Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing dll errors and system crashes/blue screen


  • This topic is locked This topic is locked
47 replies to this topic

#1 Remtheta

Remtheta

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 20 January 2014 - 03:27 AM

I was instructed to post here from this link: http://www.bleepingcomputer.com/forums/t/521267/started-with-dll-error-messages-then-boot-now-mysterious-crashes/

 

My system specs:

 

Operating system: Windows 8 64-bit (6.2, Build 9200)

System manufacturer: ASUSTeK COMPUTER INC.            

System Model: K56CA

BIOS: K56CA.206

Processor: Intel® Core™ i5-3317u CPU @ 1.70GHz (4 CPUs), ~1.7GHz

Memory: 6144MB RAM

 

The first time I noticed trouble was Thursday. As  I was searching for someone on Facebook, Firefox would crash. If I reloaded Firefox and went to Facebook to do the same, it would crash again. I don’t remember every event after this, but I then encountered problems where I would try to open any program, even windows explorer, and I would get popup messages saying something about dll error, or something about not having a valid image.

 

I thought I was infected at this point so I ran avast free virus scan; after only a few minutes in it said it had found about 171 infected files. I then clicked on the statistics button in avast and the entire thing froze up. Then my computer froze up, so I had to force it to shutdown by holding down the power. I had to do this a few times before I was able to finally get in and run avast again. The thing is, this time it did a complete scan and said it found ZERO infected files. Why would it say it found some initially, freeze up, only to find none the next time?

 

I Thought I was out of the woods, so I bought the full version of avast to better protect myself in the future. Only to later find I was still having these dll error messages pop up.

 

I later began experiencing a blue screen that said something about my computer having problems and that it did not shut down properly, the blue screen led to my computer running some kind of scan to repair. Here is the error code I was given when experiencing the blue screen: 0xc000021a

 

Over the next few days I ran malwarebytes, avast, cccleaner, combofix.(I know, I did this before reading this site)  Still no serious improvement.

 

I was able to do a system restore yesterday.

 

Last night when I went to shutdown my computer, it would almost shut down, only to force a restart. This process was never ending. I tried to uncheck the fast start option; still no solution. I ended up updating some qualcomm driver which then allowed my computer to fully shutdown.

 

Thinking all might be well, I woke up this morning to turn on my computer. When I turned it on and logged in, the screen was flashing. There were no desktop icons or desktop background, just a blank background with the taskbar showing and constantly blinking on and off. I was able to start task manager and saw that Malwarebytes was using a lot of resources so I forced it to end and the blinking stopped and I was able to restart and log in normally.

 

I don’t understand why these scanners are finding no infections, and yet I continue to have these problems.

 

 

UPDATE 4 days from infection, new: I have also been flooded with popup message when my computer is on. There are many, here are a few examples of what they say:

 

AsusTPCenter.exe-System Error "The computer can't start because AsusTPStrike.dll is missing from your computer. Try reinstalling the program to fix this problem."

 

CrashReportSender.exe - Application Error "The application was unable to start correctly (0xc000007b). Click OK to close the application."

 

ACMON.exe - Application Error "The application was unable to start correctly (oxc000007b). Click OK to close the application."

 

AvastUI.exe - Application Error "The application was unable to start correctly (0xc000007b). Click OK to close the application."


Edited by Remtheta, 20 January 2014 - 03:31 AM.


BC AdBot (Login to Remove)

 


#2 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 20 January 2014 - 03:29 AM

The following are the DDS log and the Combofix log, as well as the attached attch.txt file:

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.51.2
Run by Jacob at 2:10:51 on 2014-01-20
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6030.4434 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://68.226.76.80/codebase/NetVideoOCX.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24}\2656C6B696E6E2034316 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24}\731303541353F5548545 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-3 207904]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-9-13 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-1-17 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswndisflt.sys [2014-1-17 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-8 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-1-8 422216]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-9-13 23344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-8 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-17 113704]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-8-28 29056]
R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-8-28 30592]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-13 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-9-13 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-13 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-17 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-11 1907896]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-13 365376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-22 79672]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-8-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-8-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-8-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-8-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-8-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-8-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-17 25928]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-13 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-13 690832]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-9-13 43800]
.
=============== Created Last 30 ================
.
2014-01-19 20:34:21    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2014-01-19 08:18:18    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2014-01-19 05:41:31    688640    ----a-w-    C:\Windows\System32\WSShared.dll
2014-01-19 05:41:31    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-01-19 05:41:31    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 05:41:31    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 23:04:59    915968    ----a-w-    C:\Windows\System32\MPSSVC.dll
2014-01-18 23:04:59    758784    ----a-w-    C:\Windows\System32\FirewallAPI.dll
2014-01-18 23:04:59    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-01-18 23:04:59    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-01-18 23:04:58    86016    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-01-18 23:04:58    550400    ----a-w-    C:\Windows\SysWow64\FirewallAPI.dll
2014-01-18 23:04:58    227840    ----a-w-    C:\Windows\System32\WebClnt.dll
2014-01-18 23:04:58    199168    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2014-01-18 23:04:58    104448    ----a-w-    C:\Windows\System32\davclnt.dll
2014-01-18 23:04:58    100696    ----a-w-    C:\Windows\System32\drivers\disk.sys
2014-01-18 23:04:57    74752    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys
2014-01-18 12:45:18    --------    d-----w-    C:\Program Files\CCleaner
2014-01-18 11:00:27    --------    d-sh--w-    C:\found.025
2014-01-18 02:13:12    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-01-18 02:12:56    439648    ----a-w-    C:\Windows\System32\drivers\aswndisflt.sys
2014-01-18 01:50:26    --------    d-sh--w-    C:\AI_RecycleBin
2014-01-18 01:19:08    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-18 01:19:02    --------    d-----w-    C:\Users\Jacob\AppData\Local\temp
2014-01-18 01:08:54    98816    ----a-w-    C:\Windows\sed.exe
2014-01-18 01:08:54    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-18 01:08:54    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-18 00:48:51    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-18 00:13:14    --------    d-----w-    C:\Windows\pss
2014-01-17 23:04:14    --------    d-----w-    C:\Users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 23:03:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-17 23:03:53    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 08:16:25    --------    d-----w-    C:\.jagex_cache_32
2013-12-23 02:33:35    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
.
==================== Find3M  ====================
.
2014-01-20 04:22:07    423    ----a-w-    C:\Users\Jacob\AppData\Roaming\sp_data.sys
2014-01-09 08:02:07    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02:07    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-23 02:33:31    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-12-23 02:33:31    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-12-23 02:33:30    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-23 02:33:30    43152    ----a-w-    C:\Windows\avastSS.scr
2013-12-09 11:08:32    36560    ----a-w-    C:\Windows\System32\drivers\narcpi_wfp.sys
2013-11-23 06:43:58    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57    4036608    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-04 23:09:15    21    ----a-w-    C:\Users\Jacob\AppData\Roaming\my_intel.sys
2013-11-01 05:38:21    312320    ----a-w-    C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24    273408    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:19:22    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-25 06:19:12    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-10-25 06:17:57    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-25 04:45:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
.
============= FINISH:  2:11:41.20 ===============
 

 

 

 

 

 

 

 

 

COMBOFIX LOG:

 

 

 

 

 

 

ComboFix 14-01-16.03 - Jacob 01/17/2014  19:10:16.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6030.4034 [GMT -6:00]
Running from: c:\users\Jacob\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-18 to 2014-01-18  )))))))))))))))))))))))))))))))
.
.
2014-01-18 01:16 . 2014-01-18 01:16    --------    d-----w-    c:\users\Jacob\AppData\Local\temp
2014-01-18 01:16 . 2014-01-18 01:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-18 01:00 . 2014-01-18 01:00    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2014-01-18 00:48 . 2013-04-04 20:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-17 23:04 . 2014-01-17 23:04    --------    d-----w-    c:\users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 23:03 . 2014-01-17 23:03    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-17 23:03 . 2014-01-18 00:48    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-08 08:16 . 2014-01-18 00:38    --------    d-----w-    C:\.jagex_cache_32
2014-01-08 02:18 . 2014-01-08 02:19    --------    d-----w-    c:\users\Jacob\AppData\Local\Amazon Cloud Player
2013-12-23 02:33 . 2013-12-23 02:33    79672    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2013-12-21 08:09 . 2013-12-21 08:10    --------    d-----w-    c:\users\Jacob\AppData\Local\Skyrim
2013-12-21 06:55 . 2013-12-21 06:55    --------    d-----w-    c:\programdata\NVIDIA
2013-12-21 06:04 . 2013-12-21 06:04    225656    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 01:01 . 2013-01-08 22:38    423    ----a-w-    c:\users\Jacob\AppData\Roaming\sp_data.sys
2013-12-23 02:33 . 2013-03-04 02:34    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-23 02:33 . 2013-01-09 00:30    422216    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-12-23 02:33 . 2013-01-09 00:30    1034464    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-23 02:33 . 2013-01-09 00:30    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 02:33 . 2013-01-09 00:30    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-23 02:33 . 2013-01-09 00:30    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-15 09:54 . 2013-01-10 00:24    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 06:53 . 2013-03-11 20:22    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-09 11:08 . 2013-12-09 11:09    36560    ----a-w-    c:\windows\system32\drivers\narcpi_wfp.sys
2013-12-04 00:53 . 2013-11-19 07:38    78304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-19 07:38    694240    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43 . 2013-12-10 22:01    420864    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-10 22:01    368640    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-20 09:34 . 2013-11-20 09:34    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-06 23:18 . 2013-12-10 22:01    4036608    ----a-w-    c:\windows\system32\win32k.sys
2013-11-04 23:09 . 2013-11-04 23:09    21    ----a-w-    c:\users\Jacob\AppData\Roaming\my_intel.sys
2013-11-01 05:38 . 2013-12-10 22:01    312320    ----a-w-    c:\windows\system32\msieftp.dll
2013-11-01 03:49 . 2013-12-10 22:01    273408    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-21 21:22 . 2013-03-04 02:34    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 21:22 . 2013-01-09 00:30    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\Jacob\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 02:10    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04    215416    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 22:40]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 00:30]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 00:30]
.
2014-01-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
2014-01-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-23 02:33    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-25 107192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: lavistakeno.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://68.226.76.80/codebase/NetVideoOCX.cab
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-01-17  19:18:59
ComboFix-quarantined-files.txt  2014-01-18 01:18
.
Pre-Run: 180,301,697,024 bytes free
Post-Run: 179,961,606,144 bytes free
.
- - End Of File - - D7685CFF1D28C9F23148F5B6F2B617A0
 

Attached Files


Edited by Remtheta, 20 January 2014 - 03:42 AM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 25 January 2014 - 03:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521416 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 25 January 2014 - 07:46 PM

Below is the new DDS file and attached is the new attach file. The description of my issue remains as in my above post. I cannot locate my original windows CD. Attached File  Attach.zip   6.91KB   0 downloads
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.51.2
Run by Jacob at 18:39:52 on 2014-01-25
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6030.4452 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\DptfParticipantProcessorService.exe
C:\Windows\system32\dashost.exe
C:\Windows\system32\DptfPolicyConfigTDPService.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\SysWOW64\irstrtsv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus13.msn.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\2abd223a-2a65-4c24-984d-3e9fd37a26ee.exe /check
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://68.226.76.80/codebase/NetVideoOCX.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24}\2656C6B696E6E2034316 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DptfPolicyLpmServiceHelper] C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-mPolicies-Explorer: NoDrives = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-3 207904]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-9-13 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R1 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2014-1-17 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\Drivers\aswndisflt.sys [2014-1-17 439648]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-8 1034464]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-1-8 422216]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-9-13 23344]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-8 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-22 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-1-17 113704]
R2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-8-28 29056]
R2 DptfPolicyConfigTDPService;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-8-28 30592]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-13 129856]
R2 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-9-13 193576]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-13 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-17 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-17 701512]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-11 1907896]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-13 365376]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-8-28 107328]
R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-8-28 42816]
R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-8-28 64832]
R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-8-28 96064]
R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-8-28 228672]
R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-8-28 361792]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-8-28 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-8-28 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-9-13 43800]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-1-17 25928]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-9-13 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-13 690832]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2013-12-22 79672]
.
=============== Created Last 30 ================
.
2014-01-19 20:34:21    --------    d-----w-    C:\Program Files (x86)\Runtime Software
2014-01-19 08:18:18    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll
2014-01-19 08:13:25    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll
2014-01-19 05:41:31    688640    ----a-w-    C:\Windows\System32\WSShared.dll
2014-01-19 05:41:31    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2014-01-19 05:41:31    163840    ----a-w-    C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-19 05:41:31    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 23:04:59    915968    ----a-w-    C:\Windows\System32\MPSSVC.dll
2014-01-18 23:04:59    758784    ----a-w-    C:\Windows\System32\FirewallAPI.dll
2014-01-18 23:04:59    588288    ----a-w-    C:\Windows\System32\SHCore.dll
2014-01-18 23:04:59    452608    ----a-w-    C:\Windows\SysWow64\SHCore.dll
2014-01-18 23:04:58    86016    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-01-18 23:04:58    550400    ----a-w-    C:\Windows\SysWow64\FirewallAPI.dll
2014-01-18 23:04:58    227840    ----a-w-    C:\Windows\System32\WebClnt.dll
2014-01-18 23:04:58    199168    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2014-01-18 23:04:58    104448    ----a-w-    C:\Windows\System32\davclnt.dll
2014-01-18 23:04:58    100696    ----a-w-    C:\Windows\System32\drivers\disk.sys
2014-01-18 23:04:57    74752    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys
2014-01-18 12:45:18    --------    d-----w-    C:\Program Files\CCleaner
2014-01-18 11:00:27    --------    d-sh--w-    C:\found.025
2014-01-18 02:13:12    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-01-18 02:12:56    439648    ----a-w-    C:\Windows\System32\drivers\aswndisflt.sys
2014-01-18 01:50:26    --------    d-sh--w-    C:\AI_RecycleBin
2014-01-18 01:19:08    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-01-18 01:19:02    --------    d-----w-    C:\Users\Jacob\AppData\Local\temp
2014-01-18 01:08:54    98816    ----a-w-    C:\Windows\sed.exe
2014-01-18 01:08:54    256000    ----a-w-    C:\Windows\PEV.exe
2014-01-18 01:08:54    208896    ----a-w-    C:\Windows\MBR.exe
2014-01-18 00:48:51    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-01-18 00:13:14    --------    d-----w-    C:\Windows\pss
2014-01-17 23:04:14    --------    d-----w-    C:\Users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 23:03:56    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-01-17 23:03:53    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 08:16:25    --------    d-----w-    C:\.jagex_cache_32
.
==================== Find3M  ====================
.
2014-01-26 00:23:58    423    ----a-w-    C:\Users\Jacob\AppData\Roaming\sp_data.sys
2014-01-09 08:02:07    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02:07    694240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-23 02:33:35    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
2013-12-23 02:33:31    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-12-23 02:33:31    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-12-23 02:33:30    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-23 02:33:30    43152    ----a-w-    C:\Windows\avastSS.scr
2013-12-09 11:08:32    36560    ----a-w-    C:\Windows\System32\drivers\narcpi_wfp.sys
2013-11-23 06:43:58    420864    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-23 05:05:01    368640    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-06 23:18:57    4036608    ----a-w-    C:\Windows\System32\win32k.sys
2013-11-04 23:09:15    21    ----a-w-    C:\Users\Jacob\AppData\Roaming\my_intel.sys
2013-11-01 05:38:21    312320    ----a-w-    C:\Windows\System32\msieftp.dll
2013-11-01 03:49:24    273408    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH: 18:40:01.56 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 1/8/2013 4:35:34 PM
System Uptime: 1/19/2014 10:19:47 PM (4 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | K56CA
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 156.346 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 397.469 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Microsoft Virtual WiFi Miniport Adapter_03
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_SAP\5&2E13D836&0&03
Manufacturer:
Name: Microsoft Virtual WiFi Miniport Adapter_03
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_SAP\5&2E13D836&0&03
Service:
.
==== System Restore Points ===================
.
RP72: 1/17/2014 2:28:51 AM - avast! antivirus system restore point
RP73: 1/19/2014 2:17:38 AM - Installed Java 7 Update 51
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Software Update
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ASUSDVD
AsusVibe2.0
ATK Package
avast! Premier
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DriveImage XML (Private Edition)
ExpressCache
Fraps (remove only)
Google Chrome
Google Update Helper
Intel® Dynamic Platform and Thermal Framework
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Java 7 Update 51
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Home and Student 2013 - en-us
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Pando Media Booster
Qualcomm Atheros Client Installation Program
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RuneScape Launcher 1.2.3
Secure Download Manager
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.11
Steam
Stronghold Kingdoms
System Requirements Lab for Intel
The Elder Scrolls III: Morrowind
The Elder Scrolls V: Skyrim
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
Windows Media Player Firefox Plugin
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
1/19/2014 9:54:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
1/19/2014 9:54:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
1/19/2014 9:53:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
1/19/2014 9:53:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
1/19/2014 9:53:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
1/19/2014 9:51:42 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000028036. The name of the file is "\Users\Jacob\AppData\Local\Microsoft\Windows\Live\Roaming\LocalCache\windows-wireless". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:50:30 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1400000003000d. The name of the file is "\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:50:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
1/19/2014 9:50:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
1/19/2014 9:50:28 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: The operation completed successfully.
1/19/2014 9:50:27 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
1/19/2014 9:49:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
1/19/2014 9:49:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 9:49:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/19/2014 9:49:03 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The file or directory is corrupted and unreadable.
1/19/2014 9:48:50 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x2000000009b04. The name of the file is "\Users\Jacob\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:48:49 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/19/2014 9:48:44 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x800000001dec4. The name of the file is "\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.O2eb0cc9a#\f54a40499bd6e4e404a156021c4a6131". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:48:44 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x3000000022290. The name of the file is "\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Help". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:48:44 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x220000000175ef. The name of the file is "\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.P6f9a5e83#\973569583417a7058e90001d82da0cc9". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 9:48:28 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The exact nature of the corruption is unknown. The file system structures need to be scanned online.
1/19/2014 9:48:21 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: Windows Update is not a valid Win32 application.
1/19/2014 9:48:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Office Service service to connect.
1/19/2014 9:48:20 PM, Error: Service Control Manager [7000] - The Microsoft Office Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2014 9:48:03 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume D:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0xa00000000000a. The name of the file is "<unable to determine file name>".
1/19/2014 9:27:04 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{FEBE3C45-8110-466F-9A16-F7DF9B3A1D24} because another computer on the network has the same name. The server could not start.
1/19/2014 9:27:04 PM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.43. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/19/2014 9:27:04 PM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.43. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/19/2014 9:01:45 PM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 169.254.109.247. The computer with the IP address 169.254.216.123 did not allow the name to be claimed by this computer.
1/19/2014 9:01:45 PM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 169.254.109.247. The computer with the IP address 169.254.216.123 did not allow the name to be claimed by this computer.
1/19/2014 8:36:22 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{28AB91B5-3045-4D6F-9F8E-B7EB3B51CC44} because another computer on the network has the same name. The server could not start.
1/19/2014 8:36:22 PM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 169.254.91.171. The computer with the IP address 169.254.207.147 did not allow the name to be claimed by this computer.
1/19/2014 8:36:22 PM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 169.254.91.171. The computer with the IP address 169.254.207.147 did not allow the name to be claimed by this computer.
1/19/2014 4:33:06 PM, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume4) needs to be taken offline for a short time to perform a Spot Fix. Please run "CHKDSK /SPOTFIX" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
1/19/2014 4:27:37 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume OS. A corruption was found in a file system index structure. The file reference number is 0x1000000002164. The name of the file is "\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 2:27:04 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000002164. The name of the file is "\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/19/2014 2:24:37 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
1/19/2014 2:21:34 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 2 time(s).
1/19/2014 2:21:33 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
1/19/2014 2:21:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
1/19/2014 2:21:32 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:32 PM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:32 PM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:32 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:32 PM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:32 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:32 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:32 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:32 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:31 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Group Policy Client service, but this action failed with the following error: An instance of the service is already running.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:21:28 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:21:27 PM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:21:27 PM, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).
1/19/2014 2:21:27 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Driver Foundation - User-mode Driver Framework service, but this action failed with the following error: An instance of the service is already running.
1/19/2014 2:21:27 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:21:27 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:21:27 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/19/2014 2:21:27 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.
1/19/2014 2:20:29 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
1/19/2014 2:20:29 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:20:29 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:20:29 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:20:29 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:19:33 PM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).
1/19/2014 2:19:33 PM, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
1/19/2014 2:19:33 PM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:33 PM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
1/19/2014 2:19:28 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/19/2014 2:19:28 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with the following service-specific error: The parameter is incorrect.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: There are no more endpoints available from the endpoint mapper.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7000] - The Secure Socket Tunneling Protocol Service service failed to start due to the following error: The pipe has been ended.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: The pipe has been ended.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7000] - The PEAUTH service failed to start due to the following error: PEAUTH is not a valid Win32 application.
1/19/2014 2:19:27 PM, Error: Service Control Manager [7000] - The Distributed Link Tracking Client service failed to start due to the following error: The pipe has been ended.
1/19/2014 2:19:26 PM, Error: Service Control Manager [7023] - The avast! Antivirus service terminated with the following error: The specified procedure could not be found.
1/19/2014 2:19:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Firewall service to connect.
1/19/2014 2:19:26 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:26 PM, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/19/2014 2:19:11 PM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.
1/19/2014 2:19:11 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:11 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The pipe has been ended.
1/19/2014 2:19:11 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The pipe has been ended.
1/19/2014 2:19:11 PM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The pipe has been ended.
1/19/2014 10:37:57 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
1/19/2014 10:20:21 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
1/19/2014 10:19:28 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
1/18/2014 9:53:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/18/2014 9:52:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/18/2014 9:08:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2014 9:07:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/18/2014 7:00:21 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.42. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 7:00:21 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.42. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 6:20:01 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 5:04:22 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.41. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 5:03:53 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.41. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 4:54:32 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
1/18/2014 4:51:55 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d63. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:55 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d2e. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:55 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d2d. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:55 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d26. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:53 AM, Error: Microsoft-Windows-Ntfs [98] - Volume C: (\Device\HarddiskVolume4) needs to be taken offline to perform a Full Chkdsk. Please run "CHKDSK /F" locally via the command line, or run "REPAIR-VOLUME <drive:>" locally or remotely via PowerShell.
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d5c. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d5b. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d59. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d20. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d1f. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014ffe. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014ffd. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014ffc. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014fdf. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014fdc. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014fda. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:49 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014faf. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:39 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014fca. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:39 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014f99. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:28 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014ff4. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:28 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014fdb. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:28 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014faa. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:20 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d79. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:20 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d22. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:20 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d1d. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:20 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000014f8a. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:10 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d77. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:10 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d1e. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:10 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d1b. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:01 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d58. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:01 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d57. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:01 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d56. The name of the file is "<unable to determine file name>".
1/18/2014 4:51:01 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d1a. The name of the file is "<unable to determine file name>".
1/18/2014 4:50:40 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d5f. The name of the file is "<unable to determine file name>".
1/18/2014 4:50:38 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d72. The name of the file is "<unable to determine file name>".
1/18/2014 4:50:38 AM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x1000000026d61. The name of the file is "<unable to determine file name>".
1/18/2014 4:50:23 AM, Error: Ntfs [131] - The file system structure on volume C: cannot be corrected. Please run the chkdsk utility on the volume C:.
1/18/2014 4:38:01 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.40. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 4:38:00 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.40. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/18/2014 4:34:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000006b (0xffffffffc000012f, 0x0000000000000003, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011814-26265-01.
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 4 time(s).
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The Windows Font Cache Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s).
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).
1/18/2014 4:30:44 AM, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).
1/18/2014 4:29:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Font Cache Service service, but this action failed with the following error: An instance of the service is already running.
1/18/2014 4:28:06 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).
1/18/2014 4:27:56 AM, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2014 4:27:56 AM, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2014 4:27:56 AM, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2014 4:27:19 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the COM+ Event System service, but this action failed with the following error: An instance of the service is already running.
1/18/2014 4:27:14 AM, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).
1/18/2014 4:27:14 AM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/18/2014 4:19:32 AM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/18/2014 4:19:32 AM, Error: Service Control Manager [7031] - The Secure Socket Tunneling Protocol Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/18/2014 4:13:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80297e2792f, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011814-43093-01.
1/18/2014 11:51:22 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=1392) while initializing logging resources for channel Microsoft-Windows-ParentalControls/Operational.
1/18/2014 11:48:44 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\config\DRIVERS' was corrupted and it has been recovered. Some data might have been lost.
1/18/2014 11:38:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/18/2014 11:29:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
1/18/2014 11:29:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/18/2014 11:29:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/18/2014 10:23:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "Unavailable" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
1/17/2014 8:16:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a00071e070, 0xffffffffc0000221, 0xfffff8a000015fb0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011714-29921-01.
1/17/2014 7:57:54 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x200000002d0ae. The name of the file is "\Program Files (x86)\World of Warcraft\Cache\WDB\enUS". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 7:50:37 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0xb0000000348e6. The name of the file is "\AI_RecycleBin\{50E698C6-BD39-46EC-8A04-5A676761C140}\2\RADS\projects\lol_game_client\filearchives\0.0.0.161\DATA\Characters\HA_AP_OrderTurret\Skins\Base". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 7:16:25 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/17/2014 7:15:57 PM, Error: Application Popup [1060] -
1/17/2014 6:29:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/17/2014 5:44:52 PM, Error: Service Control Manager [7034] - The ExpressCache service terminated unexpectedly. It has done this 1 time(s).
1/17/2014 5:38:40 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000009360. The name of the file is "\Windows\WinSxS\x86_microsoft-windows-v..r-windows.resources_31bf3856ad364e35_6.2.9200.16384_en-us_160afb7ec628132d". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 5:38:40 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000007fcc. The name of the file is "\Windows\WinSxS\x86_microsoft-windows-d..how-other.resources_31bf3856ad364e35_6.2.9200.16384_en-us_7874879d062e7cb1". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 5:38:40 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000007c8b. The name of the file is "\Windows\WinSxS\x86_microsoft-windows-audio-mci.resources_31bf3856ad364e35_6.2.9200.16384_en-us_bb4119b4c05c401e". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 5:38:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
1/17/2014 5:38:21 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/17/2014 5:38:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "Unavailable" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
1/17/2014 4:56:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a0002c4580, 0x0000000000000000, 0xffffffffc0000428, 0x000000f37b830838). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011714-47828-01.
1/17/2014 4:49:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
1/17/2014 4:49:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
1/17/2014 4:47:13 PM, Error: Service Control Manager [7034] - The Intel® Dynamic Platform & Thermal Framework Config TDP Service Application service terminated unexpectedly. It has done this 1 time(s).
1/17/2014 4:47:06 PM, Error: Service Control Manager [7034] - The Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application service terminated unexpectedly. It has done this 1 time(s).
1/17/2014 4:46:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
1/17/2014 4:44:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
1/17/2014 4:44:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
1/17/2014 3:57:22 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x30000000412bb. The name of the file is "\Program Files (x86)\VstPlugins\Image-Line\Deckadance2". The corrupted index attribute is ":$I30:$INDEX_ROOT". The corrupted index block is located at Vcn 0xffffffffffffffff, Lcn 0xffffffffffffffff. The corruption begins at offset 136 within the index block.
1/17/2014 3:57:22 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0x1000000002504. The name of the file is "\Windows\System32\Macromed\Flash". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 3:28:41 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.37. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 3:28:41 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.37. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 3:28:41 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.37. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/17/2014 3:28:20 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.36. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 3:28:20 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.36. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 3:28:20 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.36. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/17/2014 3:00:44 PM, Error: Ntfs [55] - A corruption was discovered in the file system structure on volume C:. A corruption was found in a file system index structure. The file reference number is 0xa000000026e68. The name of the file is "\Windows\System32\wdi\{9f41811a-0429-42aa-81b7-cfd4d968411f}". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION".
1/17/2014 2:59:10 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Jacob\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
1/17/2014 2:50:03 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.36. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/17/2014 2:49:06 AM, Error: NetBT [4321] - The name "LONDONTREES :0" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 2:49:05 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.29 did not allow the name to be claimed by this computer.
1/17/2014 2:22:15 AM, Error: NetBT [4321] - The name "LONDONTREES :20" could not be registered on the interface with IP address 192.168.0.5. The computer with the IP address 192.168.0.31 did not allow the name to be claimed by this computer.
1/17/2014 2:11:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ASUS InstantOn service.
1/17/2014 1:24:57 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT' was corrupted and it has been recovered. Some data might have been lost.
1/17/2014 1:17:05 AM, Error: Service Control Manager [7024] - The Server service terminated with the following service-specific error: The requested service has already been started.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7034] - The Problem Reports and Solutions Control Panel Support service terminated unexpectedly. It has done this 1 time(s).
1/17/2014 1:16:04 AM, Error: Service Control Manager [7034] - The Device Setup Manager service terminated unexpectedly. It has done this 1 time(s).
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The System Events Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2014 1:16:04 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The Windows Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:15:14 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/17/2014 1:11:04 AM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
1/17/2014 1:10:58 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
1/17/2014 1:10:51 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

Edited by Oh My, 28 January 2014 - 09:29 PM.
Posted Attach.txt


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 28 January 2014 - 09:19 PM

Greetings Remtheta and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review the information you already posted please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 30 January 2014 - 02:45 AM

Hi, Gary. You can refer to me as Jacob, if you wish. Thank you for taking the time to help me with this issue.

 

In order to ensure I respond to you as soon as possible, I will be sure to check this post multiple times per day.

 

I have followed your instructions and pasted the FRST log and the addition log below.

 

 

FRST results:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Jacob (administrator) on LONDONTREES on 30-01-2014 01:34:49
Running from C:\Users\Jacob\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\Setup\New\instup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\SetupInf64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191312 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] - C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-22] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7B43048F-DA7A-458F-AF35-D825BDBB6816} http://68.226.76.80/codebase/NetVideoOCX.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: NoScript - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-18]
FF Extension: Adblock Plus - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.110.21) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-08]
CHR Extension: (YouTube) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-08]
CHR Extension: (Google Search) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-08]
CHR Extension: (AdBlock) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-24]
CHR Extension: (avast! Online Security) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-17]
CHR Extension: (Google Wallet) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Jacob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-21]

==================== Services (Whitelisted) =================

U2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
U2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-22] (AVAST Software)
U2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-17] (AVAST Software)
U2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
U2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
U2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
U2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-01-17] (AVAST Software)
U2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-30] (AVAST Software)
U1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [439648 2014-01-17] (AVAST Software)
U1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-21] (AVAST Software)
U0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-21] ()
U1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-01-30] (AVAST Software)
U1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-01-30] (AVAST Software)
U3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-01-30] (AVAST Software)
U0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-22] ()
U3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
U3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
U3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
U3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
U3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
U3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
U3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
U1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
U0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
U3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
U3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]
U0 msahci;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 01:34 - 2014-01-30 01:34 - 00020461 _____ C:\Users\Jacob\Downloads\FRST.txt
2014-01-30 01:34 - 2014-01-30 01:34 - 00000000 ____D C:\FRST
2014-01-30 01:32 - 2014-01-30 01:32 - 02079744 _____ (Farbar) C:\Users\Jacob\Downloads\FRST64.exe
2014-01-25 18:54 - 2014-01-25 18:54 - 00000000 ___SH C:\DkHyperbootSync
2014-01-25 18:43 - 2014-01-25 18:43 - 00007077 _____ C:\Users\Jacob\Desktop\Attach.zip
2014-01-25 18:31 - 2014-01-25 18:31 - 00688992 ____R (Swearware) C:\Users\Jacob\Downloads\dds(1).com
2014-01-24 09:26 - 2014-01-25 18:23 - 00001418 _____ C:\Windows\PFRO.log
2014-01-20 02:11 - 2014-01-25 18:42 - 00052650 _____ C:\Users\Jacob\Desktop\Attach.txt
2014-01-20 02:08 - 2014-01-20 02:08 - 00688992 ____R (Swearware) C:\Users\Jacob\Downloads\dds.com
2014-01-19 21:18 - 2014-01-19 22:37 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-19 14:40 - 2014-01-19 14:42 - 00000000 ____D C:\Users\Jacob\Desktop\Desktopclone
2014-01-19 14:34 - 2014-01-19 14:34 - 00001109 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2014-01-19 14:34 - 2014-01-19 14:34 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2014-01-19 14:33 - 2014-01-19 14:33 - 02026456 _____ C:\Users\Jacob\Downloads\dixmlsetup.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 02:14 - 2014-01-19 02:15 - 29141928 _____ (Oracle Corporation) C:\Users\Jacob\Downloads\jre-7u51-windows-i586.exe
2014-01-19 02:13 - 2014-01-19 02:13 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-19 02:13 - 2014-01-19 02:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-18 23:50 - 2014-01-18 23:50 - 02628105 _____ C:\Users\Jacob\Downloads\K56CAAS208.zip
2014-01-18 23:50 - 2014-01-18 23:50 - 00000000 ____D C:\Users\Jacob\Downloads\K56CAAS208
2014-01-18 23:41 - 2013-12-07 00:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-18 23:41 - 2013-12-07 00:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 23:41 - 2013-12-06 23:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-18 23:41 - 2013-12-06 23:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-18 18:23 - 2014-01-18 18:23 - 00000000 _____ C:\Windows\setuperr.log
2014-01-18 18:23 - 2014-01-18 18:23 - 00000000 _____ C:\Windows\setupact.log
2014-01-18 17:04 - 2013-10-30 23:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-18 17:04 - 2013-10-30 23:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-18 17:04 - 2013-10-30 22:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-18 17:04 - 2013-10-30 21:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-18 17:04 - 2013-10-27 23:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-18 17:04 - 2013-10-27 22:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-18 17:04 - 2013-10-13 14:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-18 17:04 - 2013-08-26 23:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-18 17:04 - 2013-08-26 23:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-18 17:04 - 2013-08-26 16:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-18 17:04 - 2013-08-26 16:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-18 06:50 - 2014-01-18 06:50 - 00174118 _____ C:\Users\Jacob\Documents\cc_20140118_064957.reg
2014-01-18 06:45 - 2014-01-18 06:45 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-18 06:45 - 2014-01-18 06:45 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-18 06:45 - 2014-01-18 06:45 - 00000000 ____D C:\Program Files\CCleaner
2014-01-18 06:44 - 2014-01-18 06:44 - 04645232 _____ (Piriform Ltd) C:\Users\Jacob\Downloads\ccsetup409.exe
2014-01-18 05:00 - 2014-01-18 05:00 - 00000000 __SHD C:\found.025
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.024
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.023
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.022
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.021
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.020
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.019
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.018
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.017
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.016
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.015
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.014
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.013
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.012
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.011
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.010
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.009
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.008
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.007
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.006
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.005
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.004
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.003
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.002
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.001
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.000
2014-01-17 20:16 - 2014-01-18 06:49 - 00000000 ____D C:\Windows\Minidump
2014-01-17 20:13 - 2014-01-17 20:13 - 00002014 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-17 20:13 - 2014-01-17 20:13 - 00001954 _____ C:\Users\Public\Desktop\avast! Premier.lnk
2014-01-17 20:13 - 2014-01-17 20:12 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-17 20:12 - 2014-01-17 20:22 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-17 20:11 - 2014-01-17 20:11 - 00001731 _____ C:\Users\Jacob\Downloads\license(1).avastlic
2014-01-17 20:06 - 2014-01-17 20:06 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-17 20:06 - 2014-01-17 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-17 20:04 - 2014-01-17 20:04 - 00282992 _____ (Mozilla) C:\Users\Jacob\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:50 - 2014-01-17 19:50 - 00000000 __SHD C:\AI_RecycleBin
2014-01-17 19:20 - 2014-01-17 19:20 - 00019250 _____ C:\Users\Jacob\Desktop\122253.txt
2014-01-17 19:19 - 2014-01-17 19:19 - 00019250 _____ C:\ComboFix.txt
2014-01-17 19:08 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-17 19:08 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-17 19:08 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-17 19:08 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-17 19:07 - 2014-01-17 19:19 - 00000000 ____D C:\Qoobox
2014-01-17 19:06 - 2014-01-17 19:16 - 00000000 ____D C:\Windows\erdnt
2014-01-17 19:06 - 2014-01-17 19:06 - 05167985 ____R (Swearware) C:\Users\Jacob\Downloads\ComboFix.exe
2014-01-17 18:48 - 2014-01-17 18:48 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-17 18:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-17 18:13 - 2014-01-17 18:44 - 00000000 ____D C:\Windows\pss
2014-01-17 17:04 - 2014-01-17 17:04 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 17:03 - 2014-01-17 18:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 17:03 - 2014-01-17 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:59 - 2014-01-17 16:59 - 00000000 ____D C:\Users\Jacob\Desktop\Old Firefox Data
2014-01-17 02:28 - 2014-01-17 02:28 - 00001731 _____ C:\Users\Jacob\Downloads\license.avastlic
2014-01-15 01:02 - 2014-01-15 01:02 - 01115648 _____ C:\Users\Jacob\Downloads\ch02_1.ppt
2014-01-15 01:02 - 2014-01-15 01:02 - 01115648 _____ C:\Users\Jacob\Downloads\ch02.ppt
2014-01-15 01:02 - 2014-01-15 01:02 - 00566784 _____ C:\Users\Jacob\Downloads\ch01.ppt
2014-01-14 14:35 - 2014-01-14 14:36 - 78363976 _____ C:\Users\Jacob\Downloads\Chapter 1_Part1.wmv
2014-01-14 14:35 - 2014-01-14 14:35 - 02179584 _____ C:\Users\Jacob\Downloads\laudon_mis12_ppt01.ppt
2014-01-11 19:32 - 2014-01-11 19:32 - 30985988 _____ C:\Users\Jacob\Downloads\Intro.wmv
2014-01-10 19:58 - 2014-01-10 20:00 - 301681120 _____ C:\Users\Jacob\Downloads\Monstercat - Monstercat 006 - Embrace.zip
2014-01-08 02:16 - 2014-01-17 18:38 - 00000000 ____D C:\.jagex_cache_32
2014-01-08 02:16 - 2014-01-17 03:30 - 00000024 _____ C:\Users\Jacob\jagexappletviewer.preferences
2014-01-08 02:15 - 2014-01-08 02:15 - 00002082 _____ C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-01-08 02:15 - 2014-01-08 02:15 - 00002052 _____ C:\Users\Jacob\Desktop\RuneScape.lnk
2014-01-08 02:15 - 2014-01-08 02:15 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-01-08 02:12 - 2014-01-08 02:13 - 23805952 _____ C:\Users\Jacob\Downloads\RuneScape.msi
2014-01-07 20:18 - 2014-01-07 20:18 - 36152456 _____ (Amazon) C:\Users\Jacob\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-06 17:20 - 2014-01-06 17:20 - 00011019 _____ C:\Users\Jacob\Desktop\DCF analysis.xlsx
2014-01-04 03:04 - 2014-01-04 03:04 - 00000000 ____D C:\Users\Jacob\Desktop\New folder

==================== One Month Modified Files and Folders =======

2014-01-30 01:34 - 2014-01-30 01:34 - 00020461 _____ C:\Users\Jacob\Downloads\FRST.txt
2014-01-30 01:34 - 2014-01-30 01:34 - 00000000 ____D C:\FRST
2014-01-30 01:34 - 2013-12-22 20:33 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-30 01:34 - 2013-01-08 18:30 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-30 01:34 - 2013-01-08 18:30 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-01-30 01:34 - 2013-01-08 18:30 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-30 01:34 - 2013-01-08 18:30 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-30 01:34 - 2013-01-08 18:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-30 01:34 - 2013-01-08 18:30 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-30 01:32 - 2014-01-30 01:32 - 02079744 _____ (Farbar) C:\Users\Jacob\Downloads\FRST64.exe
2014-01-30 01:31 - 2013-01-08 16:35 - 01621683 _____ C:\Windows\WindowsUpdate.log
2014-01-30 01:29 - 2013-01-08 16:38 - 00000423 _____ C:\Users\Jacob\AppData\Roaming\sp_data.sys
2014-01-30 01:28 - 2013-01-08 18:30 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 01:28 - 2012-09-13 23:46 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-30 01:27 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 18:54 - 2014-01-25 18:54 - 00000000 ___SH C:\DkHyperbootSync
2014-01-25 18:43 - 2014-01-25 18:43 - 00007077 _____ C:\Users\Jacob\Desktop\Attach.zip
2014-01-25 18:42 - 2014-01-20 02:11 - 00052650 _____ C:\Users\Jacob\Desktop\Attach.txt
2014-01-25 18:40 - 2013-01-08 17:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 18:38 - 2012-09-13 23:46 - 00000870 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-25 18:31 - 2014-01-25 18:31 - 00688992 ____R (Swearware) C:\Users\Jacob\Downloads\dds(1).com
2014-01-25 18:23 - 2014-01-24 09:26 - 00001418 _____ C:\Windows\PFRO.log
2014-01-24 09:24 - 2012-07-25 23:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2014-01-24 09:10 - 2013-01-08 18:30 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 09:00 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-20 02:08 - 2014-01-20 02:08 - 00688992 ____R (Swearware) C:\Users\Jacob\Downloads\dds.com
2014-01-19 23:04 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 22:38 - 2012-07-26 01:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-19 22:37 - 2014-01-19 21:18 - 00000375 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-19 22:32 - 2013-09-23 15:41 - 00004986 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LONDONTREES-Jacob LondonTrees
2014-01-19 22:31 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-19 22:16 - 2013-01-08 16:45 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2308579379-1315925119-749045219-1001
2014-01-19 20:16 - 2013-06-17 09:30 - 00000000 ____D C:\Users\Jacob\Documents\My Phone
2014-01-19 16:32 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\WinStore
2014-01-19 14:42 - 2014-01-19 14:40 - 00000000 ____D C:\Users\Jacob\Desktop\Desktopclone
2014-01-19 14:34 - 2014-01-19 14:34 - 00001109 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2014-01-19 14:34 - 2014-01-19 14:34 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2014-01-19 14:33 - 2014-01-19 14:33 - 02026456 _____ C:\Users\Jacob\Downloads\dixmlsetup.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-19 02:18 - 2014-01-19 02:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-19 02:18 - 2013-09-17 14:08 - 00000000 ____D C:\ProgramData\Oracle
2014-01-19 02:15 - 2014-01-19 02:14 - 29141928 _____ (Oracle Corporation) C:\Users\Jacob\Downloads\jre-7u51-windows-i586.exe
2014-01-19 02:13 - 2014-01-19 02:13 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-19 02:13 - 2014-01-19 02:13 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-18 23:50 - 2014-01-18 23:50 - 02628105 _____ C:\Users\Jacob\Downloads\K56CAAS208.zip
2014-01-18 23:50 - 2014-01-18 23:50 - 00000000 ____D C:\Users\Jacob\Downloads\K56CAAS208
2014-01-18 18:23 - 2014-01-18 18:23 - 00000000 _____ C:\Windows\setuperr.log
2014-01-18 18:23 - 2014-01-18 18:23 - 00000000 _____ C:\Windows\setupact.log
2014-01-18 07:00 - 2013-01-08 16:35 - 00000000 ____D C:\Users\Jacob\AppData\Local\Packages
2014-01-18 07:00 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-18 06:50 - 2014-01-18 06:50 - 00174118 _____ C:\Users\Jacob\Documents\cc_20140118_064957.reg
2014-01-18 06:49 - 2014-01-17 20:16 - 00000000 ____D C:\Windows\Minidump
2014-01-18 06:49 - 2013-06-30 21:09 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-18 06:49 - 2012-08-01 20:20 - 00000000 ____D C:\Windows\Panther
2014-01-18 06:45 - 2014-01-18 06:45 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-18 06:45 - 2014-01-18 06:45 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-18 06:45 - 2014-01-18 06:45 - 00000000 ____D C:\Program Files\CCleaner
2014-01-18 06:44 - 2014-01-18 06:44 - 04645232 _____ (Piriform Ltd) C:\Users\Jacob\Downloads\ccsetup409.exe
2014-01-18 05:09 - 2013-10-18 02:37 - 00000000 ____D C:\Program Files (x86)\Image-Line
2014-01-18 05:00 - 2014-01-18 05:00 - 00000000 __SHD C:\found.025
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.024
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.023
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.022
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.021
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.020
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.019
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.018
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.017
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.016
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.015
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.014
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.013
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.012
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.011
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.010
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.009
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.008
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.007
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.006
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.005
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.004
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.003
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.002
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.001
2014-01-18 04:51 - 2014-01-18 04:51 - 00000000 __SHD C:\found.000
2014-01-18 01:01 - 2013-03-11 14:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-17 20:22 - 2014-01-17 20:12 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-17 20:13 - 2014-01-17 20:13 - 00002014 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-17 20:13 - 2014-01-17 20:13 - 00001954 _____ C:\Users\Public\Desktop\avast! Premier.lnk
2014-01-17 20:12 - 2014-01-17 20:13 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-01-17 20:11 - 2014-01-17 20:11 - 00001731 _____ C:\Users\Jacob\Downloads\license(1).avastlic
2014-01-17 20:06 - 2014-01-17 20:06 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-17 20:06 - 2014-01-17 20:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-17 20:06 - 2013-12-20 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-17 20:04 - 2014-01-17 20:04 - 00282992 _____ (Mozilla) C:\Users\Jacob\Downloads\Firefox Setup Stub 26.0.exe
2014-01-17 19:58 - 2013-05-04 14:21 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-17 19:56 - 2013-05-14 11:59 - 00000000 ____D C:\Users\Jacob\AppData\Local\Deployment
2014-01-17 19:56 - 2013-05-14 11:59 - 00000000 ____D C:\Users\Jacob\AppData\Local\Apps\2.0
2014-01-17 19:51 - 2012-09-13 23:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-17 19:50 - 2014-01-17 19:50 - 00000000 __SHD C:\AI_RecycleBin
2014-01-17 19:50 - 2013-07-30 01:00 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2014-01-17 19:47 - 2013-10-18 02:43 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2014-01-17 19:47 - 2013-10-18 02:42 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-01-17 19:47 - 2013-10-18 02:42 - 00000000 ____D C:\Program Files\Image-Line
2014-01-17 19:47 - 2013-10-18 02:42 - 00000000 ____D C:\Program Files (x86)\DSPRobotics
2014-01-17 19:20 - 2014-01-17 19:20 - 00019250 _____ C:\Users\Jacob\Desktop\122253.txt
2014-01-17 19:19 - 2014-01-17 19:19 - 00019250 _____ C:\ComboFix.txt
2014-01-17 19:19 - 2014-01-17 19:07 - 00000000 ____D C:\Qoobox
2014-01-17 19:19 - 2013-08-15 02:27 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 19:19 - 2012-07-25 23:37 - 00000000 __RHD C:\Users\Default
2014-01-17 19:17 - 2013-01-09 18:24 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 19:16 - 2014-01-17 19:06 - 00000000 ____D C:\Windows\erdnt
2014-01-17 19:16 - 2012-07-25 23:26 - 00000215 _____ C:\Windows\system.ini
2014-01-17 19:06 - 2014-01-17 19:06 - 05167985 ____R (Swearware) C:\Users\Jacob\Downloads\ComboFix.exe
2014-01-17 18:48 - 2014-01-17 18:48 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-17 18:48 - 2014-01-17 17:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-17 18:44 - 2014-01-17 18:13 - 00000000 ____D C:\Windows\pss
2014-01-17 18:42 - 2013-01-08 16:35 - 00000000 ____D C:\Users\Jacob
2014-01-17 18:38 - 2014-01-08 02:16 - 00000000 ____D C:\.jagex_cache_32
2014-01-17 18:38 - 2012-09-13 23:52 - 00000000 ____D C:\ProgramData\P4G
2014-01-17 18:38 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2014-01-17 18:38 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\WinMetadata
2014-01-17 18:37 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\registration
2014-01-17 18:36 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\Sysprep
2014-01-17 17:04 - 2014-01-17 17:04 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 17:03 - 2014-01-17 17:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-17 16:59 - 2014-01-17 16:59 - 00000000 ____D C:\Users\Jacob\Desktop\Old Firefox Data
2014-01-17 03:37 - 2013-08-26 17:10 - 00000024 _____ C:\Users\Jacob\random.dat
2014-01-17 03:30 - 2014-01-08 02:16 - 00000024 _____ C:\Users\Jacob\jagexappletviewer.preferences
2014-01-17 03:29 - 2013-08-26 17:10 - 00000044 _____ C:\Users\Jacob\jagex_cl_runescape_LIVE.dat
2014-01-17 02:28 - 2014-01-17 02:28 - 00001731 _____ C:\Users\Jacob\Downloads\license.avastlic
2014-01-15 01:02 - 2014-01-15 01:02 - 01115648 _____ C:\Users\Jacob\Downloads\ch02_1.ppt
2014-01-15 01:02 - 2014-01-15 01:02 - 01115648 _____ C:\Users\Jacob\Downloads\ch02.ppt
2014-01-15 01:02 - 2014-01-15 01:02 - 00566784 _____ C:\Users\Jacob\Downloads\ch01.ppt
2014-01-14 14:36 - 2014-01-14 14:35 - 78363976 _____ C:\Users\Jacob\Downloads\Chapter 1_Part1.wmv
2014-01-14 14:35 - 2014-01-14 14:35 - 02179584 _____ C:\Users\Jacob\Downloads\laudon_mis12_ppt01.ppt
2014-01-11 19:32 - 2014-01-11 19:32 - 30985988 _____ C:\Users\Jacob\Downloads\Intro.wmv
2014-01-10 20:00 - 2014-01-10 19:58 - 301681120 _____ C:\Users\Jacob\Downloads\Monstercat - Monstercat 006 - Embrace.zip
2014-01-09 02:02 - 2013-11-19 01:38 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 02:02 - 2013-11-19 01:38 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-08 02:15 - 2014-01-08 02:15 - 00002082 _____ C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-01-08 02:15 - 2014-01-08 02:15 - 00002052 _____ C:\Users\Jacob\Desktop\RuneScape.lnk
2014-01-08 02:15 - 2014-01-08 02:15 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-01-08 02:15 - 2013-08-26 17:10 - 00000000 ____D C:\Users\Jacob\jagexcache
2014-01-08 02:13 - 2014-01-08 02:12 - 23805952 _____ C:\Users\Jacob\Downloads\RuneScape.msi
2014-01-07 20:18 - 2014-01-07 20:18 - 36152456 _____ (Amazon) C:\Users\Jacob\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-06 17:20 - 2014-01-06 17:20 - 00011019 _____ C:\Users\Jacob\Desktop\DCF analysis.xlsx
2014-01-04 03:04 - 2014-01-04 03:04 - 00000000 ____D C:\Users\Jacob\Desktop\New folder
2014-01-04 02:49 - 2013-06-11 02:06 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Skype

Files to move or delete:
====================
C:\Users\Jacob\jagex_cl_runescape_LIVE.dat
C:\Users\Jacob\MTGOinstall.exe
C:\Users\Jacob\random.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-17 05:37

==================== End Of Log ============================

 

 

 

 

Addition log:

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Jacob at 2014-01-30 01:35:55
Running from C:\Users\Jacob\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ASUS InstantOn (x32 Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (x32 Version: 3.1.5 - ASUS)
ASUS Live Update (x32 Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (x32 Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.03.0004 - ASUS)
ASUS Tutor (x32 Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (x32 Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (x32 Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (x32 Version: 2.0.10.168 - ASUSTEK)
ATK Package (x32 Version: 1.0.0022 - ASUS)
avast! Premier (x32 Version: 9.0.2013 - Avast Software)
CCleaner (Version: 4.09 - Piriform)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DriveImage XML (Private Edition) (x32 Version: 2.50.000 - Runtime Software)
ExpressCache (Version: 1.0.86 - Diskeeper Corporation)
Fraps (remove only) (x32 Version:  - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (x32 Version: 6.0.5.1080 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Start Technology (x32 Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
Qualcomm Atheros Client Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.3 (x32 Version: 1.2.3 - Jagex Ltd)
Secure Download Manager (x32 Version: 3.1.01 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Stronghold Kingdoms (x32 Version: 1.17 - Firefly Studios)
System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)
The Elder Scrolls III: Morrowind (x32 Version:  - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinFlash (x32 Version: 2.41.1 - ASUS)

==================== Restore Points  =========================

17-01-2014 08:28:51 avast! antivirus system restore point
19-01-2014 08:17:38 Installed Java 7 Update 51
30-01-2014 07:30:09 avast! antivirus system restore point

==================== Hosts content: ==========================

2012-07-25 23:26 - 2014-01-17 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {091EB309-7122-4875-8EEF-226B35DB8254} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {094B89A7-BA4A-471B-A69B-F254F490BDE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {0AD70522-9982-4179-AC57-4187CD8846C1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {30CC698E-B611-4B78-B888-9C9A6EF3E65A} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {4F03C9CE-154C-4F6F-9FA0-DE359CB01DE1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {57AC68E0-5AB3-431A-BD1E-73C56FD59F58} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {62051931-1C5A-487E-AE0F-E6D37B7F4745} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-11-02] (Microsoft Corporation)
Task: {67CDB6F8-201D-4D49-9A05-AD7EC4F10E12} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {6D616F9F-BC42-497A-94FC-841186CB9D6B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-30] (AVAST Software)
Task: {965804CD-7807-426F-A960-BFE1CCCC3BA1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {965A08C1-9782-4E3E-8EDE-6ED660F664C6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LONDONTREES-Jacob LondonTrees => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-18] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AAC9D524-C6B3-4236-AD9C-868005E4C423} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-08] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C99D5598-B6EC-413E-BFB1-A0AA8504EC60} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F1D54284-8E47-4808-A28C-A7F2ADF27877} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2014-01-18 00:50 - 2014-01-18 00:50 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-07-26 01:58 - 2012-07-26 01:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-01-25 18:26 - 2014-01-25 11:46 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012501\algo.dll
2014-01-30 01:34 - 2014-01-29 12:47 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012901\algo.dll
2012-08-24 18:17 - 2012-08-24 18:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-10-21 15:22 - 2013-10-21 15:22 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-17 20:06 - 2013-12-05 13:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-09-13 23:46 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter_03
Description: Microsoft Virtual WiFi Miniport Adapter_03
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 6029.78 MB
Available physical RAM: 4384.92 MB
Total Pagefile: 12173.78 MB
Available Pagefile: 10478.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:156.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:398.18 GB) (Free:397.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: CC1AD6D4)

Partition: GPT Partition Type
==================== End Of Log ============================


Edited by Remtheta, 30 January 2014 - 02:46 AM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 30 January 2014 - 09:22 AM

Greetings Jacob and welcome.

We are going to do a lot in this first post.

Since it has been a few days since you posted could you give me an update on what you are experiencing today?

Please do these things for me.

===================================================

Obtaining Current ComboFix.txt

--------------------

Please copy and paste the contents of the following file in your reply.
 

C:\ComboFix.txt


===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Uploading Minidump File

--------------------
  • Using Windows Explorer please navigate to the following location and locate the most recently dated file:

C:\Windows\Minidump\

  • Attach the file to your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
C:\Windows\MinidumpSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Jacob\jagex_cl_runescape_LIVE.dat
C:\Users\Jacob\MTGOinstall.exe
C:\Users\Jacob\random.dat
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
narcpi_wfp.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recap
  • Combofix log
  • BlueScreen View
  • Minidump file (attached)
  • FRST reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 30 January 2014 - 09:04 PM

Hello,

 

My computer is not acting the exact same as it was a week ago. I havn't been on it much since I posted here. I am no longer getting the dll error messages. And although I havn't been using it much at all, I have not had another blue screen error. Firefox froze up the other day. The only other problem that is consistent is when I try to power the computer off it will go through as if it is shutting down, only to reboot itself. So I now have to force it to shut off by holding down the power button. Also, last night, instead of shutting it down, I closed the lid and the fan kept running and it was really loud. Usually when I close the lid the computer goes to sleep or hibernates, whichever. The lid was left closed for at least an hour, and it still was running loudly, so I forced it to shutdown.

 

I began to follow your new set of instructions and was able to locate the combofix file. I've included this log below. However, Once I moved on to the next step, I encountered a problem. I downloaded the bluescreen program as you instructed, and followed the steps you outlined for the first few prompts I was given, but instead of being brought to a scan, I simply get a prompt that says the installation was sucessfull. On this screen I am given two checkboxes, one is to launch bluescreenview (which is checked) and the other is something about a readme (which is left unchecked). I click finish and am brought to the following screen: http://imgur.com/9tPZBAK (I tried to paste the screenshot here but was told the format was not accepted here)

 

 

Your instructions says "when the scan is complete, select edit and select all". "Then click file and save selected items". However, once I select edit and select all, and click on file, the option to save selected items is not in bold. I am not able to select it. I also never saw a scan start or end, I just get brought to this screen. I didn't want to move on to the next set of instructions until I was sure this was being done correctly.

 

Also, I would like to apologize if my responses are not as quick as you like, I am struggling to balance work and university this week. However, I will have completed much of my current projects moving into Friday and Saturday. I will then be able to check much more frequently and respond much faster. Thank you for the help.

 

 

 

 

ComboFix 14-01-16.03 - Jacob 01/17/2014  19:10:16.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6030.4034 [GMT -6:00]
Running from: c:\users\Jacob\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-18 to 2014-01-18  )))))))))))))))))))))))))))))))
.
.
2014-01-18 01:16 . 2014-01-18 01:16    --------    d-----w-    c:\users\Jacob\AppData\Local\temp
2014-01-18 01:16 . 2014-01-18 01:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-18 01:00 . 2014-01-18 01:00    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2014-01-18 00:48 . 2013-04-04 20:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-17 23:04 . 2014-01-17 23:04    --------    d-----w-    c:\users\Jacob\AppData\Roaming\Malwarebytes
2014-01-17 23:03 . 2014-01-17 23:03    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-17 23:03 . 2014-01-18 00:48    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-08 08:16 . 2014-01-18 00:38    --------    d-----w-    C:\.jagex_cache_32
2014-01-08 02:18 . 2014-01-08 02:19    --------    d-----w-    c:\users\Jacob\AppData\Local\Amazon Cloud Player
2013-12-23 02:33 . 2013-12-23 02:33    79672    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2013-12-21 08:09 . 2013-12-21 08:10    --------    d-----w-    c:\users\Jacob\AppData\Local\Skyrim
2013-12-21 06:55 . 2013-12-21 06:55    --------    d-----w-    c:\programdata\NVIDIA
2013-12-21 06:04 . 2013-12-21 06:04    225656    ----a-w-    c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 01:01 . 2013-01-08 22:38    423    ----a-w-    c:\users\Jacob\AppData\Roaming\sp_data.sys
2013-12-23 02:33 . 2013-03-04 02:34    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-23 02:33 . 2013-01-09 00:30    422216    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-12-23 02:33 . 2013-01-09 00:30    1034464    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-23 02:33 . 2013-01-09 00:30    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-23 02:33 . 2013-01-09 00:30    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2013-12-23 02:33 . 2013-01-09 00:30    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-15 09:54 . 2013-01-10 00:24    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 06:53 . 2013-03-11 20:22    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-09 11:08 . 2013-12-09 11:09    36560    ----a-w-    c:\windows\system32\drivers\narcpi_wfp.sys
2013-12-04 00:53 . 2013-11-19 07:38    78304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2013-11-19 07:38    694240    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 06:43 . 2013-12-10 22:01    420864    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-10 22:01    368640    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-20 09:34 . 2013-11-20 09:34    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-06 23:18 . 2013-12-10 22:01    4036608    ----a-w-    c:\windows\system32\win32k.sys
2013-11-04 23:09 . 2013-11-04 23:09    21    ----a-w-    c:\users\Jacob\AppData\Roaming\my_intel.sys
2013-11-01 05:38 . 2013-12-10 22:01    312320    ----a-w-    c:\windows\system32\msieftp.dll
2013-11-01 03:49 . 2013-12-10 22:01    273408    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-21 21:22 . 2013-03-04 02:34    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 21:22 . 2013-01-09 00:30    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-11 20:26    220632    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Amazon Cloud Player"="c:\users\Jacob\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-23 3764024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DptfParticipantProcessorService;Intel® Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\system32\DptfParticipantProcessorService.exe;c:\windows\SYSNATIVE\DptfParticipantProcessorService.exe [x]
S2 DptfPolicyConfigTDPService;Intel® Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\system32\DptfPolicyConfigTDPService.exe;c:\windows\SYSNATIVE\DptfPolicyConfigTDPService.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevDram.sys [x]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevFan.sys [x]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevGen.sys [x]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevPch.sys [x]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys;c:\windows\SYSNATIVE\DRIVERS\DptfDevProc.sys [x]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys;c:\windows\SYSNATIVE\DRIVERS\DptfManager.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\System32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 02:10    1210320    ----a-w-    c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04    215416    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 22:40]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 00:30]
.
2014-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 00:30]
.
2014-01-18 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
2014-01-14 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 18:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-11 20:26    244696    ----a-w-    c:\users\Jacob\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-12-11 06:54    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-12-23 02:33    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23    1500672    ----a-w-    c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]
"DptfPolicyLpmServiceHelper"="c:\windows\system32\DptfPolicyLpmServiceHelper.exe" [2012-07-30 21888]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-25 107192]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: lavistakeno.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {7B43048F-DA7A-458F-AF35-D825BDBB6816} - hxxp://68.226.76.80/codebase/NetVideoOCX.cab
FF - ProfilePath - c:\users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\7e2sijlt.default-1386588755045\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-01-17  19:18:59
ComboFix-quarantined-files.txt  2014-01-18 01:18
.
Pre-Run: 180,301,697,024 bytes free
Post-Run: 179,961,606,144 bytes free
.
- - End Of File - - D7685CFF1D28C9F23148F5B6F2B617A0
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 30 January 2014 - 09:18 PM

You are doing great. Don't worry about delays, take care of priorities first.

It appears there are no Blue Screen entries to review. Please go ahead and continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 30 January 2014 - 09:20 PM

Thanks. Heading back into work for a few hours now. I will continue on with your instructions once I arrive home.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 30 January 2014 - 09:21 PM

Take your time and thanks for being so considerate.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 01 February 2014 - 01:31 AM

When I navigated to the minidump file location you provided, I was prompted with a message that said I didn't have permission to access this file and it asked if I would like to grant permission; I said yes. The minidump folder is empty.

 

Here is the FRST report:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 02
Ran by Jacob at 2014-02-01 00:24:15 Run:1
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
C:\Windows\MinidumpSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Jacob\jagex_cl_runescape_LIVE.dat
C:\Users\Jacob\MTGOinstall.exe
C:\Users\Jacob\random.dat
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\C:\Windows\Minidump{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCR\CLSID\C:\Windows\Minidump{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"C:\Windows\MinidumpSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =" => File/Directory not found.
C:\Users\Jacob\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Jacob\MTGOinstall.exe => Moved successfully.
C:\Users\Jacob\random.dat => Moved successfully.

==== End of Fixlog ====

 

 

 

 

 

Here is the second FRST report (search):

 

 

 

Farbar Recovery Scan Tool (x64) Version: 01-02-2014 02
Ran by Jacob at 2014-02-01 00:27:32
Running from C:\Users\Jacob\Desktop
Boot Mode: Normal

================== Search: "narcpi_wfp.sys" ===================

C:\Windows\System32\Drivers\narcpi_wfp.sys
[2013-12-09 05:09] - [2013-12-09 05:08] - 0036560 ____A () D53EA51AFC13AF162DA1C361040CBD27

====== End Of Search ======



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 01 February 2014 - 11:26 AM

Thanks for the information. I want to check the validity of a file and also check to see if your power setting relating to closing the lid have been changed.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\System32\Drivers\narcpi_wfp.sys

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Checking Power Setting Options Windows 8 - Vista

--------------------
  • Right click on the battery icon in the lower right corner of your screen
  • Select Power Options
  • Click Choose what closing the lid does
  • Verify the settings you desire
  • Modify the settings as necessary then click Save changes
  • Monitor your computer behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • Were your power settings set correctly?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Remtheta

Remtheta
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 01 February 2014 - 07:03 PM

Virustotal Online Virus Scanner:

 

The file C:\Windows\System32\Drivers\narcpi_wfp.sys does not show up when I search for it using the VirusTotal choose file button. Here is an image of the location using their choose file option: http://i.imgur.com/sUShoP7.png As you can see, there are a number of files, but not the ones you requested. However, when I search for it using windows explorer on my computer, I am able to locate it, along with many more files that how up in the folder.

 

I also clicked the choose file button again and pasted the file path location into the window to browse for these files in OS(C:) and was prompted with a message saying "You can't open this location using this program. Please try a different location". I tried using Chrome, and even ran Firefox as administrator; the file still didn't show up in that folder.

 

 

Checking Power Setting Options Windows 8 - Vista

 

After following your instructions to determine my power options, it appears that all settings are in-line with what I've always had: http://i.imgur.com/8PYLkCc.png

These are my desired settings.

 

 

.


Edited by Remtheta, 01 February 2014 - 07:05 PM.


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:37 PM

Posted 02 February 2014 - 06:49 PM

I apologize for the delay. I thought I had already posted these instructions but I apparently didn't.

Please attempt to have the file scanned this way.

===================================================

Jotti's Online Virus Scanner

--------------------
  • Please go to online Jotti Virus Scanner virus.gif<--link
  • Browse to the following filepaths

C:\Windows\System32\Drivers\narcpi_wfp.sys

  • Click on the Clipboard021.jpg button. The scanner will check the file with various AV companies.
  • Once completed, please copy and paste the link in the address bar in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Jotti link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users