Jump to content

Issues with firefoxhelper.exe, iehelper.exe and trojan


Recommended Posts

This morning Kaspersky flagged unusual malware activity and prompted me to begin a disinfection of files such as firefoxhelper.exe, iehelper.exe and updater.exe along with several possible trojans. Immediately after I noticed my PC had slowed down significantly, after checking task manager processes I found that these 3 files were still active. I then proceeded to run Malware anti-malware which found 152 threats, all of which were then quarantined. Again these 3 files were still present in task manager, next step was to run Farbar recovery scan tool. I will post the details of the scan here:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by ashley (administrator) on ASHLEY-PC on 17-07-2014 11:34:30
Running from C:\Users\ashley\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Curse) C:\Users\ashley\AppData\Local\Apps\2.0\TX6XRWRV.H4X\8JE1Y603.OBM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [browserSafeguard] => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-1040579180-670376534-740044944-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1040579180-670376534-740044944-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1040579180-670376534-740044944-1000\...\Run: [MsnMsgr] => "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-21-1040579180-670376534-740044944-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1040579180-670376534-740044944-1000\...\MountPoints2: {cac4384b-c7d7-11e3-9a87-806e6f6e6963} - D:\autorun.exe
Startup: C:\Users\ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKCU - DefaultScope {A19D95F1-2E11-43F5-BA8A-03BC20F3BF18} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A19D95F1-2E11-43F5-BA8A-03BC20F3BF18} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C823C721-B108-49A9-940F-9EF2BF28CEB5} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-07-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-07-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-07-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-07-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-07-16]
 
Chrome: 
=======
CHR HomePage: hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: "https://www.google.co.uk/"
CHR NewTab: "chrome-extension://icdlfehblmklkikfigmjhbmmpmkmpooj/redirect.html"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Beautiful landscape) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig [2014-07-04]
CHR Extension: (Google Docs) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-27]
CHR Extension: (Google Drive) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-27]
CHR Extension: (YouTube) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-27]
CHR Extension: (Google Search) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-27]
CHR Extension: (Safe Money) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-16]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-16]
CHR Extension: (Virtual Keyboard) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
CHR Extension: (Gmail) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-27]
CHR Extension: (Anti-Banner) - C:\Users\ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-11] (Kaspersky Lab ZAO)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-07-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-07-16] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-07-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-07-16] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-07-16] (Kaspersky Lab ZAO)
U0 mefyir; C:\Windows\System32\drivers\jfpfc.sys [79064 2014-07-17] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Cam3820; System32\Drivers\cam3820a.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-17 11:34 - 2014-07-17 11:35 - 00018606 _____ () C:\Users\ashley\Downloads\FRST.txt
2014-07-17 11:34 - 2014-07-17 11:34 - 00000000 ____D () C:\FRST
2014-07-17 11:33 - 2014-07-17 11:33 - 02086912 _____ (Farbar) C:\Users\ashley\Downloads\FRST64.exe
2014-07-17 11:31 - 2014-07-17 11:31 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jfpfc.sys
2014-07-17 10:52 - 2014-07-17 11:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 10:52 - 2014-07-17 10:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 10:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 10:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 10:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 10:50 - 2014-07-17 10:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ashley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 10:34 - 2014-07-17 10:34 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-17 09:46 - 2014-07-17 10:40 - 00000336 _____ () C:\Windows\setupact.log
2014-07-17 09:46 - 2014-07-17 09:46 - 00006360 _____ () C:\Windows\PFRO.log
2014-07-17 09:46 - 2014-07-17 09:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-16 11:17 - 2014-07-16 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-16 11:17 - 2014-07-16 11:17 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-16 11:17 - 2014-07-16 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 11:17 - 2014-07-16 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 11:15 - 2014-07-16 11:16 - 04812672 _____ (Piriform Ltd) C:\Users\ashley\Downloads\ccsetup415.exe
2014-07-16 10:11 - 2014-07-17 11:31 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Systweak
2014-07-16 10:11 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-07-16 10:10 - 2014-07-16 10:10 - 00000097 _____ () C:\Users\ashley\AppData\Roaming\WindApp.boostrap.log
2014-07-16 01:16 - 2014-07-16 09:50 - 00002330 _____ () C:\Users\ashley\Desktop\Safe Money.lnk
2014-07-16 01:15 - 2014-07-16 01:15 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-16 01:15 - 2014-07-16 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-07-16 01:15 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-07-16 01:14 - 2014-07-17 10:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-16 01:14 - 2014-07-16 01:34 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-16 01:14 - 2014-07-16 01:34 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-16 00:54 - 2014-07-16 01:13 - 252836160 _____ (Kaspersky Lab) C:\Users\ashley\Downloads\kis14.0.0.4651abEN_5146_2.exe
2014-07-15 22:55 - 2014-07-15 22:55 - 00003608 ____N () C:\bootsqm.dat
2014-07-15 18:52 - 2014-07-15 18:52 - 00000000 ____D () C:\Users\ashley\Documents\WB Games
2014-07-15 18:51 - 2014-07-15 18:51 - 00000000 ____D () C:\Users\ashley\AppData\Local\Downloaded Installations
2014-07-15 18:51 - 2014-07-15 18:51 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-07-11 17:12 - 2014-07-11 17:12 - 00000000 ____D () C:\Windows\Watson
2014-07-10 00:51 - 2014-07-10 00:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-09 22:05 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 22:05 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 22:05 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 22:05 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 22:05 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 22:05 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 22:05 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 22:05 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 22:05 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 22:05 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 22:05 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 22:05 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 22:05 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 22:05 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 22:05 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 22:05 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 22:05 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 22:05 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 22:05 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 22:05 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 22:05 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 22:05 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 22:05 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 22:05 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 22:05 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 22:05 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 22:05 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 22:05 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 22:05 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 22:05 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 22:05 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 22:05 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 22:05 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 22:05 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 22:05 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 22:05 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 22:05 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 22:05 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 22:05 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 22:05 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 22:05 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 22:05 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 22:05 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 22:05 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 22:05 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 22:05 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 22:05 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 22:05 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 22:05 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 22:05 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 22:05 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 22:05 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 22:05 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 22:05 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 22:05 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 22:05 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 22:05 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 22:05 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 22:05 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 22:05 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 22:05 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 22:05 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 22:05 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 22:05 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 22:02 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 22:02 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 22:02 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 12:13 - 2014-07-09 12:13 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-09 12:10 - 2014-07-09 12:10 - 01496480 _____ ( ) C:\Users\ashley\Downloads\cpu-z_1.69-setup-en.exe
2014-07-08 21:22 - 2014-07-08 21:22 - 00000094 _____ () C:\Users\ashley\AppData\Local\fusioncache.dat
2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\Users\ashley\AppData\Local\Turbine
2014-07-08 21:17 - 2014-07-08 21:17 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-07-08 15:46 - 2014-07-08 15:46 - 00231760 _____ () C:\Users\ashley\Downloads\CrucialUKScan.exe
2014-07-08 15:25 - 2014-07-08 15:25 - 00059435 _____ () C:\Users\ashley\Downloads\memtest86+-5.01.iso.zip
2014-07-08 15:12 - 2014-07-08 15:12 - 01141408 _____ ( ) C:\Users\ashley\Downloads\hwmonitor_1.25-setup.exe
2014-07-08 12:50 - 2014-07-08 12:50 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-08 12:38 - 2014-07-08 12:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-07-06 20:19 - 2014-07-16 11:20 - 00000000 ____D () C:\Users\ashley\AppData\Local\Glyph
2014-07-06 20:19 - 2014-07-06 20:19 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-06 15:10 - 2014-07-06 15:10 - 00000000 ____D () C:\Users\ashley\AppData\Local\Ascaron Entertainment
2014-07-04 17:35 - 2014-07-04 17:35 - 00002402 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-07-04 17:35 - 2014-07-04 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2014-07-03 17:31 - 2014-07-16 11:18 - 00000000 ____D () C:\Windows\Minidump
2014-07-01 20:16 - 2014-07-16 11:22 - 00000695 _____ () C:\Users\ashley\Documents\Uninstall STAR WARS The Old Republic.log
2014-07-01 13:35 - 2014-07-01 13:35 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-26 00:27 - 2014-06-26 00:27 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
2014-06-22 18:36 - 2014-06-22 18:36 - 00024457 _____ () C:\Users\ashley\Documents\tina.txt
2014-06-22 16:39 - 2014-06-22 16:39 - 00001491 _____ () C:\Users\ashley\Desktop\Wildstar - Shortcut.lnk
2014-06-21 20:02 - 2014-07-03 20:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-20 09:42 - 2014-06-20 09:42 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-06-20 09:42 - 2014-06-20 09:42 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-06-17 11:00 - 2014-06-17 11:00 - 00000000 ____D () C:\Users\ashley\AppData\Local\Adobe
 
==================== One Month Modified Files and Folders =======
 
2014-07-17 11:35 - 2014-07-17 11:34 - 00018606 _____ () C:\Users\ashley\Downloads\FRST.txt
2014-07-17 11:34 - 2014-07-17 11:34 - 00000000 ____D () C:\FRST
2014-07-17 11:33 - 2014-07-17 11:33 - 02086912 _____ (Farbar) C:\Users\ashley\Downloads\FRST64.exe
2014-07-17 11:32 - 2014-07-17 10:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 11:31 - 2014-07-17 11:31 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jfpfc.sys
2014-07-17 11:31 - 2014-07-16 10:11 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Systweak
2014-07-17 11:31 - 2014-01-25 19:30 - 00000000 ____D () C:\ProgramData\RHelpers
2014-07-17 11:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-17 11:19 - 2013-12-04 17:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-17 11:06 - 2014-03-27 16:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 10:54 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-17 10:54 - 2009-07-14 05:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-17 10:52 - 2014-07-17 10:52 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 10:52 - 2014-07-17 10:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 10:52 - 2013-12-04 23:33 - 01776384 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 10:51 - 2014-07-17 10:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ashley\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-17 10:44 - 2013-12-04 18:38 - 00000000 ____D () C:\Users\ashley\AppData\Local\Deployment
2014-07-17 10:43 - 2013-12-04 19:03 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Skype
2014-07-17 10:41 - 2014-03-27 16:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 10:40 - 2014-07-17 09:46 - 00000336 _____ () C:\Windows\setupact.log
2014-07-17 10:40 - 2014-07-16 01:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-17 10:40 - 2013-12-04 17:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-17 10:40 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-17 10:39 - 2013-12-05 16:06 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-17 10:34 - 2014-07-17 10:34 - 00262144 _____ () C:\Windows\system32\config\elam
2014-07-17 09:46 - 2014-07-17 09:46 - 00006360 _____ () C:\Windows\PFRO.log
2014-07-17 09:46 - 2014-07-17 09:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-17 00:23 - 2013-12-04 15:43 - 00000000 ____D () C:\Users\ashley
2014-07-16 12:48 - 2013-12-19 18:51 - 00000000 ____D () C:\Users\ashley\AppData\Local\Battle.net
2014-07-16 12:48 - 2013-12-19 18:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-16 12:05 - 2014-05-30 22:59 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\StarTrekPC
2014-07-16 11:22 - 2014-07-01 20:16 - 00000695 _____ () C:\Users\ashley\Documents\Uninstall STAR WARS The Old Republic.log
2014-07-16 11:20 - 2014-07-06 20:19 - 00000000 ____D () C:\Users\ashley\AppData\Local\Glyph
2014-07-16 11:18 - 2014-07-03 17:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-16 11:18 - 2014-01-24 21:15 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Ventrilo
2014-07-16 11:18 - 2013-12-25 21:48 - 00000000 ____D () C:\Users\ashley\AppData\Local\CrashDumps
2014-07-16 11:18 - 2013-12-05 11:52 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Azureus
2014-07-16 11:18 - 2013-12-04 23:27 - 00000000 ____D () C:\Windows\Panther
2014-07-16 11:17 - 2014-07-16 11:17 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-16 11:17 - 2014-07-16 11:17 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-16 11:17 - 2014-07-16 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-16 11:17 - 2014-07-16 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 11:16 - 2014-07-16 11:15 - 04812672 _____ (Piriform Ltd) C:\Users\ashley\Downloads\ccsetup415.exe
2014-07-16 10:10 - 2014-07-16 10:10 - 00000097 _____ () C:\Users\ashley\AppData\Roaming\WindApp.boostrap.log
2014-07-16 09:50 - 2014-07-16 01:16 - 00002330 _____ () C:\Users\ashley\Desktop\Safe Money.lnk
2014-07-16 08:45 - 2014-05-24 10:02 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-07-16 08:45 - 2013-12-04 17:36 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-07-16 08:45 - 2013-12-04 17:26 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-07-16 08:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-07-16 04:05 - 2013-12-19 18:51 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Battle.net
2014-07-16 04:05 - 2013-12-06 12:38 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Arc
2014-07-16 04:04 - 2013-12-19 18:55 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-07-16 01:34 - 2014-07-16 01:14 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-07-16 01:34 - 2014-07-16 01:14 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-07-16 01:34 - 2013-10-11 13:25 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-07-16 01:34 - 2013-10-11 13:25 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-07-16 01:34 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-07-16 01:15 - 2014-07-16 01:15 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-07-16 01:15 - 2014-07-16 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-07-16 01:14 - 2014-07-16 01:14 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-16 01:13 - 2014-07-16 00:54 - 252836160 _____ (Kaspersky Lab) C:\Users\ashley\Downloads\kis14.0.0.4651abEN_5146_2.exe
2014-07-16 00:18 - 2013-12-04 17:36 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-16 00:18 - 2013-12-04 17:26 - 00000000 ____D () C:\ProgramData\Norton
2014-07-15 22:55 - 2014-07-15 22:55 - 00003608 ____N () C:\bootsqm.dat
2014-07-15 19:07 - 2013-12-04 17:14 - 00058800 _____ () C:\Users\ashley\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 18:52 - 2014-07-15 18:52 - 00000000 ____D () C:\Users\ashley\Documents\WB Games
2014-07-15 18:51 - 2014-07-15 18:51 - 00000000 ____D () C:\Users\ashley\AppData\Local\Downloaded Installations
2014-07-15 18:51 - 2014-07-15 18:51 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-07-11 17:12 - 2014-07-11 17:12 - 00000000 ____D () C:\Windows\Watson
2014-07-10 11:40 - 2009-07-14 05:45 - 04893336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 11:39 - 2011-04-12 09:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 11:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 11:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 00:51 - 2014-07-10 00:51 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-07-10 00:51 - 2013-12-04 16:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 00:49 - 2013-12-04 16:08 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:13 - 2014-07-09 12:13 - 00000869 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-07-09 12:13 - 2014-02-12 19:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-07-09 12:13 - 2014-02-12 19:32 - 00000000 ____D () C:\Program Files\CPUID
2014-07-09 12:10 - 2014-07-09 12:10 - 01496480 _____ ( ) C:\Users\ashley\Downloads\cpu-z_1.69-setup-en.exe
2014-07-09 09:19 - 2013-12-04 17:45 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:19 - 2013-12-04 17:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:19 - 2013-12-04 17:45 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 21:23 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 21:22 - 2014-07-08 21:22 - 00000094 _____ () C:\Users\ashley\AppData\Local\fusioncache.dat
2014-07-08 21:21 - 2014-07-08 21:21 - 00000000 ____D () C:\Users\ashley\AppData\Local\Turbine
2014-07-08 21:19 - 2013-12-04 18:04 - 00803878 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-08 21:17 - 2014-07-08 21:17 - 00000000 ____D () C:\Windows\SysWOW64\URTTEMP
2014-07-08 15:46 - 2014-07-08 15:46 - 00231760 _____ () C:\Users\ashley\Downloads\CrucialUKScan.exe
2014-07-08 15:25 - 2014-07-08 15:25 - 00059435 _____ () C:\Users\ashley\Downloads\memtest86+-5.01.iso.zip
2014-07-08 15:13 - 2014-02-12 19:32 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-07-08 15:12 - 2014-07-08 15:12 - 01141408 _____ ( ) C:\Users\ashley\Downloads\hwmonitor_1.25-setup.exe
2014-07-08 12:50 - 2014-07-08 12:50 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-07-08 12:50 - 2013-12-23 02:13 - 00000000 ____D () C:\Users\ashley\Documents\my games
2014-07-08 12:48 - 2013-12-06 12:37 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-08 12:38 - 2014-07-08 12:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-07-06 20:19 - 2014-07-06 20:19 - 00000000 ____D () C:\ProgramData\Glyph
2014-07-06 15:10 - 2014-07-06 15:10 - 00000000 ____D () C:\Users\ashley\AppData\Local\Ascaron Entertainment
2014-07-04 17:35 - 2014-07-04 17:35 - 00002402 _____ () C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-07-04 17:35 - 2014-07-04 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2014-07-04 02:17 - 2014-06-04 00:24 - 00000000 ____D () C:\Users\ashley\AppData\Local\SWTOR
2014-07-04 02:17 - 2014-06-03 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2014-07-03 20:34 - 2014-06-21 20:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-01 13:35 - 2014-07-01 13:35 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Warner Bros. Interactive Entertainment
2014-06-26 00:27 - 2014-06-26 00:27 - 00000000 ____D () C:\Program Files (x86)\SquareEnix
2014-06-22 18:36 - 2014-06-22 18:36 - 00024457 _____ () C:\Users\ashley\Documents\tina.txt
2014-06-22 16:39 - 2014-06-22 16:39 - 00001491 _____ () C:\Users\ashley\Desktop\Wildstar - Shortcut.lnk
2014-06-22 16:14 - 2013-12-19 15:20 - 00000000 ____D () C:\Users\ashley\AppData\Roaming\Mumble
2014-06-21 20:01 - 2014-03-27 16:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 20:01 - 2014-03-27 16:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 21:14 - 2014-07-09 22:05 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 20:39 - 2014-07-09 22:05 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 09:42 - 2014-06-20 09:42 - 00000000 ____D () C:\Program Files (x86)\Vuze Remote Toolbar
2014-06-20 09:42 - 2014-06-20 09:42 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-06-19 02:39 - 2014-07-09 22:05 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 02:06 - 2014-07-09 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:06 - 2014-07-09 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 01:48 - 2014-07-09 22:05 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 01:42 - 2014-07-09 22:05 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 01:42 - 2014-07-09 22:05 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 01:41 - 2014-07-09 22:05 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 01:41 - 2014-07-09 22:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 01:32 - 2014-07-09 22:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 01:31 - 2014-07-09 22:05 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 01:26 - 2014-07-09 22:05 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 01:24 - 2014-07-09 22:05 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 01:24 - 2014-07-09 22:05 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 01:23 - 2014-07-09 22:05 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 01:16 - 2014-07-09 22:05 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 01:14 - 2014-07-09 22:05 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 01:09 - 2014-07-09 22:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 00:59 - 2014-07-09 22:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 00:56 - 2014-07-09 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 00:53 - 2014-07-09 22:05 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 00:51 - 2014-07-09 22:05 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 00:50 - 2014-07-09 22:05 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 00:48 - 2014-07-09 22:05 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 00:39 - 2014-07-09 22:05 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 00:38 - 2014-07-09 22:05 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 00:37 - 2014-07-09 22:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 00:36 - 2014-07-09 22:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 00:35 - 2014-07-09 22:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 00:33 - 2014-07-09 22:05 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 00:32 - 2014-07-09 22:05 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 00:28 - 2014-07-09 22:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 00:28 - 2014-07-09 22:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 00:27 - 2014-07-09 22:05 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 00:27 - 2014-07-09 22:05 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 00:25 - 2014-07-09 22:05 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 00:23 - 2014-07-09 22:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 00:22 - 2014-07-09 22:05 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 00:12 - 2014-07-09 22:05 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 00:06 - 2014-07-09 22:05 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 00:01 - 2014-07-09 22:05 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 23:59 - 2014-07-09 22:05 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 23:58 - 2014-07-09 22:05 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 23:58 - 2014-07-09 22:05 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 23:52 - 2014-07-09 22:05 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 23:51 - 2014-07-09 22:05 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 23:49 - 2014-07-09 22:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 23:46 - 2014-07-09 22:05 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 23:45 - 2014-07-09 22:05 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 23:35 - 2014-07-09 22:05 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 23:34 - 2014-07-09 22:05 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 23:15 - 2014-07-09 22:05 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 23:13 - 2014-07-09 22:05 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 23:09 - 2014-07-09 22:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 23:07 - 2014-07-09 22:05 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 03:18 - 2014-07-09 22:05 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 02:51 - 2014-07-09 22:05 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 02:10 - 2014-07-09 22:05 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 11:25 - 2013-12-04 18:20 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-17 11:00 - 2014-06-17 11:00 - 00000000 ____D () C:\Users\ashley\AppData\Local\Adobe
 
Some content of TEMP:
====================
C:\Users\ashley\AppData\Local\Temp\BackupSetup.exe
C:\Users\ashley\AppData\Local\Temp\riftuninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-01-23 15:27
 
==================== End Of Log ============================
 
Hoping you can help me out here.
Link to post
Share on other sites

I forgot to add the Addition so here it.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by ashley at 2014-07-17 11:35:26
Running from C:\Users\ashley\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version:  - Sports Interactive)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Resident Evil Revelations / Biohazard Revelations UE (HKLM-x32\...\Steam App 222480) (Version:  - Capcom)
Sacred 2 Gold (HKLM-x32\...\Steam App 225640) (Version:  - Ascaron)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Star Trek (HKLM-x32\...\Steam App 203250) (Version:  - Digital Extremes)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Incredible Adventures of Van Helsing II (HKLM-x32\...\Steam App 272470) (Version:  - NeocoreGames)
The Secret World (HKLM-x32\...\Steam App 215280) (Version:  - Funcom)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v9.4 (HKLM-x32\...\{3396EEB1-E3EA-4805-944B-30A68CC3F363}) (Version: 9.4 - Spigot, Inc.) <==== ATTENTION
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
 
==================== Restore Points  =========================
 
08-07-2014 20:20:12 Installed DirectX
09-07-2014 23:46:13 Windows Update
10-07-2014 10:58:35 Windows Update
15-07-2014 17:50:16 Installed DirectX
15-07-2014 18:13:12 Windows Update
15-07-2014 23:08:00 Windows Update
16-07-2014 00:57:50 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1910B842-2370-4275-879F-CC7901461299} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\WSCStub.exe
Task: {43FC8CB6-C5EB-4511-B30C-93A7F4B36F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: {8346DD14-2FDB-474B-B1A2-62A792C28178} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe
Task: {8C0E78E0-AD76-4A5D-8877-8FB322594ED7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {8FE02C5C-F51F-4F98-8FBB-67C1B9F6C15B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {98919A54-55E7-448B-8D79-A63BBBCEA8B9} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.3.0.12\SymErr.exe
Task: {CF4E2282-305E-4413-9826-B86A24461D0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {F219B73E-7A0B-45C5-95EE-AC9065964BF8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-07 17:54 - 2014-05-20 02:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-13 11:26 - 2014-06-13 11:26 - 00014848 ____N () C:\Users\ashley\AppData\Local\Apps\2.0\TX6XRWRV.H4X\8JE1Y603.OBM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.WowDb.dll
2013-12-04 18:40 - 2013-12-04 18:39 - 00035840 _____ () C:\Users\ashley\AppData\Local\Apps\2.0\TX6XRWRV.H4X\8JE1Y603.OBM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.Advertising.dll
2014-06-13 11:26 - 2014-06-13 11:26 - 00099840 ____N () C:\Users\ashley\AppData\Local\Apps\2.0\TX6XRWRV.H4X\8JE1Y603.OBM\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\Curse.CurseClient.CMOD2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-16 13:34 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-27 16:34 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: E:\
Description: Card  Reader    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Multiple
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2014 10:42:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2014 09:47:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 08:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000223e0
Faulting process id: 0x4ab4
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
 
Error: (07/16/2014 09:44:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 00:22:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 11:56:28 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
Error: (07/15/2014 11:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 10:58:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 08:28:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 08:03:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (07/17/2014 10:47:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (07/17/2014 10:46:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (07/16/2014 10:16:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update focusbase service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/16/2014 01:35:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/16/2014 00:59:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (07/16/2014 00:59:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (07/16/2014 00:17:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton 360 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/15/2014 11:46:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
BHDrvx64
ccSet_N360
SymIRON
SymNetS
 
Error: (07/15/2014 11:46:16 PM) (Source: Microsoft-Windows-Subsys-SMSS) (EventID: 12) (User: NT AUTHORITY)
Description: 21C:\Windows\MEMORY.DMP
 
Error: (07/15/2014 08:31:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf
 
 
Microsoft Office Sessions:
=========================
Error: (07/17/2014 10:42:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/17/2014 09:47:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 08:18:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e04ab401cfa128fb2f81fbC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll016202a2-0d1e-11e4-851c-1c6f65b3bf01
 
Error: (07/16/2014 09:44:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/16/2014 00:22:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 11:56:28 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
Error: (07/15/2014 11:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 10:58:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 08:28:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/15/2014 08:03:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 30%
Total physical RAM: 8190.46 MB
Available physical RAM: 5693.23 MB
Total Pagefile: 16379.11 MB
Available Pagefile: 13601.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:482.72 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D180E0E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Kaspersky just popped up with another malware detection:

 

Packed.Win32.Krap.hc detected

 

Object: c:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe

 

Packed.Win32.Krap.hc detected

 

Object: C:\ProgramData\RHelpers\IeHelper\IeHelper.exe

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Very sorry for the delay. The site has been very busy and there has been more demand for support than we were able handle for a while there.
I'm just now getting back to see if you still need help or not. If you do please reply back and let me know and I'll go ahead and assist you.

Thank you
 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.