Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Just Cleared ZeroAccess. Or so I think...


  • This topic is locked This topic is locked
3 replies to this topic

#1 operating

operating

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 04 December 2013 - 12:40 PM

I have just cleared the ZeroAccess trojan from my system using RougueKiller.
 

I just want to be sure im totally clean of any infection

 

Just going thru the steps to post here and Im stuck on DDS. I get the error about not supposed to be run in 'compatibility mode'. Any idea how to get around this?

Ive seen on another post that FRST was run. I have run FRST and get the error 'Exception EAccessViolation in module ERUNT.exe.....'. Although it did let me run the scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by Calin (administrator) on OSIRIS on 04-12-2013 17:49:06
Running from C:\Users\Calin\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyTpService.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft) C:\Program Files (x86)\Intel Corporation\Intel® Sensor Solution Service\wakeupSensor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Cypress Semiconductor, Inc.) C:\Program Files\Cypress\TrackPad\CyHidWin.exe
(Cypress Semiconductor Corporation) C:\Program Files\Cypress\TrackPad\CyCpIo.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Compal Electronics, INC.) C:\Program Files\Dell\QuickSet\ResetTouch.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Dropbox, Inc.) C:\Users\Calin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-15] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [ResetTouch] - C:\Program Files\Dell\QuickSet\ResetTouch.exe [8500120 2012-10-17] (Compal Electronics, INC.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [5757328 2012-10-17] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2493272 2013-10-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKCU\...\Run: [DellSystemDetect] - C:\Users\Calin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-10-21] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\Calin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Calin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL =
SearchScopes: HKCU - {A8DB884D-6172-4E2D-A86F-89BAD5697F58} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Calin\AppData\Roaming\Mozilla\Firefox\Profiles\ns6nt9my.default
FF Homepage: https://www.google.co.uk/|https://www.facebook.com/|https://twitter.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: LastPass - C:\Users\Calin\AppData\Roaming\Mozilla\Firefox\Profiles\ns6nt9my.default\Extensions\support@lastpass.com

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Calin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 CyTpService; C:\Program Files\Cypress\TrackPad\CyTpService.exe [28672 2013-04-19] (Cypress Semiconductor Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-31] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-31] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [517344 2013-10-18] ()
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [200808 2012-05-10] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-13] (SoftThinks SAS)
R2 WakeupService; C:\Program Files (x86)\Intel Corporation\Intel® Sensor Solution Service\wakeupSensor.exe [8704 2012-08-30] (Microsoft)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 appliand; C:\Windows\system32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\system32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-07-30] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 cyhid; C:\Windows\System32\drivers\cyhid.sys [148480 2013-04-19] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\system32\DRIVERS\cykbfltr.sys [20992 2013-04-19] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\system32\DRIVERS\cymfltr.sys [102400 2013-04-19] (Cypress Semiconductor, Inc.)
R3 CySmb; C:\Windows\System32\drivers\CySmb.sys [10752 2013-04-19] (Cypress Semiconductor, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-14] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-14] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-14] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-14] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-14] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-14] (Intel Corporation)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-21] (Disc Soft Ltd)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-08-17] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-08-17] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-09-30] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
S3 iscFlash; C:\Users\Calin\AppData\Local\Temp\7zS6DE.tmp\iscflashx64.sys [58464 2012-08-24] (Insyde Software)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-18] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56672 2013-08-22] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-12-04] ()
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 17:49 - 2013-12-04 17:49 - 00019332 _____ C:\Users\Calin\Downloads\FRST.txt
2013-12-04 17:45 - 2013-12-04 17:45 - 01959766 _____ (Farbar) C:\Users\Calin\Downloads\FRST64.exe
2013-12-04 17:45 - 2013-12-04 17:45 - 00000000 ____D C:\FRST
2013-12-04 17:39 - 2013-12-04 17:39 - 00688992 _____ (Swearware) C:\Users\Calin\Downloads\dds.com
2013-12-04 14:31 - 2013-12-04 14:31 - 00001335 _____ C:\Users\Calin\Desktop\RKreport[0]_S_12042013_143104.txt
2013-12-04 14:21 - 2013-12-04 14:21 - 00002566 _____ C:\Users\Calin\Desktop\RKreport[0]_D_12042013_142139.txt
2013-12-04 14:18 - 2013-12-04 14:18 - 00002480 _____ C:\Users\Calin\Desktop\RKreport[0]_S_12042013_141849.txt
2013-12-04 14:16 - 2013-12-04 14:31 - 00000000 ____D C:\Users\Calin\Desktop\RK_Quarantine
2013-12-04 14:16 - 2013-12-04 14:16 - 04166144 _____ C:\Users\Calin\Downloads\RogueKillerX64.exe
2013-12-04 13:57 - 2013-12-04 13:57 - 05213016 _____ (F-Secure Corporation) C:\Users\Calin\Downloads\F-SecureOnlineScanner.exe
2013-12-04 13:04 - 2013-12-04 14:23 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-04 11:27 - 2013-12-04 11:36 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-04 11:26 - 2013-12-04 11:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-OSIRIS-Microsoft-Windows-8.1-(64-bit).dat
2013-12-04 11:25 - 2013-12-04 11:25 - 00000000 ____D C:\RegBackup
2013-12-03 22:47 - 2013-12-03 22:47 - 00000000 ____D C:\Users\Calin\Downloads\3CD MP3
2013-12-03 22:44 - 2013-12-03 22:44 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Malwarebytes
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 22:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-03 22:43 - 2013-12-03 22:43 - 05045639 _____ C:\Users\Calin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-12-03 22:43 - 2013-12-03 22:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-03 22:18 - 2013-12-03 22:18 - 00889416 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\dotNetFx40_Full_setup.exe
2013-12-03 22:16 - 2013-12-03 22:16 - 00875304 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\NetFxRepairTool.exe
2013-12-03 21:51 - 2013-12-03 21:51 - 00265750 _____ C:\Users\Calin\Downloads\dotnetfx_cleanup_tool(1).zip
2013-12-03 21:45 - 2013-12-03 21:45 - 00000000 ____D C:\Users\Calin\Downloads\dotnetfx_cleanup_tool
2013-12-03 21:44 - 2013-12-03 21:44 - 00265879 _____ C:\Users\Calin\Downloads\dotnetfx_cleanup_tool.zip
2013-12-03 21:39 - 2013-12-03 21:39 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Media Player Classic
2013-12-03 21:37 - 2013-12-03 21:37 - 01021432 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\NDP451-KB2859818-Web.exe
2013-12-03 13:01 - 2013-12-03 13:01 - 00001305 _____ C:\Users\Calin\Documents\Availability 02-12-13 to 01-01-14.txt
2013-12-03 11:21 - 2013-12-03 11:21 - 00010595 _____ C:\Users\Calin\Downloads\dellsystemdetect.application
2013-11-29 13:04 - 2013-11-29 13:05 - 02576680 _____ C:\Users\Calin\Documents\First floor landing window.avi
2013-11-29 13:03 - 2013-11-29 13:04 - 00000000 ____D C:\Program Files (x86)\Magic Video Converter
2013-11-29 13:03 - 2013-11-29 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\system
2013-11-29 13:03 - 2009-04-02 15:21 - 00084480 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2013-11-29 13:03 - 2008-06-08 23:58 - 00060273 _____ (Open Source Software community project) C:\WINDOWS\SysWOW64\pthreadGC2.dll
2013-11-29 13:03 - 2005-10-28 09:44 - 00308224 _____ (The Public) C:\WINDOWS\SysWOW64\avisynth.dll
2013-11-29 13:03 - 2004-02-22 01:11 - 00719872 _____ (Abysmal Software) C:\WINDOWS\SysWOW64\devil.dll
2013-11-29 13:03 - 2004-01-11 22:00 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2013-11-29 13:03 - 2003-03-19 03:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2013-11-29 11:44 - 2013-11-29 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-28 16:42 - 2013-10-13 02:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-28 16:42 - 2013-10-12 21:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-28 16:41 - 2013-10-23 11:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-11-28 16:41 - 2013-10-23 08:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-11-28 16:41 - 2013-10-19 08:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-28 16:41 - 2013-10-19 06:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-28 16:41 - 2013-10-19 06:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-28 16:41 - 2013-10-19 05:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-28 16:41 - 2013-10-19 05:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-28 16:41 - 2013-10-19 05:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-28 16:41 - 2013-10-19 04:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-28 16:41 - 2013-10-19 04:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-28 16:41 - 2013-10-19 04:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-28 16:41 - 2013-10-19 04:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-28 16:41 - 2013-10-19 03:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-28 16:41 - 2013-10-19 03:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-28 16:41 - 2013-10-19 03:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-28 16:41 - 2013-10-19 03:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-28 16:41 - 2013-10-19 03:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-28 16:41 - 2013-10-19 03:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-28 16:41 - 2013-10-16 15:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-28 16:41 - 2013-10-16 13:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-28 16:41 - 2013-10-12 21:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-28 16:41 - 2013-10-05 14:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-28 16:41 - 2013-10-05 08:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-28 16:35 - 2013-11-28 16:35 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-27 23:01 - 2013-11-27 23:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-11-27 23:01 - 2013-11-27 23:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-11-22 17:09 - 2013-11-28 16:29 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-11-22 17:08 - 2013-11-22 17:15 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-11-22 17:08 - 2013-11-22 17:09 - 00000000 ____D C:\ProgramData\BlueStacks
2013-11-20 07:53 - 2013-11-20 07:53 - 00000000 _____ C:\Users\Calin\AppData\Roaming\AbsoluteReminder.xml
2013-11-19 07:21 - 2013-11-19 07:21 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-19 07:19 - 2013-11-20 07:55 - 00002049 _____ C:\ProgramData\hpzinstall.log
2013-11-19 07:18 - 2013-11-19 07:18 - 00000000 ____D C:\ProgramData\HP
2013-11-18 19:56 - 2013-11-18 19:56 - 00229382 ____T C:\Users\Calin\Documents\auction.oxps
2013-11-18 19:09 - 2013-12-04 11:24 - 00000000 __RDO C:\Users\Calin\SkyDrive
2013-11-16 12:37 - 2013-11-16 12:37 - 00000000 ____D C:\Users\Calin\AppData\Roaming\PCDr
2013-11-13 07:33 - 2013-11-13 07:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-13 07:33 - 2013-11-13 07:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-10 21:33 - 2013-11-28 16:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-10 21:33 - 2013-11-28 16:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-09 22:13 - 2013-11-09 22:58 - 542466472 _____ C:\Users\Calin\Downloads\N9005XXUDMJ7_N9005OXADMJ4_BTU.zip.part
2013-11-09 22:13 - 2013-11-09 22:13 - 00000000 _____ C:\Users\Calin\Downloads\N9005XXUDMJ7_N9005OXADMJ4_BTU.zip
2013-11-06 22:47 - 2013-12-03 13:00 - 00028160 _____ C:\Users\Calin\Documents\Availability 02-12-13 to 01-01-14.xls
2013-11-06 08:44 - 2013-11-06 22:17 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Origin
2013-11-06 08:44 - 2013-11-06 08:44 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-11-06 08:43 - 2013-11-28 16:28 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-06 08:43 - 2013-11-06 08:44 - 00000000 ____D C:\ProgramData\Origin
2013-11-06 08:43 - 2013-11-06 08:43 - 00000000 ____D C:\Users\Calin\AppData\Local\Origin
2013-11-06 08:43 - 2013-11-06 08:43 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-06 08:36 - 2013-11-28 16:28 - 00000000 ____D C:\Users\Calin\Downloads\o-1.6
2013-11-06 08:33 - 2013-11-28 16:28 - 00000000 ____D C:\SIMCITY
2013-11-06 08:33 - 2013-11-06 22:29 - 00000000 ___SD C:\program1
2013-11-06 08:18 - 2013-11-28 16:28 - 00000000 ____D C:\Users\Calin\Downloads\DRA
2013-11-05 18:53 - 2013-12-03 22:10 - 00000000 ____D C:\Users\Calin\Downloads\rse

==================== One Month Modified Files and Folders =======

2013-12-04 17:49 - 2013-12-04 17:49 - 00019332 _____ C:\Users\Calin\Downloads\FRST.txt
2013-12-04 17:45 - 2013-12-04 17:45 - 01959766 _____ (Farbar) C:\Users\Calin\Downloads\FRST64.exe
2013-12-04 17:45 - 2013-12-04 17:45 - 00000000 ____D C:\FRST
2013-12-04 17:39 - 2013-12-04 17:39 - 00688992 _____ (Swearware) C:\Users\Calin\Downloads\dds.com
2013-12-04 17:11 - 2013-10-21 16:35 - 00000000 ____D C:\Users\Calin\Documents\Outlook Files
2013-12-04 17:06 - 2013-10-22 14:01 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 17:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-04 16:43 - 2013-10-21 09:20 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-562470408-839034859-2907516869-1001
2013-12-04 16:40 - 2013-10-21 15:34 - 01361680 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-04 14:31 - 2013-12-04 14:31 - 00001335 _____ C:\Users\Calin\Desktop\RKreport[0]_S_12042013_143104.txt
2013-12-04 14:31 - 2013-12-04 14:16 - 00000000 ____D C:\Users\Calin\Desktop\RK_Quarantine
2013-12-04 14:30 - 2013-03-19 22:41 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2013-12-04 14:29 - 2013-09-30 04:04 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-04 14:25 - 2013-10-22 14:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 14:24 - 2013-10-21 19:49 - 00000000 ___RD C:\Users\Calin\Dropbox
2013-12-04 14:24 - 2013-10-21 19:47 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Dropbox
2013-12-04 14:23 - 2013-12-04 13:04 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2013-12-04 14:23 - 2013-10-22 14:01 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 14:23 - 2013-10-21 15:32 - 00000000 ____D C:\Users\Calin
2013-12-04 14:23 - 2013-09-30 03:55 - 00050852 _____ C:\WINDOWS\PFRO.log
2013-12-04 14:23 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-04 14:23 - 2013-08-22 13:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-12-04 14:23 - 2013-03-19 22:36 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2013-12-04 14:21 - 2013-12-04 14:21 - 00002566 _____ C:\Users\Calin\Desktop\RKreport[0]_D_12042013_142139.txt
2013-12-04 14:18 - 2013-12-04 14:18 - 00002480 _____ C:\Users\Calin\Desktop\RKreport[0]_S_12042013_141849.txt
2013-12-04 14:16 - 2013-12-04 14:16 - 04166144 _____ C:\Users\Calin\Downloads\RogueKillerX64.exe
2013-12-04 13:57 - 2013-12-04 13:57 - 05213016 _____ (F-Secure Corporation) C:\Users\Calin\Downloads\F-SecureOnlineScanner.exe
2013-12-04 11:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-04 11:37 - 2013-08-22 14:44 - 00473392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-04 11:36 - 2013-12-04 11:27 - 00181064 _____ (Sysinternals) C:\WINDOWS\PSEXESVC.EXE
2013-12-04 11:32 - 2013-08-22 13:25 - 00000203 _____ C:\WINDOWS\win.ini
2013-12-04 11:26 - 2013-12-04 11:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-OSIRIS-Microsoft-Windows-8.1-(64-bit).dat
2013-12-04 11:25 - 2013-12-04 11:25 - 00000000 ____D C:\RegBackup
2013-12-04 11:24 - 2013-11-18 19:09 - 00000000 __RDO C:\Users\Calin\SkyDrive
2013-12-03 23:02 - 2013-10-21 09:14 - 00000000 ____D C:\Users\Calin\AppData\Local\Packages
2013-12-03 22:49 - 2013-10-21 19:00 - 00000000 ____D C:\Users\Calin\AppData\Roaming\uTorrent
2013-12-03 22:47 - 2013-12-03 22:47 - 00000000 ____D C:\Users\Calin\Downloads\VA 3CD MP3
2013-12-03 22:44 - 2013-12-03 22:44 - 00001123 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Malwarebytes
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 22:44 - 2013-12-03 22:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 22:43 - 2013-12-03 22:43 - 05045639 _____ C:\Users\Calin\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-12-03 22:43 - 2013-12-03 22:43 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-03 22:27 - 2013-10-22 14:00 - 00000000 ____D C:\Users\Calin\AppData\Local\Google
2013-12-03 22:18 - 2013-12-03 22:18 - 00889416 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\dotNetFx40_Full_setup.exe
2013-12-03 22:16 - 2013-12-03 22:16 - 00875304 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\NetFxRepairTool.exe
2013-12-03 22:11 - 2013-10-21 16:39 - 00362496 ___SH C:\Users\Calin\Downloads\Thumbs.db
2013-12-03 22:11 - 2013-10-21 16:32 - 00188416 ___SH C:\Users\Calin\Desktop\Thumbs.db
2013-12-03 22:10 - 2013-11-05 18:53 - 00000000 ____D C:\Users\Calin\Downloads\erse
2013-12-03 21:51 - 2013-12-03 21:51 - 00265750 _____ C:\Users\Calin\Downloads\dotnetfx_cleanup_tool(1).zip
2013-12-03 21:45 - 2013-12-03 21:45 - 00000000 ____D C:\Users\Calin\Downloads\dotnetfx_cleanup_tool
2013-12-03 21:44 - 2013-12-03 21:44 - 00265879 _____ C:\Users\Calin\Downloads\dotnetfx_cleanup_tool.zip
2013-12-03 21:39 - 2013-12-03 21:39 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Media Player Classic
2013-12-03 21:37 - 2013-12-03 21:37 - 01021432 _____ (Microsoft Corporation) C:\Users\Calin\Downloads\NDP451-KB2859818-Web.exe
2013-12-03 14:07 - 2013-10-21 16:44 - 00000000 ____D C:\Storage (Z)
2013-12-03 13:01 - 2013-12-03 13:01 - 00001305 _____ C:\Users\Calin\Documents\Availability 02-12-13 to 01-01-14.txt
2013-12-03 13:00 - 2013-11-06 22:47 - 00028160 _____ C:\Users\Calin\Documents\Availability 02-12-13 to 01-01-14.xls
2013-12-03 12:00 - 2013-10-21 16:32 - 00001797 _____ C:\Users\Calin\Documents\family adresses.txt
2013-12-03 11:21 - 2013-12-03 11:21 - 00010595 _____ C:\Users\Calin\Downloads\dellsystemdetect.application
2013-12-03 11:21 - 2013-10-21 17:09 - 00000000 ____D C:\Users\Calin\AppData\Local\Deployment
2013-11-29 13:07 - 2013-10-21 16:33 - 00056832 ___SH C:\Users\Calin\Documents\Thumbs.db
2013-11-29 13:05 - 2013-11-29 13:04 - 02576680 _____ C:\Users\Calin\Documents\First floor landing window.avi
2013-11-29 13:05 - 2013-10-21 19:30 - 00000000 ____D C:\Users\Calin\AppData\Roaming\vlc
2013-11-29 13:04 - 2013-11-29 13:03 - 00000000 ____D C:\Program Files (x86)\Magic Video Converter
2013-11-29 13:03 - 2013-11-29 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\system
2013-11-29 12:44 - 2013-10-21 19:54 - 00000000 ____D C:\Users\dani__000
2013-11-29 12:44 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-29 11:44 - 2013-11-29 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-29 11:44 - 2013-10-21 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-29 11:05 - 2013-08-22 14:46 - 00316286 _____ C:\WINDOWS\setupact.log
2013-11-28 16:53 - 2013-10-21 17:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-28 16:35 - 2013-11-28 16:35 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-11-28 16:29 - 2013-11-22 17:09 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 __RSD C:\WINDOWS\Media
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\icsxml
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-28 16:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Camera
2013-11-28 16:29 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-11-28 16:28 - 2013-11-10 21:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-28 16:28 - 2013-11-10 21:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-28 16:28 - 2013-11-06 08:43 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-28 16:28 - 2013-11-06 08:36 - 00000000 ____D C:\Users\Calin\Downloads\1.6
2013-11-28 16:28 - 2013-11-06 08:33 - 00000000 ____D C:\SIMCITY
2013-11-28 16:28 - 2013-11-06 08:18 - 00000000 ____D C:\Users\Calin\Downloads\DRA
2013-11-28 16:28 - 2013-10-21 19:54 - 00000000 ___RD C:\Users\dani__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-28 16:28 - 2013-10-21 19:54 - 00000000 ___RD C:\Users\dani__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-28 16:28 - 2013-10-21 19:54 - 00000000 ___RD C:\Users\dani__000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-28 16:28 - 2013-10-21 19:47 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-28 16:28 - 2013-10-21 19:23 - 00000000 ____D C:\Users\Calin\AppData\Roaming\IrfanView
2013-11-28 16:28 - 2013-10-21 17:29 - 00000000 ____D C:\ProgramData\MFAData
2013-11-28 16:28 - 2013-10-21 15:37 - 00000000 __SDO C:\Users\Calin\SkyDrive.old
2013-11-28 16:28 - 2013-10-21 09:14 - 00000000 ___RD C:\Users\Calin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-28 16:28 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\schemas
2013-11-28 16:28 - 2013-08-22 15:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-28 16:28 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\servicing
2013-11-28 16:28 - 2013-03-19 22:42 - 00000000 ____D C:\Program Files (x86)\Absolute Software
2013-11-28 16:27 - 2013-10-21 19:54 - 00000000 ____D C:\Users\dani__000\AppData\Local\Packages
2013-11-28 16:27 - 2013-10-21 17:39 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-28 16:27 - 2013-10-21 17:29 - 00000000 ____D C:\Users\Calin\AppData\Local\Avg2014
2013-11-28 16:27 - 2013-10-21 17:02 - 00000000 ____D C:\Users\Calin\AppData\Local\Mozilla
2013-11-28 16:27 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\registration
2013-11-28 15:26 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-11-27 23:01 - 2013-11-27 23:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-11-27 23:01 - 2013-11-27 23:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-11-22 19:22 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-22 17:15 - 2013-11-22 17:08 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-11-22 17:09 - 2013-11-22 17:08 - 00000000 ____D C:\ProgramData\BlueStacks
2013-11-20 10:48 - 2013-10-21 07:46 - 00107008 ___SH C:\Users\dani__000\Desktop\Thumbs.db
2013-11-20 10:47 - 2013-10-21 20:00 - 00000000 __SDO C:\Users\dani__000\SkyDrive
2013-11-20 07:55 - 2013-11-19 07:19 - 00002049 _____ C:\ProgramData\hpzinstall.log
2013-11-20 07:53 - 2013-11-20 07:53 - 00000000 _____ C:\Users\Calin\AppData\Roaming\AbsoluteReminder.xml
2013-11-19 07:21 - 2013-11-19 07:21 - 00000000 ____D C:\Program Files (x86)\HP
2013-11-19 07:18 - 2013-11-19 07:18 - 00000000 ____D C:\ProgramData\HP
2013-11-18 20:05 - 2013-10-21 14:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-18 19:57 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-11-18 19:56 - 2013-11-18 19:56 - 00229382 ____T C:\Users\Calin\Documents\auction.oxps
2013-11-18 19:23 - 2013-10-21 16:35 - 00000000 ____D C:\Users\Calin\Documents\Official Letters
2013-11-16 12:37 - 2013-11-16 12:37 - 00000000 ____D C:\Users\Calin\AppData\Roaming\PCDr
2013-11-13 11:48 - 2011-10-07 13:02 - 00000000 ____D C:\Welle-Mobel wardrobe erection Oct 11
2013-11-13 07:33 - 2013-11-13 07:33 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-13 07:33 - 2013-11-13 07:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-09 22:58 - 2013-11-09 22:13 - 542466472 _____ C:\Users\Calin\Downloads\N9005XXUDMJ7_N9005OXADMJ4_BTU.zip.part
2013-11-09 22:13 - 2013-11-09 22:13 - 00000000 _____ C:\Users\Calin\Downloads\N9005XXUDMJ7_N9005OXADMJ4_BTU.zip
2013-11-06 22:29 - 2013-11-06 08:33 - 00000000 ___SD C:\program1
2013-11-06 22:17 - 2013-11-06 08:44 - 00000000 ____D C:\Users\Calin\AppData\Roaming\Origin
2013-11-06 08:44 - 2013-11-06 08:44 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-11-06 08:44 - 2013-11-06 08:43 - 00000000 ____D C:\ProgramData\Origin
2013-11-06 08:43 - 2013-11-06 08:43 - 00000000 ____D C:\Users\Calin\AppData\Local\Origin
2013-11-06 08:43 - 2013-11-06 08:43 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-11-05 23:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Calin\AppData\Local\Temp\1347363964.exe
C:\Users\Calin\AppData\Local\Temp\1411447298.exe
C:\Users\Calin\AppData\Local\Temp\932265db-8ffd-4809-9b64-d7703d535814.exe
C:\Users\Calin\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Calin\AppData\Local\Temp\ghsvc.exe
C:\Users\Calin\AppData\Local\Temp\hcsi.exe
C:\Users\Calin\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Calin\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Calin\AppData\Local\Temp\mbam-setup.exe
C:\Users\Calin\AppData\Local\Temp\msimg32.dll
C:\Users\Calin\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Calin\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-25 22:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-12-2013
Ran by Calin at 2013-12-04 17:50:17
Running from C:\Users\Calin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
Absolute Reminder (x32 Version: 2.1.0.8)
Ad-Aware Antivirus (Version: 11.0.4555.0)
AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
AntimalwareEngine (Version: 2.6.0.0)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Cypress TrackPad (Version: 2.5.1.47)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0337)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.2)
Dell Backup and Recovery (x32 Version: 1.0.0.2)
Dell Custom Help (Version: 15.06.1000.0142)
Dell Digital Delivery (x32 Version: 2.2.2000.0)
Dell Support Center (Version: 3.2.6032.39)
Dell System Detect (HKCU Version: 5.3.2.10)
Dropbox (HKCU Version: 2.4.3)
DSC/AA Factory Installer (Version: 3.2.6032.39)
ffdshow [rev 2975] [2009-05-28] (x32 Version: 1.0)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Dynamic Platform and Thermal Framework (x32 Version: 6.0.5.1080)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2875)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.5.0.0248)
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167)
Intel® Rapid Start Technology (x32 Version: 2.1.0.1002)
Intel® Rapid Storage Technology (x32 Version: 11.5.0.1207)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Smart Connect Technology 3.0 x64 (Version: 3.0.41.1571)
Intel® WiDi (Version: 3.5.40.0)
Intel® PROSet/Wireless Software (x32 Version: 15.6.1)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
IrfanView (remove only) (x32 Version: 4.36)
KM v9.0.2.20131020 (Beta) (Version: 9.0.2.20131020)
Magic Video Converter 12.1.11.11 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 25.0.1 (x86 en-GB) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Photo Gallery (x32 Version: 16.4.3505.0912)
Quickset64 (Version: 10.15.011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6704)
Replay Media Catcher 4 (4.4.3) (x32 Version: 4.4.3)
Replay Music (x32 Version: 3.45)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.1.0)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.1.0 (x32 Version: 2.1.0)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
WinRAR 4.00 (64-bit) (Version: 4.00.0)

==================== Restore Points  =========================

20-11-2013 07:53:31 Removed Absolute Reminder
28-11-2013 16:10:13 Restore Operation
04-12-2013 11:24:51 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

2013-08-22 13:25 - 2013-12-04 11:32 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {039BB883-5E3A-42C0-8657-805083DA1F8F} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMo\Auo.exe
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3ACE8E90-FAC5-4505-AA06-5F820238860F} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-29] (Intel)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {65A6865F-D114-4786-BDC8-67F416B491BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7A02FF9B-D304-421A-83BA-A3F83F74E3E3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {7C274DD5-807A-4440-9114-A7FBAF35C1E2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\System32\AppXDeploymentClient.dll [2013-09-30] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AE380159-9B30-4E8A-8018-6A03D1B32244} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-22] (Google Inc.)
Task: {B0D3CFB9-9D47-4AD2-9627-1647E77B854B} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {B2A98FAC-03A5-4E7D-9BE3-821B24806DB2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {DA0FDC5C-FCF2-49F0-80D5-B06653053A3B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F7738565-0ADC-4A2A-8794-1C7D8CDAA2F9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-19 22:47 - 2012-09-13 10:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\pugixml.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 02747720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\RCF.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00123264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_filesystem-vc100-mt-1_53.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00023928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_system-vc100-mt-1_53.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00055168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_date_time-vc100-mt-1_53.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00102264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_thread-vc100-mt-1_53.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00499576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\boost_locale-vc100-mt-1_53.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00267616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\HtmlFramework.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00276816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Logger.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00064856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\DllStorage.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00643440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTrayDefaultSkin.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00140120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\Localization.dll
2013-10-18 17:02 - 2013-10-18 17:02 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\SQLite.dll
2013-07-19 12:55 - 2013-07-19 12:55 - 01421480 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 19:36 - 2012-10-01 19:36 - 00401024 _____ () C:\Program Files\Microsoft Office\Office15\msfad.dll
2013-03-13 20:48 - 2013-03-13 20:48 - 24978944 _____ () C:\Users\Calin\AppData\Roaming\Dropbox\bin\libcef.dll
2013-10-22 07:21 - 2013-10-22 07:21 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\a9dd3b12fecb739b31c31ede665bd0c2\PSIClient.ni.dll
2013-03-19 22:37 - 2012-06-25 17:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-03-19 22:41 - 2012-09-13 04:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-03-19 22:41 - 2012-08-06 17:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-03-19 22:41 - 2012-08-06 17:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2013-10-21 17:02 - 2013-11-29 11:43 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Calin\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Calin\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\dani__000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Light Sensor
Description: Light Sensor
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft
Service: SensorsAlsDriver
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2013 05:50:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:40:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:30:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:20:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:10:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:00:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:50:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:40:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:30:13 PM) (Source: WakeupService) (User: )
Description: Can't get sensors!!

Error: (12/04/2013 02:33:14 PM) (Source: ISCTAgent) (User: )
Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n


System errors:
=============
Error: (12/04/2013 04:54:37 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with the following service-specific error:
%%3758162006

Error: (12/04/2013 04:35:06 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume \\?\Volume{03022f14-6aec-48aa-8010-b12e1c4d5881}.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (12/04/2013 04:35:06 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume \\?\Volume{100d6982-687c-42de-8900-41471b64e981}.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (12/04/2013 04:35:06 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume \\?\Volume{9d025475-1218-4f5c-8c14-fd3c210bd532}.

The exact nature of the corruption is unknown.  The file system structures need to be scanned online.

Error: (12/04/2013 02:30:52 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with the following service-specific error:
%%3758162006

Error: (12/04/2013 02:30:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/04/2013 02:25:42 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/04/2013 02:24:15 PM) (Source: DCOM) (User: OSIRIS)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/04/2013 02:23:32 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (12/04/2013 02:23:29 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with the following service-specific error:
%%3758162006


Microsoft Office Sessions:
=========================
Error: (12/04/2013 05:50:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:40:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:30:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:20:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:10:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 05:00:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:50:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:40:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 04:30:13 PM) (Source: WakeupService)(User: )
Description: Can't get sensors!!

Error: (12/04/2013 02:33:14 PM) (Source: ISCTAgent)(User: )
Description: netDetect::AOACNetDetect::NetDetectSupported   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n


CodeIntegrity Errors:
===================================
  Date: 2013-12-04 14:23:32.031
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 13:20:28.858
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 13:13:43.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 13:09:13.346
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 13:04:12.913
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 11:43:30.744
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-04 11:37:45.907
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 8071.27 MB
Available physical RAM: 5107.01 MB
Total Pagefile: 9351.27 MB
Available Pagefile: 6368.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:221.08 GB) (Free:61.5 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:7.9 GB) (Free:0.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238 GB) (Disk ID: 08E843BE)

Partition: GPT Partition Type
==================== End Of Log =


Edited by operating, 04 December 2013 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 09 December 2013 - 11:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have reviewed your log and it's clean.

Let me know if you have any issues with this computer.

p.s.
The DDS tool is not compatible with windows 8.1 that is the reason you are getting this error.

#3 operating

operating
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:52 AM

Posted 10 December 2013 - 09:17 AM

Many thanks, feel free to close this thread



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 10 December 2013 - 02:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users