Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:Malware-gen and Win32:Installerex-X[PUP]


  • This topic is locked This topic is locked
10 replies to this topic

#1 RythmicJea

RythmicJea

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 20 December 2013 - 11:06 PM

I ran avast virus scan tonight and it came up with Win32:Malware-gen and when it asked to reboot so it could get rid of it, it ran another scan that found Win32:Installerex-x [PUP].

 

I would post a log but when I run DDS I get the following error:

"DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." 

 

I am using Windows 8 with Avast! as my anti-virus program. 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 PM

Posted 25 December 2013 - 11:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518135 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 RythmicJea

RythmicJea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 26 December 2013 - 07:26 PM

I still need help. I have run my anti-virus program and followed it to remove the malware and when I run a scan it shows cleared. My computer runs faster since Avast! has said it is cleared but not as fast as I think it can (but that might be my internet connection and router). I have read up on the first virus and know that it can hide and I want to make sure that my system is clean. I cannot run a DDS log because I have Windows 8 and it gives me the following error:

 

"DDS is not meant to run in 'Compatibility Mode'. The program shall now exit." 

 

And then it closes down. I have deleted the program.

 

I have Windows version 8.1 and it is a 64bit. I do not have the original Windows CD as it did not come with my computer. 

 

Thank you.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 27 December 2013 - 10:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

The DDS tool is not compatible with Windows 8.1. Use this one.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 RythmicJea

RythmicJea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 27 December 2013 - 07:49 PM

Adware Log:

# AdwCleaner v3.016 - Report created 27/12/2013 at 19:13:41
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Lea - JEANNIE
# Running from : C:\Users\Lea\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[x] Not Deleted : C:\Users\Lea\AppData\Local\Pokki
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKCU\Software\Classes\*\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\Directory\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\Drive\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\Folder\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[x] Not Deleted : HKCU\Software\Classes\pokki
[x] Not Deleted : HKCU\Software\Pokki
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[x] Not Deleted : [x64] HKCU\Software\Pokki
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1302 octets] - [27/12/2013 19:06:56]
AdwCleaner[S0].txt - [1284 octets] - [27/12/2013 19:13:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1344 octets] ##########
 
 
JRT Log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by Lea on Fri 12/27/2013 at 19:20:20.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/27/2013 at 19:37:19.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FarBar Logs: 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2013 01
Ran by Lea (administrator) on JEANNIE on 27-12-2013 19:44:52
Running from C:\Users\Lea\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Pokki) C:\Users\Lea\AppData\Local\Pokki\Engine\pokki.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Pokki) C:\Users\Lea\AppData\Local\Pokki\Engine\pokki.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Motorola Mobility Inc.) C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
(BitTorrent Inc.) C:\Users\Lea\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Lea\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe [892664 2012-12-17] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] - C:\Program Files\CONEXANT\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\windows\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [BtServer] - C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe [459776 2013-01-28] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Lenovo Transition] - C:\Program Files (x86)\Lenovo\Lenovo Transition\Lenovo Transition.exe [209488 2013-04-07] (Lenovo)
HKLM\...\Run: [yogaserver] - C:\ProgramData\YogaSmartSwicth\yogaserver.exe [209488 2013-04-07] ()
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [191544 2013-04-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynLenovoGestureMgr] - C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-19] (Synaptics)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-22] (Google Inc.)
HKCU\...\Run: [MotoCast] - C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk [2066 2013-08-01] ()
HKCU\...\Run: [Facebook Update] - C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-08] (Facebook Inc.)
HKCU\...\Run: [GoogleChromeAutoLaunch_572F54ED57E60A5D6ED88041CB0947C7] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184 2013-12-03] (Google Inc.)
HKCU\...\RunOnce: [Application Restart #3] - C:\Users\Lea\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\Lea\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --enable-touch-events --flag-switches-begin --flag-switches-end --restore-last-session [8252744 2013-11-01] (Pokki)
MountPoints2: {94ac5db7-f84f-11e2-be85-2cd05a8d4070} - "E:\MotoCastSetup.exe" -a
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope {C6832FB6-98E4-4A39-AC32-1FA1A757A9F8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {C6832FB6-98E4-4A39-AC32-1FA1A757A9F8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {C6832FB6-98E4-4A39-AC32-1FA1A757A9F8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {C6832FB6-98E4-4A39-AC32-1FA1A757A9F8} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Chrome: 
=======
CHR HomePage: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Facebook) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0
CHR Extension: (Gridpix) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfgibmanhngfopcofdondcekphkbfma\1.0.6_0
CHR Extension: (Google Search) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Netflix) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0
CHR Extension: (NoNoSparks Genesis) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\emckmlnfmemaompnmnnebnlgmneojmag\2.3.5_0
CHR Extension: (Candy) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0_0
CHR Extension: (avast! Online Security) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Feedly - News, Blogs and Youtube) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0
CHR Extension: (Hulu™) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdoldfgnhlbijenhmmoajnmbgladlei\2.0.3_0
CHR Extension: (BBC Good Food) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Flow Colors) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.3_0
CHR Extension: (Gmail) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [39936 2013-01-28] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2013-04-07] (Lenovo)
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2013-12-22] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2013-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-14] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1034464 2013-12-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [422216 2013-12-22] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [82744 2013-12-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
R3 leymc; C:\Windows\system32\DRIVERS\leymc.sys [17240 2013-04-07] (Lenovo)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [696976 2012-09-06] (Realtek Semiconductor Corporation)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-19] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1058680 2012-08-11] (Sunplus)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 aswKbd; \??\C:\WINDOWS\system32\drivers\aswKbd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-27 19:44 - 2013-12-27 19:45 - 00018474 _____ C:\Users\Lea\Desktop\FRST.txt
2013-12-27 19:44 - 2013-12-27 19:44 - 00000000 ____D C:\FRST
2013-12-27 19:37 - 2013-12-27 19:37 - 00000620 _____ C:\Users\Lea\Desktop\JRT.txt
2013-12-27 19:20 - 2013-12-27 19:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 19:06 - 2013-12-27 19:14 - 00000000 ____D C:\AdwCleaner
2013-12-27 19:04 - 2013-12-27 19:04 - 01930746 _____ (Farbar) C:\Users\Lea\Desktop\FRST64.exe
2013-12-27 19:04 - 2013-12-27 19:04 - 01034531 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2013-12-27 19:02 - 2013-12-27 19:02 - 01233962 _____ C:\Users\Lea\Desktop\adwcleaner.exe
2013-12-26 19:22 - 2013-12-26 19:24 - 00688992 _____ (Swearware) C:\Users\Lea\Downloads\dds.com
2013-12-23 22:14 - 2013-12-23 22:14 - 00513061 _____ C:\Users\Lea\Downloads\34ad6d60b1-gif.zip
2013-12-22 16:38 - 2013-12-22 16:38 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 16:38 - 2013-12-22 16:37 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-14 12:24 - 2013-11-11 18:27 - 00701440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-12-14 12:24 - 2013-11-11 18:24 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-12-14 12:24 - 2013-11-07 23:28 - 13177344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-12-14 12:24 - 2013-11-04 12:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-12-14 12:24 - 2013-11-04 05:32 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-12-14 12:24 - 2013-10-30 19:42 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-12-14 12:23 - 2013-11-11 18:41 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:23 - 2013-11-11 18:40 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-14 12:23 - 2013-11-10 21:48 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-12-14 12:23 - 2013-11-09 06:55 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-12-14 12:23 - 2013-11-09 01:37 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2013-12-14 12:23 - 2013-11-09 00:56 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2013-12-14 12:23 - 2013-11-08 05:26 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2013-12-14 12:23 - 2013-11-07 23:43 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2013-12-14 12:23 - 2013-11-07 23:26 - 11674624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-12-14 12:23 - 2013-11-07 23:16 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2013-12-14 12:23 - 2013-11-07 23:15 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2013-12-14 12:23 - 2013-11-07 23:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2013-12-14 12:23 - 2013-11-07 22:41 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-12-14 12:23 - 2013-11-07 22:14 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-12-14 12:23 - 2013-11-05 09:19 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-12-14 12:23 - 2013-11-05 09:03 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2013-12-14 12:23 - 2013-11-05 08:57 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2013-12-14 12:23 - 2013-11-05 08:33 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2013-12-14 12:23 - 2013-11-05 08:32 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2013-12-14 12:23 - 2013-11-04 12:13 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-12-14 12:23 - 2013-11-04 08:07 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-12-14 12:23 - 2013-11-04 06:50 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-12-14 12:23 - 2013-11-03 21:28 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-12-14 12:23 - 2013-11-03 20:30 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-12-14 12:23 - 2013-11-01 06:39 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2013-12-14 12:23 - 2013-11-01 01:08 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2013-12-14 12:23 - 2013-11-01 00:57 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2013-12-14 12:23 - 2013-10-30 19:58 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-12-14 12:23 - 2013-10-30 19:33 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-12-14 12:23 - 2013-10-30 19:33 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-12-14 12:23 - 2013-10-30 19:33 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-12-14 12:23 - 2013-10-30 19:33 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-12-14 12:23 - 2013-10-25 20:54 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2013-12-14 12:23 - 2013-10-24 04:31 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2013-12-14 12:23 - 2013-10-24 04:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2013-12-14 12:23 - 2013-10-17 06:21 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-12-14 12:23 - 2013-10-17 05:36 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-12-14 12:23 - 2013-10-05 09:21 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-12-14 12:23 - 2013-10-05 09:21 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2013-12-14 12:23 - 2013-10-05 07:05 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-12-14 12:23 - 2013-10-05 07:05 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2013-12-12 21:36 - 2013-11-22 23:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2013-12-12 21:36 - 2013-11-22 23:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2013-12-12 21:36 - 2013-11-22 22:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-12-12 21:36 - 2013-11-22 22:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2013-12-12 21:36 - 2013-11-09 01:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2013-12-12 21:36 - 2013-11-09 01:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2013-12-12 21:36 - 2013-11-09 00:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2013-12-12 21:02 - 2013-11-26 06:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-12 21:02 - 2013-11-26 05:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-12-12 21:02 - 2013-11-26 04:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-12 21:02 - 2013-11-26 03:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-12-12 21:02 - 2013-11-26 03:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-12-12 21:02 - 2013-11-26 03:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-12-12 21:02 - 2013-11-26 03:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-12-12 21:02 - 2013-11-26 03:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-12-12 21:02 - 2013-11-26 02:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-12 21:02 - 2013-11-26 02:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-12-12 21:02 - 2013-11-26 02:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-12-12 21:02 - 2013-11-26 02:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-12 21:02 - 2013-11-26 01:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-12 21:02 - 2013-11-26 01:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2013-12-12 21:02 - 2013-11-26 01:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2013-12-12 21:02 - 2013-11-26 01:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-12-12 21:02 - 2013-11-26 01:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-12-12 21:02 - 2013-11-08 02:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-12-12 21:02 - 2013-10-19 03:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2013-12-12 21:02 - 2013-10-19 02:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2013-12-12 21:02 - 2013-10-15 03:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2013-12-12 21:02 - 2013-10-15 03:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2013-12-10 22:08 - 2013-12-10 22:08 - 00021092 _____ C:\Users\Lea\Documents\Jaina.odt
2013-12-09 23:54 - 2013-12-09 23:54 - 00000000 ____D C:\Users\Lea\Documents\Serenity-Firefly Complete Comics Collection .cbr files
2013-12-09 23:51 - 2013-12-09 23:52 - 22226584 _____ C:\Users\Lea\Documents\Senity_Downtime_and_The_Other_Half_282011_29_28digital_Empire_29.cbr
2013-12-09 23:50 - 2013-12-09 23:50 - 00000000 ____D C:\Users\Lea\Documents\Serenity - Better Days
2013-12-09 23:46 - 2013-12-09 23:47 - 00000000 ____D C:\Users\Lea\Documents\Firefly Comic
2013-12-08 22:14 - 2013-12-08 22:14 - 00003482 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2013-12-08 22:14 - 2013-12-08 22:14 - 00003464 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2013-12-08 22:14 - 2013-12-08 22:14 - 00003290 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Initial Update
2013-12-08 22:14 - 2013-12-08 22:14 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2013-12-02 00:11 - 2013-12-02 00:11 - 00447888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2013-12-01 23:41 - 2013-12-01 23:41 - 00000000 ____D C:\Program Files (x86)\Dolby Home Theater v4
2013-12-01 00:16 - 2013-12-01 00:16 - 00021353 _____ C:\Users\Lea\Documents\Letter to Justin 5.odt
 
==================== One Month Modified Files and Folders =======
 
2013-12-27 19:45 - 2013-12-27 19:44 - 00018474 _____ C:\Users\Lea\Desktop\FRST.txt
2013-12-27 19:45 - 2013-08-06 20:22 - 00000000 ____D C:\Users\Lea\AppData\Roaming\uTorrent
2013-12-27 19:45 - 2013-04-27 20:56 - 00000000 ____D C:\Users\Lea\AppData\Local\Pokki
2013-12-27 19:44 - 2013-12-27 19:44 - 00000000 ____D C:\FRST
2013-12-27 19:37 - 2013-12-27 19:37 - 00000620 _____ C:\Users\Lea\Desktop\JRT.txt
2013-12-27 19:36 - 2013-11-06 23:02 - 01841872 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-27 19:35 - 2013-04-27 20:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-27 19:34 - 2013-04-22 17:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3063684050-2577464073-2911324448-1001
2013-12-27 19:28 - 2013-04-22 17:22 - 00020445 _____ C:\Users\Lea\AppData\Local\BTServer.log
2013-12-27 19:27 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-12-27 19:20 - 2013-12-27 19:20 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 19:20 - 2013-09-29 23:04 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-27 19:17 - 2013-04-22 17:31 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-27 19:17 - 2013-04-07 05:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2013-12-27 19:15 - 2013-11-06 23:08 - 00000000 __RDO C:\Users\Lea\SkyDrive
2013-12-27 19:15 - 2013-09-29 22:55 - 00112926 _____ C:\WINDOWS\PFRO.log
2013-12-27 19:15 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-27 19:15 - 2013-08-01 23:39 - 00000000 ____D C:\Users\Lea\.gstreamer-0.10
2013-12-27 19:15 - 2013-08-01 23:32 - 00000000 ____D C:\Users\Lea\AppData\Roaming\MotoCast
2013-12-27 19:15 - 2013-05-27 17:36 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-12-27 19:15 - 2013-04-22 17:30 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-27 19:15 - 2013-04-07 04:53 - 00000000 ____D C:\ProgramData\Realtek
2013-12-27 19:14 - 2013-12-27 19:06 - 00000000 ____D C:\AdwCleaner
2013-12-27 19:14 - 2013-08-22 08:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2013-12-27 19:13 - 2013-04-22 17:38 - 05236986 _____ C:\Users\Public\CAFADEBUG.log
2013-12-27 19:04 - 2013-12-27 19:04 - 01930746 _____ (Farbar) C:\Users\Lea\Desktop\FRST64.exe
2013-12-27 19:04 - 2013-12-27 19:04 - 01034531 _____ (Thisisu) C:\Users\Lea\Desktop\JRT.exe
2013-12-27 19:02 - 2013-12-27 19:02 - 01233962 _____ C:\Users\Lea\Desktop\adwcleaner.exe
2013-12-27 19:01 - 2013-04-23 17:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA.job
2013-12-27 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-12-27 01:00 - 2013-04-22 17:30 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-27 00:42 - 2013-09-08 20:37 - 00000936 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA.job
2013-12-26 21:42 - 2013-09-08 20:37 - 00000914 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core.job
2013-12-26 21:01 - 2013-04-23 17:31 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core.job
2013-12-26 19:24 - 2013-12-26 19:22 - 00688992 _____ (Swearware) C:\Users\Lea\Downloads\dds.com
2013-12-23 22:14 - 2013-12-23 22:14 - 00513061 _____ C:\Users\Lea\Downloads\34ad6d60b1-gif.zip
2013-12-22 16:38 - 2013-12-22 16:38 - 00001993 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-22 16:37 - 2013-12-22 16:38 - 00082744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2013-12-22 16:37 - 2013-11-14 20:13 - 01034464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-22 16:37 - 2013-11-14 20:13 - 00422216 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-22 16:37 - 2013-11-14 20:13 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-22 16:37 - 2013-11-14 20:13 - 00207904 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-22 16:37 - 2013-11-14 20:13 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-22 16:37 - 2013-11-14 20:13 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-20 20:20 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2013-12-19 19:02 - 2013-10-27 14:07 - 00002155 _____ C:\Users\Lea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2013-12-17 00:23 - 2013-11-24 03:09 - 00040941 _____ C:\Users\Lea\Documents\story.odt
2013-12-14 23:09 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-12-14 23:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-12-14 23:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2013-12-14 23:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\FileManager
2013-12-14 23:09 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Camera
2013-12-14 23:09 - 2013-08-22 09:44 - 00360248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-14 23:08 - 2013-08-13 22:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-14 23:08 - 2013-04-24 22:08 - 90708896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-10 22:08 - 2013-12-10 22:08 - 00021092 _____ C:\Users\Lea\Documents\Jaina.odt
2013-12-10 19:35 - 2013-04-27 20:58 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-12-09 23:54 - 2013-12-09 23:54 - 00000000 ____D C:\Users\Lea\Documents\Serenity-Firefly Complete Comics Collection .cbr files
2013-12-09 23:52 - 2013-12-09 23:51 - 22226584 _____ C:\Users\Lea\Documents\Senity_Downtime_and_The_Other_Half_282011_29_28digital_Empire_29.cbr
2013-12-09 23:50 - 2013-12-09 23:50 - 00000000 ____D C:\Users\Lea\Documents\Serenity - Better Days
2013-12-09 23:47 - 2013-12-09 23:46 - 00000000 ____D C:\Users\Lea\Documents\Firefly Comic
2013-12-08 22:14 - 2013-12-08 22:14 - 00003482 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2013-12-08 22:14 - 2013-12-08 22:14 - 00003464 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2013-12-08 22:14 - 2013-12-08 22:14 - 00003290 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Initial Update
2013-12-08 22:14 - 2013-12-08 22:14 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2013-12-08 22:14 - 2013-08-01 23:38 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2013-12-07 11:55 - 2013-04-22 17:30 - 00003880 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-07 11:55 - 2013-04-22 17:30 - 00003644 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 20:56 - 2013-04-23 17:31 - 00003858 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA
2013-12-06 20:56 - 2013-04-23 17:31 - 00003478 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core
2013-12-03 19:05 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:05 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-02 00:11 - 2013-12-02 00:11 - 00447888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2013-12-01 23:41 - 2013-12-01 23:41 - 00000000 ____D C:\Program Files (x86)\Dolby Home Theater v4
2013-12-01 23:37 - 2013-04-07 04:51 - 00307140 _____ C:\WINDOWS\system32\CoInst.log
2013-12-01 23:35 - 2013-08-22 09:46 - 00291601 _____ C:\WINDOWS\setupact.log
2013-12-01 00:16 - 2013-12-01 00:16 - 00021353 _____ C:\Users\Lea\Documents\Letter to Justin 5.odt
 
Some content of TEMP:
====================
C:\Users\Lea\AppData\Local\Temp\jna9148248606930841018.dll
C:\Users\Lea\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\Lea\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe
C:\Users\Lea\AppData\Local\Temp\Quarantine.exe
C:\Users\Lea\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-21 00:51
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-12-2013 01
Ran by Lea at 2013-12-27 19:46:38
Running from C:\Users\Lea\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303)
Absolute Notifier (x32 Version: 1.4.3.10)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
AudibleManager (x32 Version: 18414980.4759644.48.1999779656)
avast! Free Antivirus (x32 Version: 9.0.2011)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Conexant HD Audio (Version: 8.54.47.51)
CxAudMsg
Dolby Config (Version: 1.0.0.0)
Dolby Home Theater v4 (x32 Version: 7.2.8000.16)
Energy Management (x32 Version: 8.0.2.4)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Google Chrome (x32 Version: 31.0.1650.63)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Update Helper (x32 Version: 1.3.22.3)
Grapevine 3.0 (C:\Program Files (x86)\Grapevine\) (x32)
Grapevine 3.0 (x32)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel® Dynamic Platform and Thermal Framework (x32 Version: 6.0.5.1080)
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 10.18.10.3316)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.0.3 (x32 Version: 2.0.3)
Lenovo EasyCamera (x32 Version: 3.4.5.13)
Lenovo OneKey Recovery (Version: 8.0.0.1219)
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219)
Lenovo Transition (Version: 1.4.2.22)
Lenovo YouCam (x32 Version: 4.1.3423)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Motion Control (Version: 1.1.2.43)
MotoCast (x32 Version: 2.0.31)
Motorola Device Manager (x32 Version: 2.4.5)
Motorola Device Software Update (x32 Version: 13.09.3001)
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.3.0 (Version: 6.3.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Nitro Pro 8 (Version: 8.0.10.7)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
PathPix demo version 0.995 (x32 Version: 0.995)
Pokki (HKCU Version: 0.266.1.172)
Pokki Download Helper (HKCU Version: 1.3.1.282)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030)
REALTEK Wireless LAN and Bluetooth Driver (x32 Version: 1.03.0199)
Shared C Run-time for x64 (Version: 10.0.0)
SugarSync Manager (x32 Version: 1.9.61.90905)
Synaptics Pointing Device Driver (Version: 16.2.21.4)
UserGuide (x32 Version: 1.0.0.9)
Widevine Media Optimizer IE 6.0.0 (HKCU Version: 6.0.0.12441)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
 
==================== Restore Points  =========================
 
09-12-2013 03:13:35 Installed Motorola Device Manager
13-12-2013 03:15:37 Windows Update
21-12-2013 01:18:21 Scheduled Checkpoint
22-12-2013 21:36:38 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2DC5DC6D-0E45-477F-864C-5A1EB7E5183C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-22] (AVAST Software)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35A87053-6819-4BEA-A716-AA8C2143DE63} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DBE268D-3681-4E4A-AFFB-7BF285866554} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {3DE50811-C50E-4A3E-AF90-FCACE4F0D2A2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {427436F5-AAE8-4BEE-BF3D-2F83A46D2517} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B452F83-109B-48F9-95DB-867871A9A775} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08] (Facebook Inc.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E09099E-C065-45A6-B1BF-B6A19ED2A041} - System32\Tasks\Lenovo\Lenovo-12402 => C:\ProgramData\Lenovo-12402.vbs [2013-04-07] ()
Task: {70B67917-4FD0-4A96-A1F0-F6910CCA69AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7CA8ADB9-3AD3-46CE-BAC2-599EBC8F4074} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-14] (Microsoft Corporation)
Task: {81ED5A1A-1D5E-42CF-B19C-213F48AE6ADB} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A16C5A0-B87B-4CDD-A7F3-37958827CAED} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A58FD8C4-FCE6-420E-B777-75294AF47F00} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-19] (Synaptics Incorporated)
Task: {B570EACB-995A-44B6-BF53-88DB9D2B5E20} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {B59306B5-3467-4636-9043-34A6063B5CAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core.job => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA.job => C:\Users\Lea\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001Core.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3063684050-2577464073-2911324448-1001UA.job => C:\Users\Lea\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-01 00:31 - 2013-11-01 00:31 - 02329928 _____ () C:\Users\Lea\AppData\Local\Pokki\ocdeskband_0.dll
2013-12-27 19:15 - 2013-12-27 13:13 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\13122701\algo.dll
2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00569856 _____ () C:\Users\Lea\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 01400846 _____ () C:\Users\Lea\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00151054 _____ () C:\Users\Lea\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-06 21:11 - 2013-09-06 21:11 - 00222734 _____ () C:\Users\Lea\AppData\Local\Pokki\Engine\avformat-54.dll
2013-04-07 05:04 - 2013-04-07 05:04 - 00269904 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\GuiSys.dll
2013-04-07 05:04 - 2013-04-07 05:04 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\SimpRes.dll
2013-04-07 05:04 - 2013-04-07 05:04 - 00018000 _____ () C:\Program Files (x86)\Lenovo\Lenovo Transition\LangHlpr.dll
2013-12-27 19:15 - 2013-12-27 19:15 - 00205824 ____N () C:\Users\Lea\AppData\Local\Temp\WindowsAPI.dll7901629429413883917.lib
2013-11-06 23:08 - 2013-11-06 23:08 - 00509440 _____ () C:\Users\Lea\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
2013-12-27 19:15 - 2013-12-27 19:15 - 00314368 ____N () C:\Users\Lea\AppData\Local\Temp\WindowsFolderWatcher.dll7080389368458868880.lib
2013-12-27 19:15 - 2013-12-27 19:15 - 00160256 ____N () C:\Users\Lea\AppData\Local\Temp\ZumoLocalGateway.dll72491816979072868.lib
2012-10-19 14:46 - 2012-10-19 14:46 - 00699392 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01396736 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00085504 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00030208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00471552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00253440 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00109568 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00038400 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00048640 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00126976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00038912 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00017920 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00248352 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00014848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00123947 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00133120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00098304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00078848 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00052224 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00123904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00041984 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00212480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00011776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00016896 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00086016 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00091136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00073216 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00026624 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00187904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00069120 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00331264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00023552 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01694208 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00122880 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 02009600 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00033280 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00036864 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00088064 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01376256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01563136 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00363008 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00531968 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00119296 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029696 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00018944 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00037888 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032256 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00035840 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00276480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00069632 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00276992 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00019456 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00207872 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00047616 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00150528 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00039936 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00015360 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00020480 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00025088 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00132608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00029184 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00190976 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00035328 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00011264 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00054784 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00051712 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00061952 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00059904 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00032768 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00024576 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00075776 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00034304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00053760 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00162304 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 01520128 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00050688 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00196608 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00042496 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
2012-10-19 14:46 - 2012-10-19 14:46 - 00013312 _____ () C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
2013-04-07 05:03 - 2013-04-07 05:03 - 01623632 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2013-04-07 05:03 - 2013-04-07 05:03 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2013-11-14 20:13 - 2013-11-14 20:13 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-07 04:50 - 2012-06-24 21:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-12-05 18:58 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 18:58 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 18:58 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 18:58 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 18:58 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Lea\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: PCI Data Acquisition and Signal Processing Controller
Description: PCI Data Acquisition and Signal Processing Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/27/2013 07:35:23 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11fc
 
Start Time: 01cf0363f4546c68
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: e7e9b3d8-6f57-11e3-be9f-2cd05a8d4070
 
Faulting package full name: Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (12/27/2013 07:09:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/26/2013 07:44:57 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/26/2013 07:29:50 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 22e4
 
Start Time: 01cf029a0a60c198
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: fdfdb38b-6e8d-11e3-be9e-2cd05a8d4070
 
Faulting package full name: Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (12/26/2013 07:05:19 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d84
 
Start Time: 01cf01f3f64d6418
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 5d6514f2-6e00-11e3-be9e-2cd05a8d4070
 
Faulting package full name: Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
Error: (12/26/2013 02:36:03 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20315 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a0c
 
Start Time: 01cf01f3f6aa39ee
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 5d645180-6e00-11e3-be9e-2cd05a8d4070
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/26/2013 02:35:56 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/24/2013 10:08:47 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/23/2013 09:08:36 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (12/23/2013 08:19:30 PM) (Source: Application Hang) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1770
 
Start Time: 01ceffa4afc64548
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe
 
Report Id: 5fb69217-6c39-11e3-be9e-2cd05a8d4070
 
Faulting package full name: Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nnt
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (12/27/2013 07:23:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/27/2013 07:15:06 PM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error: 
%%2
 
Error: (12/27/2013 07:03:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/26/2013 07:07:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/25/2013 10:00:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/24/2013 10:00:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/23/2013 08:17:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/22/2013 01:24:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/21/2013 10:51:43 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/21/2013 04:02:23 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
 
Microsoft Office Sessions:
=========================
Error: (12/27/2013 07:35:23 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1638411fc01cf0363f4546c684294967295C:\WINDOWS\system32\backgroundTaskHost.exee7e9b3d8-6f57-11e3-be9f-2cd05a8d4070Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nntApp
 
Error: (12/27/2013 07:09:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/26/2013 07:44:57 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/26/2013 07:29:50 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.1638422e401cf029a0a60c1984294967295C:\WINDOWS\system32\backgroundTaskHost.exefdfdb38b-6e8d-11e3-be9e-2cd05a8d4070Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nntApp
 
Error: (12/26/2013 07:05:19 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.16384d8401cf01f3f64d64184294967295C:\WINDOWS\system32\backgroundTaskHost.exe5d6514f2-6e00-11e3-be9e-2cd05a8d4070Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nntApp
 
Error: (12/26/2013 02:36:03 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.203151a0c01cf01f3f6aa39ee4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe5d645180-6e00-11e3-be9e-2cd05a8d4070microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (12/26/2013 02:35:56 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/24/2013 10:08:47 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/23/2013 09:08:36 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (12/23/2013 08:19:30 PM) (Source: Application Hang)(User: )
Description: backgroundTaskHost.exe6.3.9600.16384177001ceffa4afc645484294967295C:\WINDOWS\system32\backgroundTaskHost.exe5fb69217-6c39-11e3-be9e-2cd05a8d4070Facebook.Facebook_1.2.0.6_x64__8xx8rvfyw5nntApp
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-13 23:39:08.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:08.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:08.303
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:08.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:08.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:07.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:07.349
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:07.292
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:07.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-13 23:39:07.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 8071.27 MB
Available physical RAM: 5877.91 MB
Total Pagefile: 9351.27 MB
Available Pagefile: 7129.62 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:101.83 GB) (Free:66.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:4 GB) (Free:2.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119 GB) (Disk ID: 49905026)
 
Partition: GPT Partition Type
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 28 December 2013 - 09:45 AM

The reference to Win32:InstalleRex-X [PUP] in Avast means that you have an PUP (Potentially Unwanted Program) installed with or without your consent on your computer.

I do not have much experience or information from these Chrome Extensions.
 

CHR Extension: (Gridpix) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfgibmanhngfopcofdondcekphkbfma\1.0.6_0
CHR Extension: (NoNoSparks Genesis) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\emckmlnfmemaompnmnnebnlgmneojmag\2.3.5_0
CHR Extension: (Candy) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0_0
CHR Extension: (Hulu) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgdoldfgnhlbijenhmmoajnmbgladlei\2.0.3_0
CHR Extension: (BBC Good Food) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0
CHR Extension: (Flow Colors) - C:\Users\Lea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnmelddedlommnmllmfhoephaidddmk\1.3_0


If any one of them was installed recently and you now have the message from Avast then I would investigate further.
Possibly removing it and if that does not change the situation you may want to reinstall it.

Do not under estimate pokki if installed recently. It was flagged by the AdwCleaner tool
===

Run this on-line scan and see if anything is identified.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#7 RythmicJea

RythmicJea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 28 December 2013 - 02:04 PM

I ran Adwcleaner again. I had it remove Pokki. I never use it so why not? I ran that other virus scan but it didn't give me a report. It told me no threats found though. So I figure that's why. 

 

Lea



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 29 December 2013 - 08:17 AM

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Has the problem been solved?

#9 RythmicJea

RythmicJea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 29 December 2013 - 03:55 PM

 Results of screen317's Security Check version 0.99.77  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.0.3    
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.170  
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
I think that it has! My computer is running fast and I don't have interruptions with video. 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 30 December 2013 - 07:53 AM

Looking good.

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:56 PM

Posted 05 January 2014 - 08:49 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users