe
C:\Users\Allison\AppData\Local\temp\EADC9B4.exe
C:\Users\Allison\AppData\Local\temp\EADEA66.exe
C:\Users\Allison\AppData\Local\temp\EADF69D.exe
C:\Users\Allison\AppData\Local\temp\EADFC02.exe
C:\Users\Allison\AppData\Local\temp\Gw2.exe
C:\Users\Allison\AppData\Local\temp\installerdll182848.dll
C:\Users\Allison\AppData\Local\temp\installerdll187466.dll
C:\Users\Allison\AppData\Local\temp\installerdll196670.dll
C:\Users\Allison\AppData\Local\temp\installerdll201038.dll
C:\Users\Allison\AppData\Local\temp\installerdll30687253.dll
C:\Users\Allison\AppData\Local\temp\installerdll30691402.dll
C:\Users\Allison\AppData\Local\temp\installerdll30706051.dll
C:\Users\Allison\AppData\Local\temp\installerdll367850.dll
C:\Users\Allison\AppData\Local\temp\installerdll381172.dll
C:\Users\Allison\AppData\Local\temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Allison\AppData\Local\temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Allison\AppData\Local\temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Allison\AppData\Local\temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Allison\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Allison\AppData\Local\temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Allison\AppData\Local\temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Allison\AppData\Local\temp\OriginLauncher30687253.exe
C:\Users\Allison\AppData\Local\temp\rootsupd.exe
C:\Users\Allison\AppData\Local\temp\Setup.exe
C:\Users\Allison\AppData\Local\temp\swt-win32-3740.dll
C:\Users\Allison\AppData\Local\temp\tmp8287.exe
C:\Users\Allison\AppData\Local\temp\tmp9DD4.exe
C:\Users\Allison\AppData\Local\temp\tmpA497.exe
C:\Users\Allison\AppData\Local\temp\tmpCDB.exe
C:\Users\Allison\AppData\Local\temp\UninstallEADM.dll
C:\Users\Allison\AppData\Local\temp\vcredist_x64.exe
C:\Users\Allison\AppData\Local\temp\vcredist_x86.exe
C:\Users\Allison\AppData\Local\temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Allison\AppData\Local\temp\winziprosetup.exe
C:\Users\Allison\AppData\Local\temp\_is1334.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 05:36

==================== End Of Log ============================

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Allison at 2014-07-15 17:32:00
Running from C:\Users\Allison\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_c14ac4070fd9614ffe63f4bb533db2c) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional (Version: 8.1.3 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALUpdate (HKLM\...\ALUpdate_is1) (Version:  - ESTsoft Corp.)
ALZip (HKLM\...\ALZip_is1) (Version: 7.0 beta1 - ESTsoft Corp.)
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{15971B11-14DA-873C-1ACD-188603C38889}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.23 - AVG)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Diamond 10.6 Win7Vista Installation (HKLM\...\{F62A1CF8-9C38-46C7-90D6-8AAD1CA996D1}_is1) (Version:  - Diamond Multimedia)
Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista) (Version: 3.0.851.0 - Diamond Multimedia)
Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista) (Version: 3.0.859.0 - Diamond Multimedia)
D-Link Wireless N DWA-130 (HKLM\...\{F25B14A1-3863-41B6-9F8A-931DECA6D384}) (Version:  - D-Link)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Evolve Select (HKLM\...\{43FD99F3-5753-4277-AC57-813D93D69DDC}) (Version: 4.05.0020 - Vital Source Technologies)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibUSB-Win32-0.1.10.1 (HKLM\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
PhaseRO (HKLM\...\PhaseRO1.9) (Version: 1.9 - PhaseRO)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ragnarok Online 2 (HKLM\...\{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}) (Version: 1.0.1 - Gravity Interactive, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sid Meier's Alpha Centauri (HKLM\...\Sid Meier's Alpha Centauri) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster World of Warcraft Headset (HKLM\...\{0429B343-D023-4524-89BC-0478E0D9E3C3}) (Version: 1.0 - Creative Technology Limited)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WildStar (HKLM\...\WildStar) (Version:  - NCSOFT)
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/19/2010 1.2.4.0) (HKLM\...\227FF546E51B37EE801113B9EC6D88E5A5E892A5) (Version: 11/19/2010 1.2.4.0 - SteelSeries)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
World of Warcraft®: Cataclysm MMO Gaming Mouse (HKLM\...\{B832F6BF-B53E-4A51-BD95-A1D5D956207C}) (Version: 1.01.0011 - SteelSeries)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Z Engine (HKLM\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.29_NA - Ideazon)

==================== Restore Points  =========================

08-07-2014 02:24:53 Scheduled Checkpoint
09-07-2014 04:00:01 Scheduled Checkpoint
10-07-2014 04:00:02 Scheduled Checkpoint
10-07-2014 07:00:32 Windows Update
11-07-2014 04:00:04 Scheduled Checkpoint
12-07-2014 04:58:53 Scheduled Checkpoint
13-07-2014 04:00:09 Scheduled Checkpoint
14-07-2014 04:00:08 Scheduled Checkpoint
14-07-2014 22:16:45 avast! antivirus system restore point
15-07-2014 20:45:08 Removed AVG 2014
15-07-2014 20:49:01 Removed AVG 2014

==================== Hosts content: ==========================

2006-11-02 06:23 - 2010-07-01 22:23 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D0FE15-A83C-4502-B134-6E7426CD8D86} - System32\Tasks\Acer\Acer Assist\New Message Check - WoW Account => C:\Program Files\Acer Assist\AcerAssist.exe [2007-02-07] (Acer Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F56BFE0-BBAA-4D6E-9D2C-0B1D0831DCD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {259D7C66-C8FD-428A-A90F-A46C5075073A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {27281CF5-9C77-45B4-AB9D-ECB085BFDE0C} - System32\Tasks\{B033210F-E153-40FF-BCF1-0559712394F6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {447DF263-4342-437C-AC49-B04EEBC0503F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {B851E60C-00DD-4B8A-9CB6-A38E368BE54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software)
Task: {BC048E45-B249-4C6E-8DF4-3F3CFBCA5024} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 18:19 - 2014-07-14 18:19 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-15 16:54 - 2014-07-15 16:54 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071501\algo.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-03-16 15:48 - 2006-07-19 14:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-08-27 17:39 - 2007-06-28 18:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
2012-04-02 00:40 - 2012-09-27 21:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2008-08-27 20:33 - 2007-12-11 15:36 - 00245760 _____ () C:\Windows\system32\WlanApp.dll
2009-06-04 19:55 - 2009-06-04 19:55 - 00018432 _____ () C:\Program Files\Ideazon\ZEngine\AxInterop.WBOCXLib.dll
2009-11-14 17:18 - 2009-04-11 02:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2014-07-14 18:19 - 2014-07-14 18:19 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-20 17:41 - 2014-06-20 17:41 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-06-14 18:22 - 2014-06-14 18:22 - 00035840 ____N () C:\Users\Allison\AppData\Local\Apps\2.0\2BC2BQY4.V5Y\2X2J58ZR.HZQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-06-14 18:22 - 2014-06-14 18:22 - 00014848 ____N () C:\Users\Allison\AppData\Local\Apps\2.0\2BC2BQY4.V5Y\2X2J58ZR.HZQ\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 05:30:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 09:08:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/14/2014 09:08:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/14/2014 09:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 06:16:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {062dda45-cdfe-4c3e-8bde-56e7eee04b72}

Error: (07/10/2014 04:09:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/10/2014 04:09:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/10/2014 03:27:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2014 10:00:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/07/2014 10:00:45 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (07/07/2014 09:39:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:03:11 AM on 06/07/2014 was unexpected.

Error: (07/05/2014 05:33:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (07/05/2014 05:33:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (07/05/2014 05:32:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)

Error: (07/05/2014 05:32:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: AVGIDSAgent3758213661 (0xE001CA1D)


Microsoft Office Sessions:
=========================
Error: (01/19/2014 01:47:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284080 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/02/2013 09:49:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9984 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (06/05/2013 00:00:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94826 seconds with 780 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-15 17:31:45.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:44.966
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:44.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:43.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:41.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:41.082
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:40.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:31:39.397
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 16:46:46.546
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 16:46:45.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVG\AVG2014\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3070.32 MB
Available physical RAM: 1404.69 MB
Total Pagefile: 6368.71 MB
Available Pagefile: 4378.09 MB
Total Virtual: 2559.88 MB
Available Virtual: 2403.21 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:53.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:65.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 51EBCBAA)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=06)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Malwarebytes Log (the one that detected the infection)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/07/2014
Scan Time: 9:19:32 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.15.01
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Allison

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329464
Time Elapsed: 19 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Spyware.Passwords, C:\Windows\System32\ALZALZ.BIN, Quarantined, [527b1f80afcc59dd29c976e8936d08f8],
Spyware.Passwords, C:\Windows\System32\ALZZip.BIN, Quarantined, [cb02b6e9126956e079783826d62a32ce],

Physical Sectors: 0
(No malicious items detected)


(end)

[deeprybka]

Hi &

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
• Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Do you know anything about this?

 

FF NetworkProxy: "backup.ftp", ""FF NetworkProxy: "backup.ftp_port", 0FF NetworkProxy: "backup.socks", ""FF NetworkProxy: "backup.socks_port", 0FF NetworkProxy: "backup.ssl", ""FF NetworkProxy: "backup.ssl_port", 0FF NetworkProxy: "ftp", "184.22.255.8"FF NetworkProxy: "ftp_port", 8080FF NetworkProxy: "http", "184.22.255.8"FF NetworkProxy: "http_port", 8080FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "184.22.255.8"FF NetworkProxy: "socks_port", 8080FF NetworkProxy: "ssl", "184.22.255.8"FF NetworkProxy: "ssl_port", 8080

Step 1

Please uninstall some programs:

• Windows 7: Click on the Start Menu button, open Control Panel and click Uninstall a program.
• Search and select the following programs one by one and click on Uninstall:

  Download Updater

• Reboot your computer.

Step 2

Please download Combofix (by sUBs) and save it to your Desktop.

• Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
• Start Combofix.exe and follow its instructions.
• Do not use the computer while the scan is running. This may cause the program to stall.
• When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).

  Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

(You can find more detailed instructions in this guide on using Combofix.)

[Camigwen]

FF NetworkProxy: "backup.ftp", ""FF NetworkProxy: "backup.ftp_port", 0FF NetworkProxy: "backup.socks", ""FF NetworkProxy: "backup.socks_port", 0FF NetworkProxy: "backup.ssl", ""FF NetworkProxy: "backup.ssl_port", 0FF NetworkProxy: "ftp", "184.22.255.8"FF NetworkProxy: "ftp_port", 8080FF NetworkProxy: "http", "184.22.255.8"FF NetworkProxy: "http_port", 8080FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "184.22.255.8"FF NetworkProxy: "socks_port", 8080FF NetworkProxy: "ssl", "184.22.255.8"FF NetworkProxy: "ssl_port", 8080

 

I do not know what that is.

 

When I try to download Combofix, avast! is stopping the download as a threat, and now when I try to click on the link you have provided, it fails to load the page, stating "The connection to the server was reset while the page was loading."

[deeprybka]

Hi,
please try to disable all realtime-protection of your antivirus (web & surf...)before downloading Combofix.
Try the download again: http://www.bleepingcomputer.com/download/combofix/

[Camigwen]

ComboFix 14-07-16.01 - Allison 16/07/2014   5:51.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3070.1255 [GMT -4:00]
Running from: c:\users\Allison\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
c:\windows\system32\SET1D51.tmp
c:\windows\system32\SET20A6.tmp
c:\windows\system32\SET25B2.tmp
c:\windows\system32\SET2623.tmp
c:\windows\system32\SET402.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-16 to 2014-07-16  )))))))))))))))))))))))))))))))
.
.
2014-07-16 10:03 . 2014-07-16 10:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-07-16 10:03 . 2014-07-16 10:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-16 10:03 . 2014-07-16 10:03    --------    d-----w-    c:\users\WoW Account\AppData\Local\temp
2014-07-15 21:29 . 2014-07-15 21:33    --------    d-----w-    C:\FRST
2014-07-15 01:08 . 2014-07-15 01:16    --------    d-----w-    c:\program files\Malwarebytes Anti-Malware
2014-07-15 01:08 . 2014-05-12 11:26    51928    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-07-15 01:08 . 2014-05-12 11:25    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-07-14 23:21 . 2014-07-14 23:21    --------    d-----w-    c:\program files\Windows Kits
2014-07-14 22:21 . 2014-07-14 22:21    --------    d-----w-    c:\users\Allison\AppData\Roaming\AVAST Software
2014-07-14 22:20 . 2014-07-14 22:19    779536    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-14 22:20 . 2014-07-14 22:19    57800    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-07-14 22:20 . 2014-07-14 22:19    192352    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-14 22:20 . 2014-07-14 22:20    414520    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-14 22:20 . 2014-07-14 22:19    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-14 22:20 . 2014-07-14 22:19    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-14 22:20 . 2014-07-14 22:19    55112    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2014-07-14 22:20 . 2014-07-14 22:19    24184    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-14 22:20 . 2014-07-14 22:19    276432    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-14 22:19 . 2014-07-14 22:19    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-14 22:17 . 2014-07-14 22:17    --------    d-----w-    c:\program files\AVAST Software
2014-07-14 22:16 . 2014-07-14 22:17    --------    d-----w-    c:\programdata\AVAST Software
2014-07-01 20:03 . 2014-07-01 20:03    --------    d-----w-    c:\users\Allison\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 09:46 . 2010-06-23 02:58    110296    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-07-09 02:13 . 2012-03-31 16:04    699056    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-07-09 02:13 . 2011-05-13 18:52    71344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 11:25 . 2010-06-23 02:58    23256    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-26 16:01 . 2014-06-11 06:53    502784    ----a-w-    c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-14 22:19    578240    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Allison\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-08 3093624]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-26 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 196128]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-130"="c:\program files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe" [2008-03-20 1675264]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2011-01-31 1992704]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-14 4086432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNTE0ODU1NzI3LUJBKzEtS1YzKzctWEwrMS1UNC1GUDkyKzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtVklQMTArMS1GMTBNMTBEKzItTElDKzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMQ∏=90&ver=10.0.1432" [?]
.
c:\users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-6 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ASETRES.EXE [2008-4-14 20480]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2008-3-16 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - ExtSQL: !HIDDEN! 2009-08-17 22:13; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-AVG-Secure-Search-Update_1113a - c:\users\Allison\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-16 06:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-565858644-1560072136-3662373033-1000\Software\SecuROM\License information*]
"datasecu"=hex:fd,93,88,2d,ef,3f,6b,24,6c,37,1d,0b,0f,d6,b9,37,52,d8,1c,f1,26,
   7f,5d,68,65,f2,90,65,0c,e1,83,fe,f6,e5,cb,a1,22,53,b8,b7,93,47,da,ad,e3,f1,\
"rkeysecu"=hex:9a,91,8b,ee,00,87,69,51,21,88,7d,13,23,f0,3f,1c
.
Completion time: 2014-07-16  06:07:10
ComboFix-quarantined-files.txt  2014-07-16 10:07
.
Pre-Run: 58,296,479,744 bytes free
Post-Run: 62,279,704,576 bytes free
.
- - End Of File - - B73AEDDCABF9853CFBFFC909A172C688
A863475757CC50891AA8458C415E4B25
 

[Camigwen]

After the scan, I have what looks like the Internet Explorer icon on my desktop with the name "The Internet". Is this normal? Is it really just IE?

[deeprybka]

After the scan, I have what looks like the Internet Explorer icon on my desktop with the name "The Internet". Is this normal? Is it really just IE?

Could you please post up a screenshot?

 

Next steps:

Step 1

Scan with Malwarebytes Antimalware

• Please update the database by clicking on the "Update Now" button.
• Following the update and click "Settings" and go to "Detection and Protection"
• Make sure "Scan for Rootkits" is checked.
• Click on Dashboard, then click on Scan Now to start the scan.

  (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

• A window with an option to view the detailed log will appear. Click on "View Detailed Log".
• After viewing the results, please click on the "Copy to Clipboard" button and then OK.
• Return to our forum. Paste your log into your next reply.

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

• Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
• Start esetsmartinstaller_enu.exe with administartor privileges.
• Select the option Yes, I accept the Terms of Use and click on Start.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start. The virus signature database will begin to download. This may take some time.
• When completed the Online Scan will begin automatically.

  Note: This scan might take a long time! Please be patient.

• When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
• Now click on Finish
• A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

  Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

[Camigwen]

http://i1255.photobucket.com/albums/hh639/Allison_Payette/desktopscreen_zps9776e9df.gif

 

The image is way too big to post directly, so there is the URL for it. The new Internet Explorer icon is between avast! and Combofix. It was not there before I performed my Combofix scan this morning.

 

Here is the Malwarebytes log. I will be performing the ESET scan now.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/07/2014
Scan Time: 4:47:44 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.16.08
Rootkit Database: v2014.07.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Allison

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326728
Time Elapsed: 14 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[deeprybka]

I will be performing the ESET scan now.

OK...

[Camigwen]

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0cce4bfafc68f640bc07a763407b34db
# engine=19208
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-16 10:25:28
# local_time=2014-07-16 06:25:28 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 826213 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 132620687 242157056 0 0
# scanned=265750
# found=0
# cleaned=0
# scan_time=4428
 

[deeprybka]

OK, please post up fresh FRST-Logs:

Start FRST with administator privileges.

• Make sure the following option is checked:
• Press the Scan button.
• When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

  Please copy and paste these logs in your next reply.

[Camigwen]

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Allison (administrator) on NYX on 16-07-2014 19:03:15
Running from C:\Users\Allison\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(http://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(D-Link) C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(SteelSeries) C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
(Ideazon, Inc.) C:\Program Files\Ideazon\ZEngine\Zboard.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SteelSeries) C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [PCMMediaSharing] => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [196128 2008-05-06] (NVIDIA Corporation)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-130] => C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe [1675264 2008-03-19] (D-Link)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] => C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe [1992704 2011-01-31] (SteelSeries)
HKLM\...\Run: [Zboard] => C:\Program Files\Ideazon\ZEngine\Zboard.exe [57344 2009-06-04] (Ideazon, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTE0ODU1NzI3LUJBKzEtS1YzKzctWEwrMS1UNC1GUDkyKzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtVklQMTArMS1GMTBNMTBEKzItTElDKzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1432
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-08] ()
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default
FF Homepage: hxxp://www.google.ca
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "184.22.255.8"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "184.22.255.8"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "184.22.255.8"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "184.22.255.8"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Allison\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Allison\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Multi Links - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\multilinks@plugin [2012-01-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-13]
FF Extension: WOT - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-14]

========================== Services (Whitelisted) =================

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-12-14] (Lavasoft)
R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-11-30] (Macrovision Europe Ltd.) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [4227704 2011-11-08] (INCA Internet Co., Ltd.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham1.sys [42624 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham2.sys [18432 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-14] ()
R3 athr; C:\Windows\System32\DRIVERS\Dathr.sys [2228736 2012-03-19] (Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [599040 2008-01-31] (Ralink Technology Corp.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-16] (NewTech Infosystems, Inc.) [File not signed]
R3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [17408 2010-12-17] (Sagatek Co. Ltd.)
S3 WIMMount; C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\x86\DISM\wimmount.sys [34248 2012-07-25] (Microsoft Corporation)
S3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [17920 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
U3 catchme; \??\C:\Users\Allison\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\Program Files\ESET
2014-07-16 17:05 - 2014-07-16 17:05 - 02347384 _____ (ESET) C:\Users\Allison\Desktop\esetsmartinstaller_enu.exe
2014-07-16 06:07 - 2014-07-16 06:07 - 00011193 _____ () C:\ComboFix.txt
2014-07-16 05:47 - 2014-07-16 06:07 - 00000000 ____D () C:\Qoobox
2014-07-16 05:47 - 2014-07-16 06:07 - 00000000 ____D () C:\ComboFix
2014-07-16 05:47 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 05:47 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 05:47 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 05:45 - 2014-07-16 05:46 - 05221615 ____R (Swearware) C:\Users\Allison\Desktop\ComboFix.exe
2014-07-15 17:32 - 2014-07-15 17:33 - 00040566 _____ () C:\Users\Allison\Desktop\Addition.txt
2014-07-15 17:30 - 2014-07-16 19:03 - 00021354 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-15 17:29 - 2014-07-16 19:03 - 00000000 ____D () C:\FRST
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-14 21:13 - 2014-07-14 21:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2014-07-14 21:16 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 18:46 - 2014-07-14 19:21 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:20 - 2014-07-14 18:19 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:16 - 2014-07-14 18:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-09 17:33 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:33 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:33 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:33 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:33 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:33 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:33 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:33 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 17:33 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:33 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:33 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 17:33 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 17:33 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:33 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 17:33 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:33 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:33 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:03 - 2014-07-16 16:41 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-06-20 17:41 - 2014-06-20 17:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-16 19:03 - 2014-07-15 17:30 - 00021354 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-16 19:03 - 2014-07-15 17:29 - 00000000 ____D () C:\FRST
2014-07-16 18:15 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:15 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 18:11 - 2012-03-31 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 17:30 - 2008-08-27 16:20 - 01764928 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\Program Files\ESET
2014-07-16 17:05 - 2014-07-16 17:05 - 02347384 _____ (ESET) C:\Users\Allison\Desktop\esetsmartinstaller_enu.exe
2014-07-16 16:47 - 2010-06-22 22:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-16 16:41 - 2014-07-01 16:03 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-07-16 06:07 - 2014-07-16 06:07 - 00011193 _____ () C:\ComboFix.txt
2014-07-16 06:07 - 2014-07-16 05:47 - 00000000 ____D () C:\Qoobox
2014-07-16 06:07 - 2014-07-16 05:47 - 00000000 ____D () C:\ComboFix
2014-07-16 06:07 - 2011-12-06 14:27 - 00000000 ____D () C:\Users\Allison\AppData\Local\Apps\2.0
2014-07-16 06:03 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-16 05:47 - 2010-06-29 23:55 - 00000000 ____D () C:\Windows\ERDNT
2014-07-16 05:46 - 2014-07-16 05:45 - 05221615 ____R (Swearware) C:\Users\Allison\Desktop\ComboFix.exe
2014-07-16 05:18 - 2011-12-06 14:27 - 00000000 ____D () C:\Users\Allison\AppData\Local\Deployment
2014-07-15 22:47 - 2010-04-08 19:17 - 00000000 ____D () C:\Users\Allison\AppData\Local\PMB Files
2014-07-15 22:21 - 2006-11-02 06:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 22:17 - 2009-06-05 17:28 - 00000000 ____D () C:\Users\Allison\Tracing
2014-07-15 22:15 - 2010-09-05 22:03 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\WTablet
2014-07-15 22:15 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 22:14 - 2013-09-11 21:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 22:14 - 2010-12-13 13:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-15 22:14 - 2008-08-27 21:00 - 00000000 ____D () C:\Program Files\AVG
2014-07-15 22:14 - 2008-01-20 22:47 - 00872604 _____ () C:\Windows\PFRO.log
2014-07-15 22:13 - 2009-05-13 19:02 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-15 22:13 - 2006-11-02 09:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 17:33 - 2014-07-15 17:32 - 00040566 _____ () C:\Users\Allison\Desktop\Addition.txt
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-15 16:49 - 2013-09-11 21:42 - 00000000 ____D () C:\Users\Allison\AppData\Local\Avg2014
2014-07-15 05:28 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-07-14 21:16 - 2014-07-14 21:08 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:14 - 2014-07-14 21:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2010-06-22 22:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 19:21 - 2014-07-14 18:46 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:19 - 2014-07-14 18:20 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:17 - 2014-07-14 18:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 03:26 - 2006-11-02 08:47 - 01774752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:22 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:06 - 2013-07-18 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2008-03-16 15:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:02 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 22:13 - 2012-03-31 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 22:13 - 2011-05-13 14:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 00:23 - 2012-05-01 04:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-20 17:42 - 2014-06-20 17:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Files to move or delete:
====================
C:\Users\Allison\jagex_cl_runescape_LIVE.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 10:25

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Allison at 2014-07-16 19:04:21
Running from C:\Users\Allison\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_c14ac4070fd9614ffe63f4bb533db2c) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional (Version: 8.1.3 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALUpdate (HKLM\...\ALUpdate_is1) (Version:  - ESTsoft Corp.)
ALZip (HKLM\...\ALZip_is1) (Version: 7.0 beta1 - ESTsoft Corp.)
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{15971B11-14DA-873C-1ACD-188603C38889}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.23 - AVG)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Diamond 10.6 Win7Vista Installation (HKLM\...\{F62A1CF8-9C38-46C7-90D6-8AAD1CA996D1}_is1) (Version:  - Diamond Multimedia)
Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista) (Version: 3.0.851.0 - Diamond Multimedia)
Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista) (Version: 3.0.859.0 - Diamond Multimedia)
D-Link Wireless N DWA-130 (HKLM\...\{F25B14A1-3863-41B6-9F8A-931DECA6D384}) (Version:  - D-Link)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evolve Select (HKLM\...\{43FD99F3-5753-4277-AC57-813D93D69DDC}) (Version: 4.05.0020 - Vital Source Technologies)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibUSB-Win32-0.1.10.1 (HKLM\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
PhaseRO (HKLM\...\PhaseRO1.9) (Version: 1.9 - PhaseRO)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ragnarok Online 2 (HKLM\...\{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}) (Version: 1.0.1 - Gravity Interactive, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sid Meier's Alpha Centauri (HKLM\...\Sid Meier's Alpha Centauri) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster World of Warcraft Headset (HKLM\...\{0429B343-D023-4524-89BC-0478E0D9E3C3}) (Version: 1.0 - Creative Technology Limited)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WildStar (HKLM\...\WildStar) (Version:  - NCSOFT)
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/19/2010 1.2.4.0) (HKLM\...\227FF546E51B37EE801113B9EC6D88E5A5E892A5) (Version: 11/19/2010 1.2.4.0 - SteelSeries)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
World of Warcraft®: Cataclysm MMO Gaming Mouse (HKLM\...\{B832F6BF-B53E-4A51-BD95-A1D5D956207C}) (Version: 1.01.0011 - SteelSeries)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Z Engine (HKLM\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.29_NA - Ideazon)

==================== Restore Points  =========================

10-07-2014 04:00:02 Scheduled Checkpoint
10-07-2014 07:00:32 Windows Update
11-07-2014 04:00:04 Scheduled Checkpoint
12-07-2014 04:58:53 Scheduled Checkpoint
13-07-2014 04:00:09 Scheduled Checkpoint
14-07-2014 04:00:08 Scheduled Checkpoint
14-07-2014 22:16:45 avast! antivirus system restore point
15-07-2014 20:45:08 Removed AVG 2014
15-07-2014 20:49:01 Removed AVG 2014

==================== Hosts content: ==========================

2006-11-02 06:23 - 2014-07-16 06:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D0FE15-A83C-4502-B134-6E7426CD8D86} - System32\Tasks\Acer\Acer Assist\New Message Check - WoW Account => C:\Program Files\Acer Assist\AcerAssist.exe [2007-02-07] (Acer Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F56BFE0-BBAA-4D6E-9D2C-0B1D0831DCD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {259D7C66-C8FD-428A-A90F-A46C5075073A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {27281CF5-9C77-45B4-AB9D-ECB085BFDE0C} - System32\Tasks\{B033210F-E153-40FF-BCF1-0559712394F6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {447DF263-4342-437C-AC49-B04EEBC0503F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {B851E60C-00DD-4B8A-9CB6-A38E368BE54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software)
Task: {BC048E45-B249-4C6E-8DF4-3F3CFBCA5024} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 18:19 - 2014-07-14 18:19 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-16 06:27 - 2014-07-16 06:27 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071600\algo.dll
2014-07-16 17:08 - 2014-07-16 17:08 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071601\algo.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-03-16 15:48 - 2006-07-19 14:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-08-27 17:39 - 2007-06-28 18:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
2012-04-02 00:40 - 2012-09-27 21:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2008-08-27 20:33 - 2007-12-11 15:36 - 00245760 _____ () C:\Windows\system32\WlanApp.dll
2009-06-04 19:55 - 2009-06-04 19:55 - 00018432 _____ () C:\Program Files\Ideazon\ZEngine\AxInterop.WBOCXLib.dll
2009-11-14 17:18 - 2009-04-11 02:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2014-07-14 18:19 - 2014-07-14 18:19 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-20 17:41 - 2014-06-20 17:41 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-08 22:13 - 2014-07-08 22:13 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 10:18:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/15/2014 10:18:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/15/2014 10:15:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 05:30:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 09:08:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/14/2014 09:08:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/14/2014 09:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 06:16:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {062dda45-cdfe-4c3e-8bde-56e7eee04b72}

Error: (07/10/2014 04:09:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/10/2014 04:09:19 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (07/16/2014 06:03:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/16/2014 05:56:47 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/16/2014 05:49:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/15/2014 10:12:52 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.

Error: (07/15/2014 10:12:51 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (01/19/2014 01:47:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284080 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/02/2013 09:49:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9984 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (06/05/2013 00:00:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94826 seconds with 780 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-16 19:04:13.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:12.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:11.589
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:10.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:09.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:09.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:08.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:07.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 16:53:50.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 16:53:49.777
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3070.32 MB
Available physical RAM: 1391.95 MB
Total Pagefile: 6364.79 MB
Available Pagefile: 4340.31 MB
Total Virtual: 2559.88 MB
Available Virtual: 2423.32 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:57.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:65.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 51EBCBAA)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=06)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[deeprybka]

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

• Start FRST with Administrator privileges.
• Press the Fix button.
• When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

  Please copy and paste its contents in your next reply.

fixlist.txt

After the reboot:

Step 2

Start FRST with administator privileges.

• Press the Scan button.
• When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

  Please copy and paste the log in your next reply.

[Camigwen]

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-07-2014 01
Ran by Allison at 2014-07-16 19:37:48 Run:1
Running from C:\Users\Allison\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
C:\Users\Allison\jagex_cl_runescape_LIVE.dat
FF Homepage: hxxp://www.google.ca
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "184.22.255.8"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "184.22.255.8"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "184.22.255.8"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "184.22.255.8"
FF NetworkProxy: "ssl_port", 8080
Reboot:
*****************

C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\Users\Allison\jagex_cl_runescape_LIVE.dat => Moved successfully.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.


The system needed a reboot.

==== End of Fixlog ====

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Allison (administrator) on NYX on 16-07-2014 19:43:45
Running from C:\Users\Allison\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(CyberLink) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(http://libusb-win32.sourceforge.net) C:\Windows\System32\libusbd-nt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Windows\System32\nvraidservice.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link) C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SteelSeries) C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
(Ideazon, Inc.) C:\Program Files\Ideazon\ZEngine\Zboard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Akamai Technologies, Inc.) C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
() C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [PCMMediaSharing] => C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()
HKLM\...\Run: [Acer Assist Launcher] => C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [NVRaidService] => C:\Windows\system32\nvraidservice.exe [196128 2008-05-06] (NVIDIA Corporation)
HKLM\...\Run: [ANIWZCS2Service] => C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless N DWA-130] => C:\Program Files\D-Link\D-Link Wireless N DWA-130\AirNCFG.exe [1675264 2008-03-19] (D-Link)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] => C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe [1992704 2011-01-31] (SteelSeries)
HKLM\...\Run: [Zboard] => C:\Program Files\Ideazon\ZEngine\Zboard.exe [57344 2009-06-04] (Ideazon, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-14] (AVAST Software)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNTE0ODU1NzI3LUJBKzEtS1YzKzctWEwrMS1UNC1GUDkyKzYtQkFSOUcrMS1UQjkrMi1GTCs5LVhPMzYrMS1RSVgxKzQtWDIwMTArMi1GMTBNKzUtVklQMTArMS1GMTBNMTBEKzItTElDKzctRkwxMCsxLVNQMSsxLVNQMVRCKzEtU1VQKzQtU1AxUzIrMQ"&"prod=90"&"ver=10.0.1432
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Allison\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-08] ()
HKU\S-1-5-21-565858644-1560072136-3662373033-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-25] (AMD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
SearchScopes: HKCU - DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Allison\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Allison\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Multi Links - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\multilinks@plugin [2012-01-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-10-13]
FF Extension: WOT - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\Allison\AppData\Roaming\Mozilla\Firefox\Profiles\nz7091mh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-14]

========================== Services (Whitelisted) =================

R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [611664 2008-12-14] (Lavasoft)
R2 Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [269448 2008-01-25] (CyberLink) [File not signed]
S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-14] (AVAST Software)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-23] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2009-08-28] (Creative Technology Ltd) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-11-30] (Macrovision Europe Ltd.) [File not signed]
R2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [4227704 2011-11-08] (INCA Internet Co., Ltd.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [262247 2006-07-19] () [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham1.sys [42624 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham2.sys [18432 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-14] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-14] ()
R3 athr; C:\Windows\System32\DRIVERS\Dathr.sys [2228736 2012-03-19] (Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)
R3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [599040 2008-01-31] (Ralink Technology Corp.)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-16] (NewTech Infosystems, Inc.) [File not signed]
R3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [17408 2010-12-17] (Sagatek Co. Ltd.)
S3 WIMMount; C:\Program Files\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\x86\DISM\wimmount.sys [34248 2012-07-25] (Microsoft Corporation)
S3 WRfiltv; C:\Windows\System32\drivers\WRfiltv.sys [17920 2009-07-31] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Allison\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\Program Files\ESET
2014-07-16 17:05 - 2014-07-16 17:05 - 02347384 _____ (ESET) C:\Users\Allison\Desktop\esetsmartinstaller_enu.exe
2014-07-16 06:07 - 2014-07-16 06:07 - 00011193 _____ () C:\ComboFix.txt
2014-07-16 05:47 - 2014-07-16 06:07 - 00000000 ____D () C:\Qoobox
2014-07-16 05:47 - 2014-07-16 06:07 - 00000000 ____D () C:\ComboFix
2014-07-16 05:47 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 05:47 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 05:47 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 05:47 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 05:45 - 2014-07-16 05:46 - 05221615 ____R (Swearware) C:\Users\Allison\Desktop\ComboFix.exe
2014-07-15 17:32 - 2014-07-16 19:05 - 00040285 _____ () C:\Users\Allison\Desktop\Addition.txt
2014-07-15 17:30 - 2014-07-16 19:45 - 00020151 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-15 17:29 - 2014-07-16 19:44 - 00000000 ____D () C:\FRST
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-14 21:13 - 2014-07-14 21:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2014-07-14 21:16 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-07-14 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:08 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-14 21:08 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 18:46 - 2014-07-14 19:21 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:20 - 2014-07-14 18:19 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:20 - 2014-07-14 18:19 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:16 - 2014-07-14 18:17 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-09 17:33 - 2014-06-06 20:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 17:33 - 2014-06-06 20:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 17:33 - 2014-06-06 19:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 17:33 - 2014-06-06 19:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 17:33 - 2014-06-06 19:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 17:33 - 2014-06-06 19:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 17:33 - 2014-06-06 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 17:33 - 2014-06-06 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 17:33 - 2014-06-06 18:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 17:33 - 2014-06-06 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 17:33 - 2014-06-06 18:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 17:33 - 2014-06-06 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 17:33 - 2014-06-06 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 17:33 - 2014-06-06 18:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 17:33 - 2014-06-06 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 17:33 - 2014-06-06 18:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 17:33 - 2014-06-06 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 17:33 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 17:33 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-01 16:03 - 2014-07-16 16:41 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-06-20 17:41 - 2014-06-20 17:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-16 19:46 - 2010-04-08 19:17 - 00000000 ____D () C:\Users\Allison\AppData\Local\PMB Files
2014-07-16 19:45 - 2014-07-15 17:30 - 00020151 _____ () C:\Users\Allison\Desktop\FRST.txt
2014-07-16 19:44 - 2014-07-15 17:29 - 00000000 ____D () C:\FRST
2014-07-16 19:43 - 2010-09-05 22:03 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\WTablet
2014-07-16 19:42 - 2008-01-20 22:47 - 00873156 _____ () C:\Windows\PFRO.log
2014-07-16 19:42 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 19:42 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:42 - 2006-11-02 08:47 - 00003344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:41 - 2009-05-13 19:02 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-07-16 19:41 - 2008-08-27 16:20 - 01769158 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 19:41 - 2006-11-02 09:01 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 19:37 - 2008-08-27 17:34 - 00000000 ____D () C:\Users\Allison
2014-07-16 19:11 - 2012-03-31 12:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 19:05 - 2014-07-15 17:32 - 00040285 _____ () C:\Users\Allison\Desktop\Addition.txt
2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\Program Files\ESET
2014-07-16 17:05 - 2014-07-16 17:05 - 02347384 _____ (ESET) C:\Users\Allison\Desktop\esetsmartinstaller_enu.exe
2014-07-16 16:47 - 2010-06-22 22:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-16 16:41 - 2014-07-01 16:03 - 00000000 ____D () C:\Users\Allison\AppData\Local\Adobe
2014-07-16 06:07 - 2014-07-16 06:07 - 00011193 _____ () C:\ComboFix.txt
2014-07-16 06:07 - 2014-07-16 05:47 - 00000000 ____D () C:\Qoobox
2014-07-16 06:07 - 2014-07-16 05:47 - 00000000 ____D () C:\ComboFix
2014-07-16 06:07 - 2011-12-06 14:27 - 00000000 ____D () C:\Users\Allison\AppData\Local\Apps\2.0
2014-07-16 06:03 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-16 05:47 - 2010-06-29 23:55 - 00000000 ____D () C:\Windows\ERDNT
2014-07-16 05:46 - 2014-07-16 05:45 - 05221615 ____R (Swearware) C:\Users\Allison\Desktop\ComboFix.exe
2014-07-16 05:18 - 2011-12-06 14:27 - 00000000 ____D () C:\Users\Allison\AppData\Local\Deployment
2014-07-15 22:21 - 2006-11-02 06:33 - 00763586 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 22:17 - 2009-06-05 17:28 - 00000000 ____D () C:\Users\Allison\Tracing
2014-07-15 22:14 - 2013-09-11 21:48 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 22:14 - 2010-12-13 13:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-15 22:14 - 2008-08-27 21:00 - 00000000 ____D () C:\Program Files\AVG
2014-07-15 16:50 - 2014-07-15 16:50 - 01077248 _____ (Farbar) C:\Users\Allison\Desktop\FRST.exe
2014-07-15 16:49 - 2013-09-11 21:42 - 00000000 ____D () C:\Users\Allison\AppData\Local\Avg2014
2014-07-15 05:28 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\tracing
2014-07-14 21:16 - 2014-07-14 21:08 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-14 21:16 - 2014-07-14 21:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-14 21:14 - 2014-07-14 21:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Allison\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-14 21:08 - 2010-06-22 22:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-07-14 19:21 - 2014-07-14 19:21 - 00000000 ____D () C:\Program Files\Windows Kits
2014-07-14 19:21 - 2014-07-14 18:46 - 00000000 ____D () C:\Users\Allison\Documents\AvastPEToolkit
2014-07-14 18:21 - 2014-07-14 18:21 - 00001877 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\Users\Allison\AppData\Roaming\AVAST Software
2014-07-14 18:21 - 2014-07-14 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-14 18:20 - 2014-07-14 18:20 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-14 18:19 - 2014-07-14 18:20 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00057800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00055112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-14 18:19 - 2014-07-14 18:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-14 18:19 - 2014-07-14 18:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-14 18:17 - 2014-07-14 18:17 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-14 18:17 - 2014-07-14 18:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-10 03:26 - 2006-11-02 08:47 - 01774752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:22 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:06 - 2013-07-18 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:02 - 2008-03-16 15:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 03:02 - 2006-11-02 06:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 22:13 - 2012-03-31 12:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 22:13 - 2011-05-13 14:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-30 00:23 - 2012-05-01 04:41 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-20 17:42 - 2014-06-20 17:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-16 10:25

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Allison at 2014-07-16 19:46:33
Running from C:\Users\Allison\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Acer Arcade Live Main Page (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.1.1331 - Acer Inc.)
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Inc.)
Acer DV Magician (HKLM\...\{F6EFFB76-4A07-11DA-9D78-000129760D75}) (Version: 1.5.0920 - Acer Inc.)
Acer DVDivine (HKLM\...\{B145EC69-66F5-11D8-9D75-000129760D75}) (Version: 3.2.1109 - Acer Inc.)
Acer GameZone Console DTV 2.0.1.1 (HKLM\...\Acer GameZone Console_is1) (Version:  - Oberon Media, Inc.)
Acer HomeMedia (HKLM\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 1.4.1331 - Acer Inc.)
Acer HomeMedia Connect (HKLM\...\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}) (Version: 1.4.4931 - Acer Inc.)
Acer HomeMedia Trial Creator (HKLM\...\{B580C409-E16F-44FF-904D-3AE94E113BE0}) (Version: 1.4.1331 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 4.01.0422 - Acer Incorporated)
Acer SlideShow DVD (HKLM\...\{41581EF5-45A7-11DA-9D78-000129760D75}) (Version: 1.5.1109 - Acer Inc.)
Acer VideoMagician (HKLM\...\{F79A208D-D929-11D9-9D77-000129760D75}) (Version: 1.4.1017 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Ad-Aware (HKLM\...\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}) (Version: 7.1.0.7 - Lavasoft)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM\...\Adobe_c14ac4070fd9614ffe63f4bb533db2c) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8 Professional (Version: 8.1.3 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe BridgeTalk Plugin CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 3 Design Premium (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Flash CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Video Encoder (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS3 (Version: 13.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS3 Icon Handler (Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe MotionPicture Color Files (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe SING CS3 (Version: 0.1 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Server {ko_KR}  (Version: 3.0.0.0 {ko_KR}  - Adobe Systems Incorporated) Hidden
Adobe WAS CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AHV content for Acrobat and Flash (Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALUpdate (HKLM\...\ALUpdate_is1) (Version:  - ESTsoft Corp.)
ALZip (HKLM\...\ALZip_is1) (Version: 7.0 beta1 - ESTsoft Corp.)
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO Codecs (Version: 11.7.0.11025 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{15971B11-14DA-873C-1ACD-188603C38889}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG PC Tuneup 2011 (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.23 - AVG)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Creative System Information (HKLM\...\SysInfo) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Diamond 10.6 Win7Vista Installation (HKLM\...\{F62A1CF8-9C38-46C7-90D6-8AAD1CA996D1}_is1) (Version:  - Diamond Multimedia)
Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 11.11 2400-6900 PCIe Win7Vista) (Version: 3.0.851.0 - Diamond Multimedia)
Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista (HKLM\...\Diamond Multimedia 12.1 2400-6900 PCIe Win7Vista) (Version: 3.0.859.0 - Diamond Multimedia)
D-Link Wireless N DWA-130 (HKLM\...\{F25B14A1-3863-41B6-9F8A-931DECA6D384}) (Version:  - D-Link)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Evolve Select (HKLM\...\{43FD99F3-5753-4277-AC57-813D93D69DDC}) (Version: 4.05.0020 - Vital Source Technologies)
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HydraVision (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LibUSB-Win32-0.1.10.1 (HKLM\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 9.0.13.2141 - Electronic Arts, Inc.)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pen Tablet (HKLM\...\Pen Tablet Driver) (Version:  - Wacom Technology Corp.)
PhaseRO (HKLM\...\PhaseRO1.9) (Version: 1.9 - PhaseRO)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ragnarok Online 2 (HKLM\...\{9C9BF1AB-E2C4-4470-9398-58F7BACB29DC}) (Version: 1.0.1 - Gravity Interactive, Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5591 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (HKLM\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Sid Meier's Alpha Centauri (HKLM\...\Sid Meier's Alpha Centauri) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Blaster World of Warcraft Headset (HKLM\...\{0429B343-D023-4524-89BC-0478E0D9E3C3}) (Version: 1.0 - Creative Technology Limited)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 70s, 80s, & 90s Stuff (HKLM\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VoiceOver Kit (HKLM\...\{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}) (Version: 1.42.128.0 - Apple Inc.)
WildStar (HKLM\...\WildStar) (Version:  - NCSOFT)
Windows Deployment Tools (HKLM\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/19/2010 1.2.4.0) (HKLM\...\227FF546E51B37EE801113B9EC6D88E5A5E892A5) (Version: 11/19/2010 1.2.4.0 - SteelSeries)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows PE x86 x64 (HKLM\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
World of Warcraft®: Cataclysm MMO Gaming Mouse (HKLM\...\{B832F6BF-B53E-4A51-BD95-A1D5D956207C}) (Version: 1.01.0011 - SteelSeries)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Z Engine (HKLM\...\{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}) (Version: 2.5.0.29_NA - Ideazon)

==================== Restore Points  =========================

10-07-2014 04:00:02 Scheduled Checkpoint
10-07-2014 07:00:32 Windows Update
11-07-2014 04:00:04 Scheduled Checkpoint
12-07-2014 04:58:53 Scheduled Checkpoint
13-07-2014 04:00:09 Scheduled Checkpoint
14-07-2014 04:00:08 Scheduled Checkpoint
14-07-2014 22:16:45 avast! antivirus system restore point
15-07-2014 20:45:08 Removed AVG 2014
15-07-2014 20:49:01 Removed AVG 2014

==================== Hosts content: ==========================

2006-11-02 06:23 - 2014-07-16 06:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D0FE15-A83C-4502-B134-6E7426CD8D86} - System32\Tasks\Acer\Acer Assist\New Message Check - WoW Account => C:\Program Files\Acer Assist\AcerAssist.exe [2007-02-07] (Acer Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F56BFE0-BBAA-4D6E-9D2C-0B1D0831DCD0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {259D7C66-C8FD-428A-A90F-A46C5075073A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {27281CF5-9C77-45B4-AB9D-ECB085BFDE0C} - System32\Tasks\{B033210F-E153-40FF-BCF1-0559712394F6} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {447DF263-4342-437C-AC49-B04EEBC0503F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-20] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {B851E60C-00DD-4B8A-9CB6-A38E368BE54A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-14] (AVAST Software)
Task: {BC048E45-B249-4C6E-8DF4-3F3CFBCA5024} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-14 18:19 - 2014-07-14 18:19 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-16 17:08 - 2014-07-16 17:08 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071601\algo.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00098304 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLSchRecordMonitor.dll
2008-03-16 15:47 - 2008-01-25 21:49 - 00260096 _____ () C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\sqlite3.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-03-16 15:48 - 2006-07-19 14:36 - 00262247 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-08-27 17:39 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-08-27 17:39 - 2007-06-28 18:15 - 00081920 _____ () C:\Acer\Empowering Technology\eRecovery\INT15.dll
2012-04-02 00:40 - 2012-09-27 21:10 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2008-08-27 20:33 - 2007-12-11 15:36 - 00245760 _____ () C:\Windows\system32\WlanApp.dll
2010-04-08 19:17 - 2012-12-08 17:31 - 03093624 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2008-08-27 17:14 - 2008-04-14 10:55 - 00020480 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASETRES.EXE

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aawservice => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 07:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 10:18:18 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/15/2014 10:18:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/15/2014 10:15:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/15/2014 05:30:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 09:08:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/14/2014 09:08:39 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/14/2014 09:06:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/14/2014 06:16:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {062dda45-cdfe-4c3e-8bde-56e7eee04b72}

Error: (07/10/2014 04:09:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4


System errors:
=============
Error: (07/16/2014 06:03:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/16/2014 05:56:47 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/16/2014 05:49:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (07/15/2014 10:12:52 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.

Error: (07/15/2014 10:12:51 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (07/10/2014 03:02:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (07/10/2014 03:02:47 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (01/19/2014 01:47:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 284080 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (11/02/2013 09:49:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9984 seconds with 1860 seconds of active time.  This session ended with a crash.

Error: (06/05/2013 00:00:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94826 seconds with 780 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-16 19:46:20.935
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:19.921
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:18.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:18.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:17.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:16.317
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:15.475
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:46:14.695
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:13.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:04:12.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3070.32 MB
Available physical RAM: 1492.13 MB
Total Pagefile: 6346.72 MB
Available Pagefile: 4719.54 MB
Total Virtual: 2559.88 MB
Available Virtual: 2422.32 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.29 GB) (Free:57.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.04 GB) (Free:65.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 51EBCBAA)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144 GB) - (Type=06)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[deeprybka]

That's it!
Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: .
Thank you!

Uninstall Combofix:
Type "combofix /uninstall" in the run box (win+R) and hit enter.


Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

• You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
• Download DelFix (by Xplode) and save it to your Desktop.
  • Close all running programs and start delfix.exe.
  • Make sure that all available options are checked.
  • Click on Run
  • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
• If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java 7 Update 40
Adobe Reader X (10.1.4)

 

Tips

Change all online-passwords now.

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

[Camigwen]

Thank you so much for your help, I really appreciate it. I am assuming that the Internet Explorer icon that appeared on my desktop was just a regular Internet Explorer shortcut and I have deleted it again.

[Camigwen]

Okay, so it has been less than a day since I was cleaned, and I have done nothing but visit my email website, financial institute website, one online game site and Facebook to change my passwords. I ran a Malwarebytes scan before bed that came up clean and today avast! detected a Win32 Dropper-gen. Avast is currently running a boot-scan, as per the software's recommendation, but it has been running for an hour and it is only at 3%. Should I allow the boot-scan to continue, or are there other suggestions you have?

[deeprybka]

Yes, continue with the scan and afterwards please post all avast logs...

[Camigwen]

I actually can't find the avast txt logs anywhere. Everything I've searched says to go into the Avast Program File, into a folder called "report", but even when I select to show hidden folders, I cannot find the logs. Access is denied to the Documents and Settings folder, which was the other place I saw to find Avast logs.

 

After the boot-scan, Avast did not report any infections.

[deeprybka]

Hi,

try this:

Maybe you can post a screenshot, so that I can see where the "Win32 Dropper-gen" found was...

[Camigwen]

[deeprybka]

Hi,

please remove the files from chest and make an upload to www.virustotal.com and post the link with the results.

[Camigwen]

https://www.virustotal.com/en-gb/file/cca5884ed9464d5a06c81a93a13a3be6df9b7837db85e94512f1ca4f7975485b/analysis/1405716752/

[deeprybka]

Most likely false positiv...

You have to tell your antivirus program to ignore launcher.exe...or if the program is not required delete it or left the files in chest.

[Camigwen]

OKay, perfect Thank you!